Anthropic, which has built its business by remixing content created by others, worries that Chinese AI labs are stealing data.
The US-based Claude model maker on Monday accused China-based DeepSeek, Moonshot AI and MiniMax of running an “industrial-scale campaign” to siphon knowledge from its models through a technique known as “distillation.”
Model distillation is a deep learning technique that allows you to create a large-scale “teacher” model and transfer the learned patterns to smaller “student” models. This is a type of data compression that ideally produces smaller, more efficient models without significantly reducing performance. It sheds light on black box algorithms and helps explainable AI. It’s also a convenient way to copy models.
Anthropic, like its major rivals, has been sued several times for alleged copyright infringement or unauthorized web scraping. Claims include: Bartz v. Anthropic. Carry Lou vs. Anthropic; Concord Music Group, Inc. vs. Anthropic. McKinnon v. Humanity (Canada). Reddit, Inc. v. Anthropic.
Courts are considering whether using copyrighted material to train AI models without consent is against the law, but Anthropic and its peers are concerned that Chinese companies are stealing their copyrights.
According to the company, DeepSeek, Moonshot AI, and MiniMax use networks of fraudulent accounts to investigate cloud models at scale.
“These labs generated more than 16 million interactions with Claude through approximately 24,000 fraudulent accounts, violating our terms of service and local access restrictions,” the company said in a blog post.
These attacks take the form of slightly different prompts designed to elicit responses that can be used to train the model. Anthropic refers to the distributed infrastructure used to distill the model as a “hydra cluster,” but has failed to establish that the underlying technology is sufficiently different from commercial proxy services to warrant a reference to the menacing many-headed myth.
Anthropic expressed concern that the distillation of undesirable models by foreign AI labs could enable authoritarian regimes to conduct cyberattacks, disinformation campaigns, and mass surveillance.
It’s unclear how this differs from the world we currently live in. However, the AI industry suggests that the situation would be even worse if the developers of these extracted models open sourced their work.
“This risk increases when distilled models are open-sourced, as these capabilities can spread freely beyond the control of a single government,” the company said.
Two weeks ago, Anthropic’s biggest competitor, OpenAI, sent out a memo. [PDF] He warned the U.S. House Select Committee on China that adversaries in China and, to a lesser extent, Russia, are stepping up efforts to raid frontier models.
“For example, Chinese adversaries are moving beyond chain-of-thought (CoT) extraction to more sophisticated multi-stage pipelines that blend synthetic data generation, large-scale data cleaning, and enrichment-style prioritized optimization,” OpenAI said. “We have also seen Chinese companies rely on a network of unauthorized resellers of OpenAI’s services to circumvent control of our platform.”
OpenAI specifically cited the DeepSeek looting, warning that the company’s models “lack meaningful guardrails against dangerous output in high-risk fields such as chemistry and biology, or offer only limited protection for copyrighted material.”
(Please note that OpenAI is a defendant in the OpenAI, Inc. Copyright Infringement Litigation, a collection of 16 copyright lawsuits.)
OpenAI’s memo calls on the US to protect its own AI industry, and Anthropic’s blog post follows suit, arguing that foreign model makers threaten national security.
“The illegally distilled models lack necessary safeguards and pose a significant national security risk,” the company said. “U.S. companies such as Anthropic are building systems that prevent state and non-state actors from using AI to develop biological weapons or carry out malicious cyber activities, for example. Models built through illegal distillation are less likely to maintain those safeguards, and dangerous capabilities can spread with many protections completely stripped away.”
“Experts and superforecasters expect the performance gap between U.S. and Chinese AI models to narrow by 2031 and reach parity by 2041,” according to the 5th Wave Forecast Report by the Long-term Expert AI Panel (LEAP), released Monday by the Institute for Forecasting.
DeepSeek, Moonshot and MiniMax did not immediately respond to requests for comment. ®
