Anthropic Accuses Chinese AI Firms of Systematically Stealing Claude Data via 16 Million Queries

San Francisco, February 20, 2026 — Anthropic, the AI safety-focused startup behind the Claude family of large language models, has leveled serious allegations against three prominent Chinese artificial intelligence firms: Deepseek, Moonshot AI, and MiniMax. According to internal forensic analyses shared with regulators and industry partners, these entities allegedly conducted a coordinated campaign of over 16 million API queries to Claude’s public interfaces between mid-2024 and late 2025, systematically extracting behavioral patterns, reasoning capabilities, and output structures to train competing models.

Anthropic’s internal research team detected anomalous query patterns that exhibited clear signs of automated probing—repetitive prompts designed to elicit specific responses, edge-case stress testing, and meta-instruction manipulation—all indicative of reverse-engineering efforts. The scale and precision of the activity suggest a well-resourced, institutional effort rather than opportunistic scraping. In a statement released on its official news page, Anthropic called the actions a “systematic theft of proprietary AI capabilities” and emphasized that the extracted data was used without consent, licensing, or attribution.

While the company did not release the full dataset or raw logs, it provided anonymized statistical summaries to U.S. Department of Commerce officials and the European Commission’s AI Office. The patterns revealed that the queries were not random but targeted specific Claude features: long-context reasoning, code generation accuracy, safety alignment responses, and multi-step planning. Notably, the frequency of queries spiked during new Claude model releases, suggesting real-time adaptation by the accused firms.

Deepseek, Moonshot, and MiniMax have not issued public responses as of press time. However, industry analysts note that all three firms have recently released models with performance metrics closely mirroring Claude 3.5’s benchmarks—particularly in multilingual reasoning and mathematical problem-solving—despite operating with significantly smaller training datasets than Anthropic’s. This has fueled speculation that the firms leveraged inference-time data harvesting as a shortcut to model development, bypassing the computational and financial costs of training from scratch.

The incident underscores growing tensions in the global AI ecosystem, where open-access APIs and permissive usage policies are increasingly exploited for competitive advantage. Unlike traditional software, AI models do not have clear legal boundaries around “reverse engineering” via API interaction, creating a regulatory gray zone. Anthropic argues that such behavior violates the spirit—and potentially the letter—of its Terms of Service, which prohibit automated extraction for competitive model training.

Legal experts suggest this could become a landmark case in AI intellectual property law. If proven, it may prompt U.S. and EU regulators to impose new restrictions on cross-border API access or require AI providers to implement anti-extraction safeguards, such as rate-limiting, behavioral detection, and CAPTCHA-like challenges for high-volume users. The case may also influence ongoing negotiations at the OECD and UN on global AI governance frameworks.

Meanwhile, Anthropic has announced it will begin deploying “Adversarial Query Detection” (AQD) technology across its API endpoints, a new layer of AI-driven monitoring designed to identify and throttle suspicious traffic patterns in real time. The company also plans to publish a white paper detailing its methodology for detecting data extraction, hoping to set a new industry standard for model protection.

As the world’s AI race intensifies, this episode highlights a troubling trend: the weaponization of accessibility. What was once designed as open innovation may now be the most vulnerable vector for intellectual theft—raising urgent questions about how to protect AI innovation in an era without clear digital property rights.