Between April 22 and June 5, operators affiliated with Alibaba and its AI lab Qwen generated more than 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts, Anthropic told senators Tim Scott and Elizabeth Warren in a June 10 letter. The targets were Claude’s agentic reasoning, software engineering, and long-horizon tasks. Alibaba evaded detection using obfuscation techniques and proxy networks, Anthropic said.
That’s what distillation actually costs US AI companies. Anthropic’s framing: these attacks “turn hundreds of billions of dollars in American investment and R&D into a massive subsidy for our geopolitical competitors.” A “growing circumvention economy” is already fueling future attacks, the company warned.
The timing makes Alibaba’s alleged campaign particularly brazen. It ran after Trump’s April memo warning that AI model cloning was “unacceptable.” Alibaba is NYSE-listed, is simultaneously suing the Pentagon over a military blacklisting it calls “arbitrary and capricious,” and now faces Anthropic’s accusation of the largest-ever extraction campaign against a US frontier model. Alibaba’s stock dropped 3% after the accusations became public.
Anthropic’s prior distillation disclosure named DeepSeek, Moonshot, and MiniMax, generating over 16 million exchanges through roughly 24,000 accounts. The Alibaba campaign nearly doubles that volume. It’s also structurally different: a NYSE-listed company with US investors and regulatory exposure ran this campaign openly, which is why Anthropic’s ask for corporate penalties has more teeth than it would against a firm with no US footprint.
Anthropic wants Congress to move on three fronts: update antitrust law so AI firms can share threat intelligence, tighten chip export controls, and penalize Chinese labs enough that copying costs more than training. If you’re an operator running Claude in production, audit your API stack.
Nathan Zakhary