Inside the Great AI Heist: How Chinese Firms Allegedly Reverse-Engineered Claude

At first glance, the world of artificial intelligence seems like a race to innovate. But behind the scenes, a shadowy battle is unfolding - a battle not just for technological dominance, but for the very secrets that make these machines tick. This week, Silicon Valley’s Anthropic dropped a bombshell: it claims that three Chinese AI companies orchestrated a sophisticated scheme to siphon off the intelligence of its flagship chatbot, Claude, using a controversial technique known as “model distillation.” The allegations, if true, expose a new front in the global AI arms race, where code and clever prompts may matter as much as silicon and data.

Anthropic’s explosive claims shine a spotlight on an obscure but increasingly vital security threat: model distillation attacks. In simple terms, distillation is a legitimate process where developers use a powerful “teacher” AI to train a leaner, faster “student” model. But when rivals deploy automated systems to hammer away at a competitor’s chatbot - harvesting millions of structured answers - they can, in effect, replicate much of its hard-won intelligence without ever touching the original code or data.

According to Anthropic, the accused Chinese firms - DeepSeek, MiniMax, and Moonshot AI - didn’t just act like curious users. Investigators say they detected coordinated, high-volume querying patterns, with DeepSeek alone conducting over 150,000 exchanges focused on complex reasoning. Moonshot AI allegedly ran more than 3.4 million queries targeting coding and data analysis, while MiniMax is said to have surpassed 13 million, zeroing in on advanced “agentic” tasks that let AI systems plan and orchestrate complex operations.

Anthropic contends that these efforts went far beyond legitimate research or product testing. The company claims the operations involved bypassing usage safeguards, evading export controls on advanced AI chips and software, and even crafting “policy-safe” queries to extract moderated responses - effectively sidestepping built-in filters designed to prevent sensitive information leaks.

To counter this new breed of attack, Anthropic is racing to deploy detection systems that can flag suspicious querying - looking for unusual prompt patterns and automated data harvesting. But the implications stretch far beyond one chatbot or one company. William Wright, CEO of Closed Door Security, warns that any business with a custom AI assistant may be at risk. “Distillation means that proprietary knowledge can be stolen simply by asking the right questions - no code or data breach required,” he cautions.

As generative AI becomes more powerful - and more valuable - the arms race to protect, steal, and replicate these digital brains is only intensifying. The days when model theft required hacking into a server may be over. Now, the greatest risks could come from the very interfaces designed to make AI accessible to all.

WIKICROOK

• Model Distillation: Model distillation trains a smaller AI model to mimic a larger one, enabling efficient, accurate cybersecurity solutions on resource-limited devices.
• Agentic Reasoning: Agentic reasoning is an AI’s ability to autonomously plan, decide, and act, enhancing cybersecurity by automating threat detection and incident response.
• Reinforcement Learning: Reinforcement Learning is a machine learning method where AI learns optimal actions through trial and error, guided by rewards and penalties.
• Prompt Engineering: Prompt engineering involves crafting clear instructions or questions for AI models to ensure they generate relevant and accurate responses.
• Export Restrictions: Export restrictions are government rules that limit the sale or transfer of certain products or technologies to other countries, mainly for security reasons.