On June 24-25, 2026, Anthropic submitted letters to Reuters and the U.S. Congress, accusing Alibaba affiliates of using approximately 25,000 fake accounts to generate over 28.8 million Claude interactions between April 22 and June 5 in an attempt to distill its reasoning and programming capabilities.
Actual Performance of Claude API Protection Mechanisms
Claude models rely on multi-layer rate limiting and anomaly detection to block batch calls. The above attack demonstrates that these mechanisms failed when faced with 25,000 distributed accounts. Each account maintained a reasonable daily interaction volume, yet the cumulative total reached 28.8 million, indicating that existing detection primarily depends on single-account thresholds.
The officially disclosed interaction data covers April 22 to June 5, lasting approximately 45 days. Attackers focused on reasoning chains and code generation tasks, using the output to train distillation models. This highlights the high value of Claude in long-context programming scenarios, while also exposing that its defenses did not cover distributed low-frequency patterns.
Comparison with Competing Products' Defenses
OpenAI's GPT series also employs account verification and behavior analysis, but introduced cross-account graph detection in 2025. In contrast, Claude had not deployed similar cross-account association algorithms before June 2026, resulting in 25,000 accounts not being merged and identified in time.
Google's Gemini API implemented device fingerprinting and IP clustering technology by the end of 2025, with daily interception efficiency higher than Claude's existing solution. Claude's weakness lies in over-reliance on content filtering rather than access control, leading to higher operational costs for the same effect.
Practical Recommendations for Developers
When calling the Claude API, developers should add request signing and device binding on the client side to avoid directly exposing keys. For programming tasks, it is recommended to split prompts to reduce the complete exposure of sensitive reasoning chains in a single interaction.
Enterprise users can deploy a local proxy layer to record metadata for each call and set cross-session thresholds. When the total daily call volume approaches 80% of the historical peak, automatically switch to a backup model to reduce distillation risk.
Risk Control Recommendations for Enterprises
When purchasing Claude services, enterprises should include anomaly detection response time in the contract. It is recommended to audit account usage patterns monthly and immediately freeze accounts with a low-frequency, high-volume pattern exceeding three times the average.
At the same time, enterprises should evaluate whether their own models face similar extraction threats. The Claude incident shows that any public API can become a target, and internal models need to adopt output watermarking and access log encryption.
According to Reuters, Anthropic explicitly stated in its letters that this is the largest known model extraction attack to date.
© 2026 Winzheng.com 赢政天下 | 转载请注明来源并附原文链接