In a letter to U.S. senators on June 10, 2026, Anthropic disclosed that Qwen Lab, affiliated with Alibaba, used nearly 25,000 fake accounts to conduct more than 28.8 million interactions with Claude models between April 22 and June 5.
Attack Target and Scale
These interactions focused on Claude's agentic reasoning, software engineering, and long-horizon task capabilities. Anthropic called this the largest known distillation attack to date, with the interaction volume nearly double the combined 16 million interactions previously carried out by DeepSeek, Moonshot, and MiniMax.
Alibaba executed the largest known distillation attack on Anthropic to date.
Distillation technology allows a weaker model to learn from a stronger model's outputs, significantly reducing training costs. However, Anthropic noted that unauthorized industrial-scale distillation violates its terms of service, and the resulting models often have weaker safety protections.
Context and Parallel Disputes
At the time of the incident, Anthropic was facing copyright lawsuits from the music industry. Universal Music Publishing Group and other plaintiffs accused it of copying over 20,000 song lyrics without permission for training, seeking more than $3 billion in damages. Anthropic has argued fair use.
Around the same period, U.S. officials raised questions about whether restricted semiconductor equipment had flowed into China, further placing technology transfer issues at the center of U.S.-China policy discussions.
Analysis of Underlying Motivations
The industrialization of distillation attacks reflects how some labs, in pursuit of model performance, choose to bypass the high cost of self-training through high-frequency API calls. Anthropic emphasized that such behavior turns hundreds of billions of dollars in U.S. R&D investments into subsidies for competitors.
From a technical execution perspective, the batch creation of fake accounts and sustained high-frequency interactions indicate that the attacker has stable API access channels and account management capabilities, rather than incidental violations. If the resulting models are directly deployed, safety alignment flaws from the training phase could be amplified.
At the policy level, relying solely on terms of service is insufficient to block cross-border distillation. An Anthropic spokesperson said coordinated action between government and industry is needed. The current case shows that ex post facto disclosure alone is no longer enough to create an effective deterrent.
© 2026 Winzheng.com 赢政天下 | 转载请注明来源并附原文链接