Anthropic Tells Congress Alibaba Siphoned AI Data in Massive
The San Francisco-based developer alleges that operators linked to the Chinese tech giant used thousands of accounts to harvest proprietary model logic.
World correspondent
Reports on international affairs, diplomacy, and humanitarian developments with an emphasis on official statements, multilateral institutions, and regional context.
Editorial responsibility: Lead reviewer for geopolitics, international institutions, and crisis coverage
Primary source: BBC World News. Full source links and update notes are below.
Fast summary
Start here
- Anthropic alleges Alibaba-linked operators used thousands of fraudulent accounts to carry out 29 million exchanges with its Claude AI model.
- The company claims these 'distillation attacks' allow competitors to train weaker models using data harvested from more advanced US systems.
- Anthropic has urged the US Congress to penalize firms behind such attacks and strengthen protections against the export of proprietary AI research.

What happened
Anthropic has accused Alibaba-linked operators of carrying out a large-scale effort to extract capabilities from its Claude AI model, telling members of the U.S. Congress that the operation involved roughly 29 million exchanges conducted through fraudulent accounts. The company describes the activity as a "distillation attack," a term used in AI to describe attempts to reproduce the behavior of a stronger model by repeatedly querying it and using the outputs to train a weaker competing system.
The allegation matters because it shifts a technical security concern into the center of U.S.-China strategic competition over AI. Anthropic is not merely saying its systems were abused. It is arguing that proprietary model behavior, developed through immense investment, may have been harvested at industrial scale by actors tied to a major Chinese technology company.
What Anthropic is alleging
According to the source reporting, Anthropic described a campaign that relied on thousands of fake accounts and massive query volume to pull information from Claude. The company's claim is that these repeated interactions were not ordinary misuse by individual users but a coordinated effort to observe how Claude responds to complex prompts, long-form reasoning tasks, and decision-making scenarios.
That distinction is important. AI companies expect some level of prompt probing, reverse engineering, and benchmarking from users and rivals. What Anthropic appears to be alleging is something larger: the systematic extraction of enough outputs to imitate model capabilities at scale. If accurate, that moves the issue from routine platform abuse into the realm of trade-security and cyber-policy enforcement.
Why distillation attacks matter
Distillation is not inherently illegitimate in machine learning. Researchers often use it internally to transfer performance from larger systems to smaller ones. The problem arises when the source model is accessed without permission and its outputs are harvested in bulk to recreate commercial value outside the original developer's control. In Anthropic's framing, that means billions of dollars of U.S. research and compute spending can effectively subsidize a rival if protections are weak.
This is one of the hardest security problems in frontier AI because model outputs are the product. A company can lock down weights, training data, and infrastructure, but once a powerful system is made available through an interface, repeated querying can still reveal valuable patterns. That makes industrial-scale extraction difficult to stop completely through traditional account controls alone.
The geopolitical backdrop
The allegation lands in an already tense environment shaped by export controls, blacklist disputes, and wider U.S. concern over advanced Chinese technology development. Alibaba has faced scrutiny from American officials before, and Anthropic's decision to take its complaint directly to Congress ensures the issue will be interpreted not only as a private commercial dispute, but also as part of a broader national-security conversation.
That political framing could have serious consequences. Once an AI company asks Congress to impose penalties and tighten protections, the dispute expands beyond technical evidence and platform abuse. It becomes a policy test for how aggressively the U.S. wants to defend model capabilities as strategically sensitive assets.
Background and context
Anthropic is not the first frontier lab to warn that foreign groups may be attempting to harvest outputs from major U.S. AI models. Similar concerns have surfaced across the industry as labs release increasingly capable systems through APIs and chat interfaces. The more advanced those models become, the more incentive rivals have to reproduce some of their behavior without bearing the full cost of training and safety development.
That is why the Anthropic Alibaba accusation resonates beyond the names involved. It highlights a structural weakness in the business model of accessible AI services: the same openness that enables adoption also creates a surface for extraction.
What to watch next
The next critical questions are whether Anthropic publishes more technical evidence, how Alibaba responds to the accusation, and whether Congress treats model-distillation attacks as a category requiring new law or new enforcement tools. Watch also for other labs to make similar claims. If they do, the industry may push much harder for identity controls, access restrictions, and new export-protection mechanisms around frontier model APIs.
Why this matters
The Anthropic accusation matters because it frames AI model extraction as both a cybersecurity problem and a geopolitical one, raising the stakes for how U.S. labs protect commercial model behavior from foreign competitors and how governments define theft in the age of generative AI.
Why it matters
The allegation highlights the intensifying geopolitical competition over AI supremacy and the technical vulnerabilities US firms face from state-linked, industrial-scale extraction.
Read next
Follow this story through the topic hub, more world coverage, and the latest updates.
Weekly briefing
Get the week's key developments in one concise email.
Get a fast catch-up on the biggest stories, the context behind them, and the links worth your time.
Cadence
Weekly, for a quick catch-up
Coverage
AI, business, world, security, sports
Format
Clear takeaways and useful context
Request the briefing
Leave your email to open a prepared request and get on the list for the weekly briefing.
About the byline
World correspondent
Leila Haddad covers world affairs, diplomacy, and humanitarian crises, with a focus on how fast-moving international developments affect public policy, conflict response, and cross-border institutions.
Sources and methodology