The new frontier of tech espionage is not the chip, it's the API: Anthropic accuses Alibaba of 'distilling' Claude

🕒 Published on Zendoric: June 25, 2026 · 09:00
Anthropic has written to the White House and the Senate to denounce what it describes as an industrial-scale effort by Alibaba to extract the capabilities of its Claude models through 'distillation attacks.' These are allegations, not a ruling, but they point to an uncomfortable regulatory gap: controls watch the silicon while knowledge slips out through the software door.
For years, the geopolitics of AI was fought around hardware: who makes the chips, who can buy them, which exports are restricted. The letter that Anthropic sent this week to White House officials and several senators —first reported by Bloomberg and picked up by Seeking Alpha— suggests the battlefield has shifted. The company alleges that Alibaba is running a large-scale effort to gain illicit access to its Claude models through 'distillation attacks'. It is important to frame this precisely: these are allegations contained in a letter, not a court ruling nor a finding verified by third parties, and Alibaba has not responded publicly according to available information.
It is worth understanding the technique to gauge the complaint. Distillation consists of massively querying a high-capacity model —the 'teacher'— and using its responses as training material for one's own model, the 'student'. In practice it can take the form of millions of automated API calls, extracting outputs that then function as labels. The attacker thereby approaches the capabilities of the original without having paid for either the research or the data that made it possible. It is not an isolated phenomenon: OpenAI already denounced in 2025 the use of this technique by Chinese actors, so Anthropic's complaint fits a consolidating pattern.
What is truly revealing is the chosen channel. Going directly to the Executive and the Legislative, and not only through the usual legal avenues for breach of terms of service, indicates that Anthropic frames the matter as a national security issue. It is consistent with its public identity as an actor concerned with AI safety and alignment, and it reinforces that narrative before Washington. But the decision also touches a real regulatory sore point: export controls cover NVIDIA's chips, not the implicit capabilities of a model accessible via API. That mismatch is precisely what distillation exploits.
For anyone building agentic systems, the episode serves as a reminder. The foundational models that chain calls, use tools and execute autonomous tasks are attack surfaces not only for ordinary abuses —spam, disinformation— but for competitive or state intelligence operations at scale. If an adversary managed to distill the reasoning, planning and tool handling of a cutting-edge model, the implications would be both commercial and security-related. It is reasonable to expect providers to respond with detection of anomalous query patterns, profile-based rate limiting and stricter identity verification for advanced models.
On the regulatory front, the case may feed the debate over whether frontier models should be treated as dual-use technology, subject to controls similar to those for sensitive material. The EU AI Act does not directly address this cross-border threat, although its provisions on high-impact general-purpose models could end up incorporating traceability requirements. Whatever happens with the specific complaint, the underlying message is already on the table: protecting the AI advantage will require watching not only where the chips are made, but who queries the models and with what intent.