Anthropic describes 28.8 million Claude exchanges as an attack

Anthropic has accused operators linked to Alibaba and Qwen of a large distillation campaign against Claude, according to Ars Technica and Reuters. If the numbers in its letter to US senators are accurate, the campaign used nearly 25,000 fraudulent accounts and more than 28.8 million exchanges with the model.

Claude was allegedly used as a teacher for rival capabilities

Ars Technica describes Anthropic's claim that Alibaba should be punished for the largest known attack of this kind against Claude. Reporting says the campaign ran from April 22 to June 5, 2026 and targeted capabilities related to software engineering and agentic reasoning.

Anthropic calls this distillation: a weaker or rival model learns from the outputs of a stronger system. This is not a data center breach or theft of model weights. It is industrial scale draining of a public or semi public interface through thousands of accounts.

The word reportedly matters. Public information rests mainly on Anthropic's claim and its letter to the US Senate. Reuters reported that Alibaba did not immediately respond to a request for comment.

API abuse is becoming an industrial policy problem

For AI labs, the case exposes an uncomfortable weakness in commercial model distribution. Once a capability is available through an API, the vendor is not only defending an endpoint against ordinary scraping. It is defending the training investment, evals and product work behind the model.

For customers, there is a second order effect. Stricter rate limits, identity checks and anomaly detection may slow or complicate legitimate use. A vendor will want to know who is asking, why they are asking and whether 10,000 accounts are quietly acting as one training pipeline.

The geopolitical frame is obvious, but it needs discipline. Anthropic says the operators were linked to Alibaba and Qwen. That alone does not prove direct coordination by the Chinese state.

Big numbers still need a higher proof standard

Nearly 25,000 accounts and 28.8 million exchanges make a clear headline. But distillation is hard to prove in public because the important evidence sits in logs, prompt patterns, payment traces and the later behavior of suspected models.

Anthropic has a strong incentive to protect Claude, and also an incentive to turn the case into a political argument for stricter rules. That does not mean it is wrong. It means readers should want more than a dramatic number in a headline.

The next test is limits, lawsuits and customer friction

The signals to watch are whether Anthropic releases more technical indicators, whether legal action follows and whether other labs tighten bulk API usage.

Developers and companies running large volumes of legitimate model work will feel this first. If API access becomes a suspected channel for training competitors, the gate narrows for everyone, not only for alleged attackers.

Lilith's verdict

Model theft no longer has to look like a hooded hacker beside a server. It can look like a filing cabinet full of fake accounts, feeding a rival student with answers from the best teacher in class.