Anthropic Accuses DeepSeek and Chinese AI Firms of Stealing 16M Claude Training Exchanges
Original: Anthropic is accusing DeepSeek, Moonshot AI (Kimi) and MiniMax of setting up more than 24,000 fraudulent Claude accounts, and distilling training information from 16 million exchanges. View original →
Industrial-Scale AI Data Theft Allegations
Anthropic has leveled explosive accusations against three Chinese AI companies: DeepSeek, Moonshot AI (Kimi), and MiniMax. According to a Wall Street Journal report, the companies allegedly set up more than 24,000 fraudulent Claude accounts and used them to harvest training data from approximately 16 million conversation exchanges.
What Is Distillation and Why It Matters
Distillation in AI refers to the process of using outputs from a large language model (LLM) to train smaller or competing models. Anthropic's terms of service explicitly prohibit using Claude's outputs to train competing AI systems. When done at this scale without authorization, it constitutes both a terms-of-service violation and a potential intellectual property infringement.
The Scope of the Alleged Operation
What sets this case apart is its scale. Creating over 24,000 fake accounts and systematically harvesting 16 million conversations suggests a coordinated, industrial-scale operation rather than casual experimentation. Anthropic described this as an "industrial-scale distillation attack" in a company blog post, noting they had identified and blocked the operation.
Context: China's AI Surge
DeepSeek made waves in late 2024 and early 2025 by claiming GPT-4-level performance at a fraction of the cost. These allegations raise questions about whether some of that performance was achieved through unauthorized data acquisition. Moonshot AI (Kimi) and MiniMax are also fast-growing Chinese AI startups that have rapidly closed the gap with Western models.
Implications for the AI Industry
This case could set important precedents around AI output ownership, the legality of distillation from commercial services, and competitive practices in the global AI race. Anthropic has published evidence of the attack and is calling for industry-wide attention to model output protection. The outcome may shape future policies on AI data rights and cross-border IP enforcement.
Related Articles
Anthropic has introduced Natural Language Autoencoders (NLAs), a new interpretability technique that trains Claude to translate its own internal activations into human-readable text—enabling safety audits that can uncover hidden model motivations.
Cloudflare tested Anthropic's security-specialized Mythos Preview model against their own infrastructure under Project Glasswing. Mythos can chain low-severity bugs into working exploits, demonstrating reasoning comparable to senior security researchers — but with inconsistent safeguards and significant triage overhead.
AI-enabled attacks are shifting from setup work into post-compromise operations. Anthropic mapped 832 malicious accounts to MITRE ATT&CK and found medium-or-higher risk actors rising from 33% to 56%.