Anthropic Accuses Chinese AI Firms of Industrial-Scale Data Theft via 16M Queries

In a landmark development that could reshape the global artificial intelligence landscape, U.S.-based AI firm Anthropic has publicly accused three leading Chinese AI companies—DeepSeek, Moonshot, and MiniMax—of conducting what it describes as an "industrial-scale distillation attack" on its proprietary Claude language models. According to internal forensic analyses reviewed by Anthropic’s security team, the three firms collectively executed more than 16 million API queries between late 2024 and early 2026, systematically extracting model outputs to reconstruct Claude’s reasoning patterns, response structures, and even its safety alignment mechanisms.

As reported by The Decoder, the volume and pattern of these queries were highly unusual, exhibiting characteristics of automated, non-human behavior. Further investigation by Anthropic’s engineering team, corroborated by VentureBeat, revealed that the attacks were facilitated through 24,000 uniquely generated fake user accounts, each designed to evade rate-limiting and behavioral detection systems. These accounts were deployed across public and private API endpoints, mimicking legitimate academic and enterprise users to avoid suspicion.

The goal, according to Anthropic’s internal white paper leaked to select media, was not merely to observe Claude’s outputs but to perform model distillation—training smaller, proprietary models to replicate Claude’s performance without access to its source code or training data. This technique, while technically legal in some jurisdictions, crosses ethical and potentially legal boundaries when conducted at scale without authorization, particularly when the target model is protected by trade secret and contractual licensing agreements.

The implications extend far beyond corporate espionage. Analysts warn this incident may represent the first documented case of an AI model being systematically reverse-engineered by foreign competitors using API abuse as a weapon. "This isn’t just theft—it’s a new form of digital warfare," said Dr. Elena Vasquez, a senior fellow at the Center for Security and Emerging Technology. "We’re witnessing the weaponization of open APIs against proprietary AI systems, and the global regulatory framework is utterly unprepared."

Chinese firms have yet to issue formal responses, though industry insiders suggest the companies may argue that API usage falls under fair research practices. However, Anthropic contends that the scale, duration, and methodological sophistication of the attacks—combined with the rapid emergence of models from DeepSeek and MiniMax that exhibit near-identical reasoning patterns to Claude—strongly suggest coordinated, corporate-backed theft.

The U.S. Department of Commerce has reportedly initiated an interagency review under the Export Administration Regulations, while the European Union is considering whether to classify such distillation attacks as violations of the upcoming AI Act’s transparency and accountability provisions. Meanwhile, cloud providers like AWS and Google Cloud are under pressure to implement stricter API monitoring and bot-detection protocols.

For the global AI community, this incident underscores a troubling new reality: as models become more powerful, their defenses must evolve beyond code to include legal, technical, and geopolitical safeguards. The line between innovation and exploitation has blurred—and the world is now paying the price.