Anthropic Alleges State-Sponsored AI Distillation by Chinese Labs, Drawing Industry Scrutiny

Theo - t3․gg
#ai-ethics #llm-security #ai-policy #anthropic #distillation

Anthropic recently published allegations that three prominent Chinese AI labs—DeepSeek, Moonshot (creators of Kimmy), and Minimax (creators of Minimax models)—are engaging in “distillation attacks” against its frontier models. The company claims these labs leverage over 24,000 fraudulent accounts to generate more than 16 million exchanges, aiming to extract proprietary capabilities. Anthropic asserts these illicitly distilled models could compromise safeguards, potentially feeding dangerous AI capabilities into foreign military intelligence and surveillance systems, posing significant national security risks.

Industry experts and commentators have quickly voiced skepticism regarding Anthropic’s claims and terminology. Critics point out that the term “distillation attack” appears to be novel, and the practice of using outputs from larger models to train smaller, more efficient ones (model distillation) is a common, often legitimate, technique in AI development. Furthermore, the reported numbers of exchanges—DeepSeek with 150,000, Moonshot with 3.4 million, and Minimax with 13 million—are considered by many as statistically insignificant. They argue these figures could easily represent typical LLM usage patterns, such as extensive benchmarking (e.g., a single run of SWEBench could generate over 100,000 exchanges with tool calls) or legitimate product integration, as Minimax had a product that previously utilized Anthropic models. Skepticism is further fueled by Anthropic’s historical reluctance to obfuscate its models’ reasoning traces, which paradoxically makes them more valuable targets for distillation, and its past contentious claims against competitors like OpenAI, X AI, and WindSurf.

Concerns also extend to the broader implications of Anthropic’s position. Observers question the consistency of Anthropic’s national security argument, noting the perceived contradiction between their models’ claimed safety safeguards and the ease with which these could supposedly be removed via distillation. There are also suggestions that Anthropic’s emphasis on the risks of open-sourced distilled models may reflect an underlying push against open-weight models, a segment Anthropic has not engaged in. While the possibility of commercial proxy services in regions like China facilitating unauthorized access and data collection on a smaller scale is acknowledged, direct evidence linking the named major labs to malicious intent, as per Anthropic’s claims, is largely perceived as lacking or unconvincing by many in the developer community.