Anthropic accuses Alibaba of largest-ever Claude cloning attack using 25,000 accounts
Tags AI · Security · Policy
Anthropic disclosed a June 10 letter to Senators Tim Scott and Elizabeth Warren detailing that operators affiliated with Alibaba and its Qwen AI lab conducted over 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts between April 22 and June 5. The campaign targeted agentic reasoning, software engineering, and long-horizon task capabilities, using obfuscation techniques and proxy networks to evade detection. The attack occurred after Trump's April memo warning China against industrial-scale AI theft. Anthropic recommended Congress pass legislation for information sharing among AI firms, additional chip export controls, and penalties on Chinese labs.
Technical significance
This is the largest documented model distillation attack, and its scale (28.8M exchanges, 25K accounts) reveals a mature, industrialized attack infrastructure. Anthropic's warning about a 'growing circumvention economy' suggests distillation-as-a-service is emerging. The fact that Alibaba conducted this after a presidential warning signals that geopolitical deterrence alone cannot protect model IP.