Three Chinese artificial intelligence firms have been accused of orchestrating large-scale operations to illicitly replicate the capabilities of Anthropic’s AI model, Claude. Anthropic revealed on Monday that DeepSeek, Moonshot AI, and MiniMax engaged in these activities, reportedly conducting over 16 million interactions through approximately 24,000 fake accounts. These actions breached the company’s service terms and regional restrictions, as Anthropic’s services are not legally accessible in China due to various security and regulatory concerns.
Understanding Distillation Attacks
The method employed by these firms is known as distillation, where a less advanced model is trained using outputs from a superior AI system. While companies can legitimately use this technique to develop smaller versions of their own models, exploiting it to extract capabilities from competitors like Claude is illegal. Anthropic emphasized the risks associated with such illicitly distilled models, warning that they often lack essential safeguards, potentially endangering national security by enabling the spread of unprotected and hazardous capabilities.
Details of the Targeted Attacks
Each of the three AI companies targeted different aspects of Claude’s capabilities. DeepSeek focused on the model’s reasoning skills and censorship-safe outputs, engaging in over 150,000 interactions. Moonshot AI directed its efforts towards Claude’s reasoning, coding, and tool usage, accumulating more than 3.4 million exchanges. MiniMax concentrated on coding and tool use, with its interactions exceeding 13 million. Anthropic identified these campaigns by analyzing metadata, IP addresses, and infrastructure indicators linked to each company.
Anthropic’s Response and Security Measures
Anthropic has taken significant steps to mitigate these threats. The company has developed classifiers and behavioral fingerprinting systems to detect suspicious patterns in API traffic. Additionally, it has enhanced verification processes for certain accounts and implemented stronger safeguards to reduce the success of illicit distillation. These measures aim to protect their models from unauthorized capability extraction.
This revelation follows a recent disclosure by Google’s Threat Intelligence Group, which uncovered similar attacks on Gemini’s reasoning capabilities. Google noted that such attacks primarily threaten model developers rather than average users, emphasizing the need for robust security measures among AI service providers.
As the AI landscape continues to evolve, the industry must address the ethical and security challenges posed by distillation attacks. These incidents underscore the necessity for stringent regulations and collaborative efforts to safeguard AI technologies from exploitation and misuse, ensuring a secure technological future.
