Threat Intelligence Bearish 7

25,000 fake accounts used in 28.8M API exchanges to steal Claude's AI capabilities

· 4 min read · Verified by 3 sources ·
Share

Key Takeaways

  • The Alibaba-led campaign represents a massive API abuse operation, deploying 25,000 fraudulent accounts to exfiltrate over 28.8 million Claude model responses, highlighting critical weaknesses in AI service security and the need for advanced threat intelligence sharing.

Mentioned

Anthropic company Alibaba company BABA Claude product DeepSeek company U.S. Senate Banking Committee government_body Alibaba Qwen organization

Key Intelligence

Key Facts

  1. 1The alleged distillation campaign ran from April 22 to June 5, 2026, generating over 28.8 million exchanges with Claude through nearly 25,000 fraudulent accounts.
  2. 2Anthropic attributes the operation to operators affiliated with Alibaba and its AI lab Qwen, making it the largest known attack on the company of this kind.
  3. 3Distillation involves training a less capable model on the outputs of a stronger model, enabling rapid capability replication at low cost.
  4. 4Anthropic sent the accusation letter to Senators Tim Scott and Elizabeth Warren of the U.S. Senate Banking Committee on June 10, 2026, ahead of an AI hearing.
  5. 5The incident follows a February 2025 Anthropic disclosure of a DeepSeek-led extraction campaign that involved over 150,000 exchanges, and April 2026 White House accusations of industrial-scale AI IP theft by China.

Analysis

Security teams parsing Anthropic's disclosure will recognize the operation as a textbook large-scale API abuse, where thousands of synthetic identities bypass rate limits to siphon proprietary model outputs. The 28.8 million exchanges amassed in just six weeks represent a staggering data exfiltration event—and a wake-up call for AI firms to implement stronger authentication, behavioral analytics, and adversarial detection to protect their models from distillation-as-a-service attacks.

Anthropic has publicly accused Chinese technology giant Alibaba of conducting the largest known illicit extraction of its Claude AI model capabilities, a sophisticated campaign that generated over 28.8 million exchanges with the model through nearly 25,000 fraudulent accounts between April 22 and June 5, 2026. The accusation was detailed in a letter sent on June 10 to U.S. Senate Banking Committee leaders, Senators Tim Scott and Elizabeth Warren, ahead of a scheduled hearing on artificial intelligence. The technique used, known as distillation, involves training a less capable model on the outputs of a more powerful one, effectively cloning capabilities without authorization. Anthropic described the operation as an effort to accelerate China's ability to reach the level of its advanced Mythos Preview capabilities.

It follows a February 2025 disclosure by Anthropic of a similar, though smaller-scale, campaign by Chinese AI startup DeepSeek, which involved over 150,000 exchanges and sent shockwaves through the tech world with its low-cost model.

The incident marks a sharp escalation in the ongoing AI intellectual property conflict between the United States and China. It follows a February 2025 disclosure by Anthropic of a similar, though smaller-scale, campaign by Chinese AI startup DeepSeek, which involved over 150,000 exchanges and sent shockwaves through the tech world with its low-cost model. The Alibaba campaign, attributed to operators affiliated with Alibaba and its AI lab Qwen, is reported to have been active over a six-week period, dwarfing prior known distillation attacks in both scale and sophistication. The letter's timing, just two months after the White House accused China of stealing U.S. AI intellectual property on an industrial scale, underscores the geopolitical dimension.

The implications are multifaceted. For Anthropic, the breach represents a significant challenge to the commercial value of its proprietary Claude models, as distillation can enable competitors to close the performance gap at a fraction of the cost. Alibaba, which has invested heavily in its Qwen family of large language models, could gain unfair advantage in the fiercely competitive global AI market, particularly in enterprise and cloud applications. The incident also raises questions about the effectiveness of existing API usage policies and the difficulty of detecting sophisticated automated extraction at massive scale—Anthropic noted the use of thousands of fraudulent accounts to bypass rate limits.

From a regulatory standpoint, the letter to the Senate Banking Committee signals a push for government intervention. Anthropic expressed support for threat-intelligence sharing partnerships between the government and private AI labs, potentially paving the way for new export controls or federal mandates around model security. The choice of the Banking Committee, rather than a purely tech-focused panel, suggests that financial regulation and sanctions mechanisms may be invoked against entities engaging in such extraction, given the dual-use nature of advanced AI and its economic significance.

What to Watch

Market and industry consequences are still unfolding. Alibaba, a publicly traded company (NYSE: BABA), faces reputational damage and potential investor concern over intellectual property litigation risks. The incident could accelerate calls for hardware-level security measures, such as tamper-resistant AI chips, or for cloud providers to implement stricter verification of API consumers. For the broader AI ecosystem, it highlights the tension between the open-source ethos and the proprietary defenses that leading labs are erecting. Smaller AI startups, in particular, may see this as a warning that their models can be targeted by well-resourced actors, potentially chilling VC interest in model-building ventures that lack deep moats.

Looking ahead, the event is likely to catalyze a new phase of AI model protection, with increased investment in watermarking, output fingerprinting, and adversarial robustness. It may also spur international norms and agreements on what constitutes acceptable model training practices—although enforcement across borders will remain a formidable obstacle. The 28.8-million exchange figure provides a concrete data point for policymakers, and the June Senate hearing will be a key forum for shaping the U.S. response. As AI capabilities advance, so too will the methods to appropriate them illicitly, making the Alibaba case a seminal moment in the struggle over intellectual property in the age of generative AI.

Sources

Sources

Based on 3 source articles

From the Network

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.