What AI data theft is Anthropic accusing Chinese firms of?

Anthropic alleges that DeepSeek, MiniMax, and Moonshot created over 24,000 fake accounts to extract data from its Claude AI model to train their own AI systems. These firms reportedly engaged in over 16 million interactions with Claude, violating Anthropic's terms of service and regional access restrictions. Anthropic claims this illicit activity targeted Claude's advanced capabilities like agentic reasoning, tool use, and coding.

Why is Anthropic calling for chip export controls?

Anthropic believes that restricting access to advanced chips would limit both direct AI model training and the scale of illicit data extraction attempts like the one they allege was carried out by Chinese firms. They argue that the scale of data extraction performed by DeepSeek, MiniMax, and Moonshot requires access to advanced chips. Export controls would make it harder for malicious actors to train AI models using stolen data.

Anthropic Exposes AI Training Secrets!

Q: What security risks does Anthropic highlight regarding AI misuse?

Anthropic emphasizes the potential for misuse of AI technology, particularly by authoritarian governments. They point to the risk of frontier AI being deployed for offensive cyber operations, disinformation campaigns, and mass surveillance. Anthropic also notes that these risks are multiplied if the models are open-sourced, highlighting the importance of responsible AI development and deployment.

Q: What is Anthropic doing to protect its AI models?

Anthropic is calling for coordinated action from the AI industry, cloud providers, and policymakers to address data extraction and misuse. They are investing in technologies that make distillation attacks harder to execute and easier to identify. Anthropic has also begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities.

Anthropic, the AI company behind Claude, is alleging that three Chinese AI firms attempted to gain an unfair advantage by misusing its AI model. The company claims these firms created over 24,000 fraudulent accounts to siphon data from Claude, raising concerns about intellectual property and the potential for misuse of AI technology. This incident highlights the growing tension surrounding AI development and the need for stricter regulations and safeguards.

Key Points

Anthropic accuses DeepSeek, MiniMax, and Moonshot of using Claude to train their own AI models through “distillation.”
The Chinese firms allegedly created approximately 24,000 fake accounts and engaged in over 16 million interactions with Claude.
Anthropic argues this activity reinforces the need for export controls on advanced chips.
The company is calling for coordinated action from the AI industry, cloud providers, and policymakers.

Illicit Data Extraction

Anthropic has accused three Chinese AI companies—DeepSeek, Moonshot AI, and MiniMax—of improperly using its Claude AI model to train their own systems. The accusation centers around the practice of “distillation,” where a smaller AI model is trained using the output of a larger, more advanced model. While distillation can be a legitimate training method, Anthropic claims it was used illicitly in this case.

According to Anthropic, these companies generated over 16 million interactions with Claude through more than 24,000 fraudulent accounts. This activity violated Anthropic’s terms of service and regional access restrictions. The scale of the alleged data extraction raises concerns about the security and integrity of AI models.

Targeting Advanced Capabilities

Anthropic claims that DeepSeek, MiniMax, and Moonshot specifically targeted the advanced capabilities of Claude, such as agentic reasoning, tool use, and coding. By focusing on these areas, the companies aimed to rapidly improve their own AI models. DeepSeek allegedly targeted Claude’s reasoning capabilities, while generating ‘censorship-safe alternatives to politically sensitive questions’.

MiniMax targeted agentic coding, tool use, and orchestration. Anthropic detected the campaign while it was still active — before MiniMax released the model it was training. This suggests a proactive approach from Anthropic in monitoring and identifying suspicious activity on its platform.

The Call for Action and Chip Export Controls

Anthropic is calling for a coordinated response from the AI industry, cloud providers, and policymakers to address these issues. The company emphasizes the need for stronger defenses against data extraction and misuse. This includes investing in technologies that make distillation attacks harder to execute and easier to identify.

Anthropic also argues that this incident reinforces the need for export controls on advanced chips. They believe that restricting access to these chips would limit both direct model training and the scale of illicit distillation attempts. The company suggests that the scale of extraction performed by DeepSeek, MiniMax, and Moonshot “requires access to advanced chips”.

Potential Security Risks

The incident raises concerns about the potential for misuse of AI technology, particularly by authoritarian governments. Anthropic pointed to authoritarian governments deploying frontier AI for things like “offensive cyber operations, disinformation campaigns, and mass surveillance,” a risk that is multiplied if those models are open-sourced. This highlights the importance of responsible AI development and deployment.

Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches. Claude Code Security is designed to counter AI-enabled attacks by giving defenders an advantage and improving the security baseline. This is in direct response to potential misuse of AI, even if unintentional, by actors who wish to cause harm.

Frequently Asked Questions

What is “distillation” in the context of AI?: In AI, “distillation” refers to a technique where a smaller, more efficient AI model is trained to mimic the behavior and outputs of a larger, more complex model. While it can be a legitimate method for creating streamlined AI, Anthropic alleges it was misused in this case to steal capabilities from its Claude model.
How did the Chinese AI companies allegedly misuse Claude?: The companies reportedly created over 24,000 fraudulent accounts and engaged in over 16 million interactions with Claude. They allegedly targeted Claude’s advanced capabilities like reasoning, coding, and tool use to improve their own AI models faster and at a lower cost.
Why does Anthropic advocate for export controls on advanced chips?: Anthropic believes that restricting access to advanced chips can limit both direct AI model training and the ability to perform illicit “distillation” attacks. The company argues that the scale of data extraction they observed requires significant computing power, making chip access a key factor.
What are the potential consequences of this type of AI misuse?: Besides intellectual property theft and unfair competitive advantages, Anthropic suggests the misuse of AI could be used for “offensive cyber operations, disinformation campaigns, and mass surveillance”. This could pose significant risks to national security and global stability, according to industry experts.

What’s Next

Expect further debate on export controls for advanced chips used in AI development.
Watch for potential legal action or policy changes stemming from Anthropic’s accusations.
Keep an eye on how cloud providers and the AI industry respond to Anthropic’s call for coordinated action.

Why It Matters

This incident puts a spotlight on the vulnerability of AI models to data extraction and misuse, impacting intellectual property rights.
The alleged misuse of Claude underscores the need for robust security measures and monitoring systems within AI platforms.
Anthropic’s call for export controls on advanced chips highlights the growing geopolitical tensions surrounding AI technology.
The creation of 24,000 fake accounts shows how determined malicious actors are to bypass current security measures and the need for more stringent verification methods.

Research Sources

Source: www.theverge.com