Chinese AI Firms Accused of “Distilling” Claude to Power Their Own Models

The global artificial intelligence race is no longer just about innovation — it’s about access, control, and technological sovereignty. In a striking revelation, Anthropic has accused three Chinese AI firms of improperly extracting knowledge from its powerful chatbot, Claude. The company claims that the firms exploited its system at massive scale, raising concerns about intellectual property theft, model security, and even national security implications. The controversy arrives at a moment when geopolitical tensions around AI chips, export controls, and technological dominance are intensifying.

Summary of the Original Report

According to a blog post by Anthropic, three Chinese artificial intelligence companies — DeepSeek, Moonshot AI, and MiniMax — allegedly used improper methods to enhance their own AI models by extracting capabilities from Claude.

The companies reportedly generated more than 16 million interactions with Claude using around 24,000 fake accounts. This activity violated Anthropic’s terms of service and bypassed regional access restrictions. The technique they allegedly used is known as “distillation,” a process in which a smaller or less capable AI model is trained on the outputs of a more advanced system to replicate its abilities.

Anthropic stated that these campaigns were not isolated incidents but part of a broader, increasingly sophisticated effort. The company warned that the scale and coordination of these activities suggest a growing intensity in attempts to replicate advanced Western AI systems.

This announcement follows concerns previously raised by OpenAI, which earlier warned U.S. lawmakers that DeepSeek was attempting to replicate leading American AI models such as ChatGPT.

Anthropic emphasized that improperly distilled models may lack critical safety safeguards, creating national security risks. If such models are open-sourced, the risks could multiply as advanced capabilities spread beyond regulatory oversight.

The company also connected the issue to export controls on advanced semiconductor chips, arguing that limiting chip access reduces both the ability to train frontier models directly and the scale of improper distillation.

Anthropic claimed DeepSeek targeted reasoning capabilities and censorship-resistant alternatives, while Moonshot focused on agentic reasoning, coding, and data analysis. MiniMax reportedly targeted coding and tool orchestration. Anthropic detected MiniMax’s campaign before the company released its new model and said that when Claude was updated, MiniMax quickly shifted traffic within 24 hours to capture new capabilities.

The accused companies have not publicly responded to the allegations.

What Undercode Say:

This incident highlights a deeper structural issue in the AI ecosystem: frontier models are accessible through APIs, yet the outputs themselves can become training data. Even if weights remain protected, the behavioral intelligence of a model can be replicated over time through persistent querying.

Distillation itself is not inherently illegal or unethical. It is a widely used machine learning technique. However, the controversy arises when it is done at scale without authorization and in violation of platform policies. The key issue here is not the concept of distillation — it is the alleged systematic evasion of safeguards and access controls.

The reported 16 million interactions suggest automation at industrial scale. That volume implies coordinated infrastructure, not casual experimentation. If accurate, this represents a strategic attempt to accelerate domestic model development without bearing the full research and compute costs required to build frontier systems from scratch.

Another major concern is safety alignment. Advanced AI companies invest heavily in reinforcement learning, red-teaming, and alignment research to reduce harmful outputs. If another model is trained purely on outputs — without inheriting internal safety architecture — the result may be a system that mimics intelligence but lacks guardrails.

Anthropic’s call for stricter export controls ties AI model security directly to hardware supply chains. Advanced GPUs are essential for training and refining large models. By restricting chip exports, policymakers aim to limit not just direct training capabilities but also the scalability of distillation-based replication.

However, this approach has limitations. Distillation requires far less compute than full-scale model training. Once a frontier model is publicly accessible via API, even limited interaction can gradually transfer knowledge.

The speed at which MiniMax allegedly adapted to Claude’s update — pivoting within 24 hours — suggests real-time monitoring and automated capability extraction pipelines. That signals a new era in AI competition: model updates may now trigger immediate reverse-engineering attempts.

From a geopolitical perspective, this reflects intensifying AI rivalry between the United States and China. AI is increasingly viewed not merely as a commercial technology but as strategic infrastructure comparable to energy or defense systems.

If open-source distilled models circulate globally, enforcement becomes nearly impossible. At that point, technological diffusion outpaces regulatory response.

Ultimately, this case underscores a fundamental paradox: AI companies want widespread API adoption for revenue and ecosystem growth, yet that very openness creates vulnerability to model imitation.

Fact Checker Results

Distillation is a recognized machine learning method used widely in AI research.
Export controls on advanced AI chips have already been implemented by the U.S. government in recent years.
There is currently no public independent verification of Anthropic’s specific numerical claims regarding account usage.

Prediction

Expect tighter API monitoring, stricter account verification systems, and more aggressive legal enforcement from leading AI labs. We may also see expanded semiconductor export restrictions and deeper government involvement in AI oversight. At the same time, global AI development will likely accelerate as nations push for technological self-reliance, making model security a defining issue of the next phase of the AI race.