Anthropic described a coordinated attempt to copy Claude through what it characterized as Claude distillation attacks, alleging that three China-based AI laboratories used roughly 24,000 fraudulent accounts to generate more than 16 million interactions. The activity was described as concentrated on advanced capabilities, including complex reasoning, coding and tool use and the company said it intervened after detecting patterns it said differed from normal customer traffic.
Anthropic framed the activity as an effort to extract high-value Claude outputs at scale and said it acted after spotting traffic patterns that did not match typical customer use. The company’s broader positioning around Claude, including how it talks about access and platform strategy, also shapes the context for why it treats unauthorized extraction attempts as high-risk. See Anthropic’s latest statements about Claude’s monetization and platform direction.
Anthropic said it identified the campaigns using IP address correlations, request metadata and infrastructure indicators. Its head of threat intelligence said the company had “high confidence” the operations were distillation at scale, which it described as training a smaller model on outputs from a stronger one without authorization. Anthropic said it could not precisely quantify the improvement achieved, while also calling the gains meaningful.
Separately, Google described a China-linked hacking group using a chatbot to automate vulnerability analysis and plan cyberattacks against U.S. organizations and said it disabled accounts tied to that activity while noting no indication the attempts succeeded.
Key Points
- Large-scale account fraud used to extract high-value model outputs.
- Detection relied on telemetry such as metadata and infrastructure signals.
- Enforcement actions focused on disabling abusive access pathways.
