NewsAI SecurityModel DistillationAlibaba

Anthropic Accuses Alibaba of Massive AI Model Theft

The US company claims Alibaba's Qwen lab conducted 28.8 million queries using fake accounts to extract Claude's capabilities. It marks the first public accusation of this scale.

28.8 million queries via 25,000 fake accounts

Anthropic Accuses Alibaba of Massive AI Model Theft

Anthropic has accused Alibaba of a massive AI model theft in a letter to US senators. According to the company, Alibaba's Qwen lab orchestrated a coordinated distillation attack between April 22 and June 5, 2026, using approximately 25,000 fake accounts that generated over 28.8 million interactions with Claude's API. The goal, Anthropic alleges, was to extract Claude's advanced coding capabilities and use them to improve Alibaba's own Qwen models.

Key Facts

  • 28.8 million queries via 25,000 fake accounts over 6 weeks – averaging roughly 1,152 queries per account
  • Anthropic accused Alibaba in a letter dated June 10, 2026, which became public around June 24-25
  • The attacks remained undetected because individual accounts stayed below standard rate limits (approximately 26 queries per day per account)
  • No public response from Alibaba; no regulatory action announced so far

How Distillation Attacks Work

Model distillation sounds innocuous until weaponized at scale. The technique: feed a powerful AI model carefully crafted prompts, collect the responses, and use those answers as training data for your own, cheaper model. The student learns from the teacher's answers without accessing the teacher's training data.

What made Alibaba's alleged attack particularly sophisticated was concealment through distribution. By spreading queries across thousands of accounts, each individual activity remained below the thresholds that trigger automated alarms. What amounts to massive data theft in aggregate looked like normal usage in detail.

The Geopolitical Backdrop

Anthropic's accusations don't exist in a vacuum. The company deliberately addressed its letter to US Senators Tim Scott and Elizabeth Warren – a conscious escalation signaling this is not merely a business dispute but also a geopolitical narrative. The disclosure went public around June 24-25 after Reuters and other outlets reported it.

Alibaba has not publicly responded to the allegations. The Qwen lab is one of Alibaba's flagship AI initiatives and has gained significant traction in the open-source community and commercial applications. If the distillation allegations hold, it would suggest that at least some of Qwen's recent performance improvements stem not from independent research but from systematic extraction of competitors' proprietary capabilities.

Industry Implications

For Anthropic, the disclosure cuts both ways. Admitting that nearly 29 million queries went undetected raises questions about security infrastructure. Yet positioning itself as a victim of a foreign competitor's attack could justify regulatory protection.

The broader AI industry should pay attention: If the largest AI companies cannot detect a six-week, 28.8-million-query extraction campaign in real time, the question of defensive capability against such attacks needs fundamental rethinking.

What This Means for German Companies

German AI providers and users should take this seriously. It demonstrates that distillation attacks at industrial scale are feasible and that conventional security measures may not suffice. For companies training their own models or consuming APIs, this means: monitoring, rate-limiting, and anomaly detection require recalibration. Equally important: protecting AI models is becoming a geopolitical issue with consequences for European regulation and compliance.

Sources

Editorially owned by Ideal Syka. Sources and method: Newsroom & method. Tips and corrections: ai@i6eal.de.

Share
← All articles

All analyses are based on i6eal's own measurements or on clearly labelled sources. Figures are snapshots and may change; corrections are disclosed transparently.