Anthropic has just alleged that three Chinese AI firms—DeepSeek, Moonshot AI and MiniMax—used over 24,000 fake accounts to siphon Claude’s model outputs, creating a distilled copy of its advanced reasoning and coding abilities. The claim spotlights a covert data‑theft method that could sidestep hardware export limits, and it raises urgent questions for anyone relying on AI model integrity.
Key Players and the Alleged Scheme
DeepSeek, Moonshot AI and MiniMax are accused of generating millions of interactions with Claude through fabricated accounts. According to Anthropic’s internal logs, the three labs produced roughly 16 million exchanges, deliberately targeting Claude’s strongest features: agentic reasoning, tool use and code generation.
Scale of the Alleged Harvest
- DeepSeek – over 150,000 exchanges, focusing on coding performance.
- Moonshot AI – more than 3.4 million interactions, emphasizing reasoning, data analysis and computer‑vision.
- MiniMax – roughly 13 million exchanges, centered on agentic coding and workflow orchestration.
What Distillation Really Means
In AI research, distillation lets a smaller model learn to imitate a larger one by studying its outputs. While the technique is legitimate, Anthropic says the three Chinese labs turned it into industrial espionage—feeding Claude massive prompt‑response data without permission and training their own models on that proprietary behavior.
How Fake Accounts Evaded Claude’s Safeguards
The fabricated users posed queries that would normally trigger Claude’s policy filters, such as requests involving policy‑sensitive content or “censorship‑safe” workarounds. By slipping past the guardrails, the labs harvested Claude’s internal reasoning pathways, enabling a distilled model that inherits sophisticated capabilities while sidestepping safety controls.
Implications for AI Export Controls
If you’re developing AI solutions, you’ll need to consider that data‑theft could bypass hardware‑level export restrictions. The allegation suggests a covert route for technology transfer that doesn’t rely on physical chips, potentially intensifying calls for stricter export regulations on high‑end AI hardware.
Anthropic’s Defensive Measures
Anthropic says it is already bolstering its defenses. The company announced plans to invest in watermarking and other detection tools designed to flag when a model has been trained on Claude’s outputs. It also urged cloud providers, policymakers and the broader AI ecosystem to coordinate a response against large‑scale distillation attacks.
Expert Insight on Model Theft
Security researchers warn that the alleged misuse blurs the line between open‑source innovation and intellectual‑property protection. Robust watermarking and provenance tracking are poised to become essential if the community wants to keep a lid on covert model copying.
Potential Market Fallout
Venture capital has poured billions into Chinese AI start‑ups, betting on rapid iteration and cost‑effective models. If investors perceive a high risk of legal action or reputational damage, funding may shift toward firms that adopt stricter data‑use policies, reshaping the competitive landscape.
Looking Ahead: Safeguarding AI Innovation
The AI community faces a pivotal moment. While model distillation can accelerate research, unauthorized data harvesting threatens the incentive structure for frontier AI development. Stakeholders will need to act quickly—whether through stronger watermarking, clearer policy guidelines or collaborative monitoring—to ensure that the race for more capable systems remains fair and secure.
