Anthropic Details Large-Scale Distillation Attack Campaigns

What Anthropic announced

In an X post published on February 23, 2026, Anthropic said model-distillation attacks are becoming more intense and more sophisticated, and linked to a detailed write-up. The company frames this as a cross-industry security issue, not a single-vendor incident, and argues that a coordinated response is required from AI labs, cloud providers, and policymakers.

Claims in the linked technical write-up

Anthropic’s accompanying article reports three large campaigns that it attributes to DeepSeek, Moonshot, and MiniMax. The post states the campaigns generated more than 16 million Claude exchanges through roughly 24,000 fraudulent accounts, targeting high-value capabilities such as agentic reasoning, tool use, and coding. Anthropic emphasizes that distillation itself can be legitimate, but says these operations violated terms and regional restrictions and were designed for capability extraction at industrial scale.

Defense posture and policy implications

The company says it is deploying classifiers and behavioral fingerprinting for coordinated traffic detection, increasing verification on commonly abused account pathways, sharing technical indicators with partners, and building product/API safeguards to reduce illicit extraction value. Anthropic also ties distillation attacks to export-control debates, arguing that large-scale extraction can weaken strategic advantages if left unchecked. Even where details remain vendor-reported, the disclosure adds concrete operational data points to an increasingly important AI security discussion.

Sources: Anthropic X post, Anthropic security write-up