Anthropic says Alibaba used 25,000 fake accounts to query Claude 28.8 million times and train Qwen off the results

Anthropic has accused Chinese tech giant Alibaba of carrying out the largest known distillation attack on the company to date. In a letter dated June 10 and sent to US Senators Tim Scott and Elizabeth Warren, Anthropic alleged that operators affiliated with Alibaba and its Qwen AI lab generated more than 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts between April 22 and June 5, 2026.

A distillation attack, also known as a model extraction attack, involves querying a rival AI model at an industrial scale and using its outputs to train a smaller, less capable model. The attacker interacts with the target system like an ordinary user but with millions of carefully crafted prompts designed to extract its most valuable capabilities. Crucially, this does not mean Alibaba obtained Claude's source code, model weights, or original training data. The alleged campaign instead involved collecting Claude's responses at scale and using them as training material.

According to Anthropic, the campaign was specifically designed to help Alibaba's Qwen model approach the capabilities of Anthropic's frontier Mythos Preview model, which focuses on advanced coding, multi-step reasoning, and cybersecurity tasks. Anthropic alleged that the Chinese government was complicit in the effort and described distillation attacks as turning hundreds of billions of dollars in American AI investment into a subsidy for geopolitical competitors.

2

Shortly after submitting its letter, Anthropic faced new export controls from the US Commerce Department on its Mythos and Fable AI models. The action was taken due to concerns in Washington about potential use by the Chinese military and intelligence. In response, Anthropic suspended global access to both models and is now working with federal authorities to address the situation.

Alibaba has not responded to requests for comment.