{"slug": "ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with", "title": "AI Weekly Issue #507: Anthropic Says Alibaba Stole 29 Million Conversations With Claude", "summary": "Anthropic accused Alibaba of running 25,000 fake accounts to steal nearly 29 million conversations from its Claude AI model, marking the largest known distillation attack. The accusation, detailed in a letter to the White House, highlights escalating tensions among AI labs as they also face talent poaching, security vulnerabilities, and looming EU transparency regulations.", "body_md": "*Anthropic accused Alibaba of running 25,000 fake accounts to pull nearly 29 million conversations out of Claude — then took the evidence to the White House. That was just the opening shot in a week the labs spent at war with everyone, including each other: poaching Google's top Gemini minds, watching their own developer tools get pried open by anonymous strangers, and staring down Europe's August disclosure deadline. The twist? The only companies cleanly printing money this week sell memory and silicon — not models.*\n\n## Sponsor\n\n[Move from one-off evals to repeatable agent validation.](https://www.spec27.ai/?utm_source=ai_weekly&utm_medium=newsletter_sponsorship&utm_campaign=aiewf_2026&utm_content=2026_06_22_core_value)\n\nSpec27 helps teams define how an AI agent should behave, test against those expectations, and understand where behaviour breaks across realistic scenarios.\n## Quick Hits\n\n### The Lab Gladiator Era\n\n— In a letter to the White House and US senators, Anthropic says operators tied to Alibaba's Qwen lab used roughly 25,000 fraudulent accounts to run nearly 29 million exchanges against Claude between April and June, systematically harvesting its most valuable skills — software engineering and agentic reasoning — through what it calls \"adversarial distillation.\" It's the first time Anthropic has publicly named a major Chinese tech giant as the source of a model-theft campaign. [CNBC][Anthropic accuses Alibaba of the largest distillation attack ever aimed at Claude](https://www.cnbc.com/2026/06/24/anthropic-alibaba-distillation-campaign.html)— Jonas Adler and Alexander Pritzel, both viewed internally as key contributors to Gemini, are set to leave for Anthropic — days after DeepMind's John Jumper went to Anthropic and Noam Shazeer left for OpenAI. Google can match the salary; it can't match the pre-IPO equity at a startup about to go public. Anthropic isn't just hiring people, it's buying the knowledge of how Google's flagship model works. [TechCrunch][Google is losing its Gemini brain trust to Anthropic — four senior exits in six days](https://techcrunch.com/2026/06/24/ai-researchers-continue-to-leave-google-for-its-rivals/)\n\n### AI Supply Chain Under Siege\n\n— Researchers at Novee Security scanned about 30,000 high-impact GitHub repositories and found more than 300 fully exploitable by any unauthenticated user with a free account — a pattern they call \"Cordyceps.\" In Microsoft's Azure Sentinel repo, an anonymous comment on a pull request could execute code and steal a non-expiring GitHub App key; in Google's AI Agent Dev Kit samples, a single malicious PR granted full ownership of the linked cloud project. Apache, Cloudflare and the Python Software Foundation are affected too. [The Hacker News][One anonymous pull request can hijack 300+ of the world's biggest code repos](https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html)— Cornell researchers showed that a snippet as short as 13 words, planted on Reddit, Wikipedia or Quora, can reliably steer AI search agents into repeating spam or scam content. The exposure is structural: the deep-research modes behind ChatGPT and Google cite user-generated pages in roughly half their answers, and about a quarter of all their citations come from that content. [404 Media][A 13-word Reddit post can quietly poison ChatGPT and Google's AI answers](https://www.404media.co/it-is-trivially-easy-to-use-reddit-to-manipulate-ai-search-research-suggests/)\n\n### The Year Governments Got Serious\n\n— From August 2, the EU AI Act's Article 50 forces providers to tell users when they're talking to an AI, and deployers to label AI-generated or manipulated images, audio, video and public-interest text as artificial. It applies to every generative system, not just high-risk ones — and the Commission's just-published draft guidelines are the playbook companies have weeks to implement. [European Commission][Europe's AI transparency law goes live August 2 — every chatbot and deepfake must say so](https://digital-strategy.ec.europa.eu/en/news/commission-opens-consultation-draft-guidelines-ai-transparency-obligations)— Tens of thousands of emails opposing a plan to phase out gas furnaces and water heaters poured into Southern California's air-quality district, many of them generated by an AI platform run by a consultant tied to a firm whose clients include the local gas utility's parent. The board scrapped the plan; now 22 state and local officials want the attorney general to investigate. [GovTech][An AI bot flooded California air regulators with fake public comments — and won](https://www.govtech.com/artificial-intelligence/ai-generated-comments-swayed-california-air-decision)\n\n### The AI Capex Tax\n\n— SignalFire's State of Talent report finds engineering hiring at major tech firms is down just 11% from 2019, versus a 25% drop across all roles — and engineers now make up 55% of those companies' hires, up from 46%. They're hired fastest and quit least. The \"AI code apocalypse\" hasn't arrived; the squeeze is landing on everyone around the engineers instead. [TechCrunch][AI was supposed to kill engineering jobs. The data says the opposite](https://techcrunch.com/2026/06/24/ai-was-supposed-to-kill-engineering-jobs-but-new-data-suggests-theyre-the-most-resilient/)— A new Opportunity@Work and Brookings analysis warns that 11 million US \"gateway jobs\" — the customer-service, clerical and coordinator roles that let workers without a four-year degree climb into the middle class — are now the ones most exposed to AI automation. As frontier labs spare senior engineers, the ladder underneath them is the part getting pulled away. [Opportunity@Work][AI is coming for the 11 million 'gateway jobs' that don't require a degree](https://aiweekly.co/alerts/opportunitywork-ai-threatens-11m-non-degree-gateway-jobs)\n\n## The Gold Rush Pays the Shovel Sellers\n\nWhile the labs spent the week accusing each other of theft and poaching each other's staff, the companies actually banking the AI boom barely made the front page.\n\nMicron just posted its best quarter ever: [$41.5 billion in revenue and a record 84.9% gross margin](https://www.stocktitan.net/news/MU/micron-technology-inc-reports-record-results-for-the-third-quarter-6f50161e5zxh.html), with its high-bandwidth memory — the part every AI accelerator needs — effectively sold out and more than $1 billion of next-generation HBM4 already shipped. It guided next quarter to $50 billion. Qualcomm, long a phone-chip company, used its investor day to [set a $15 billion data-center sales target for 2029](https://www.cnbc.com/2026/06/24/qualcomm-data-center-cpu-meta.html) and unveil a 250-core server CPU, with Meta as its first named customer. And SambaNova is reportedly [raising up to $1 billion at roughly a $10 billion valuation](https://aiweekly.co/node/3693) — five times what it was worth in February.\n\nThe contrast with the model makers is the story. The same week, 404 Media documented a \"[Tokenpocalypse](https://www.404media.co/the-tokenpocalypse-is-here-companies-are-scrambling-to-stop-spending-so-much-on-ai/)\": companies like Uber burning through an entire annual AI budget in months, then capping employee access to tools like Claude Code. The labs are still hunting for durable profit. The people selling them memory and silicon already found it.\n\n## Key Takeaways\n\n**Model theft is now the lab war's main front.** Anthropic isn't suing a rival in court — it's telling Congress a foreign giant industrialized the copying of Claude, while raiding Google for the people who know how Gemini works. The moat is the training data and the talent, and both are under direct attack.**The thing you build AI on is the soft target.** In one week, anonymous strangers could hijack 300+ top code repos and 13 words of Reddit could bend ChatGPT's answers. The tools and data feeding AI agents are far easier to poison than the models themselves.**Disclosure is becoming law just as gaming the public gets trivial.** Europe will require every chatbot and deepfake to identify itself on August 2 — the same week an AI bot quietly swung a US regulatory decision with fake comments. The rules and the abuse are arriving together.**The sure money is in the middle of the stack.** Memory and silicon are sold out at record margins while the labs cap their own staff's AI budgets — and even in the workforce, AI is sparing senior engineers while threatening the 11 million gateway jobs beneath them.\n\n## Worth Reading\n\n— Google folded \"computer use\" — clicking, typing and scrolling across browser, mobile and desktop — directly into its fast Gemini model, available now via the API and its enterprise agent platform, with new guardrails that pause for confirmation on sensitive actions and halt on detected prompt injection. [Google][Gemini 3.5 Flash can now see and control a screen](https://blog.google/innovation-and-ai/models-and-research/gemini-models/introducing-computer-use-gemini-3-5-flash/)— A new paper measures the validity-versus-correctness tradeoff when small language models are made to produce schema-valid structured output — quantifying how much semantic accuracy you sacrifice for guaranteed-parseable JSON. [arXiv][The Constraint Tax: forcing a small model into a schema costs it correctness](https://arxiv.org/abs/2605.26128)— In Nature Medicine, leading general-purpose models outscored two of the top dedicated clinical AI tools on physicians' real-world questions, exposing a gap between regulatory clearance and how these systems actually perform in the exam room. [Nature Medicine][General-purpose chatbots beat dedicated clinical AI on doctors' real questions](https://www.nature.com/articles/s41591-026-04457-9)— iLLaDA, built with Renmin University on 12 trillion tokens, is a fully bidirectional diffusion LLM that rivals Qwen2.5 7B on several benchmarks — a reminder the open-weight frontier keeps moving, and keeps moving in China. [AI Weekly][ByteDance trained an 8B diffusion language model from scratch](https://aiweekly.co/alerts/bytedance-and-renmin-us-illada-8b-diffusion-lm-rivals-qwen25-7b-base)\n\n## Wait, What?\n\n— A new Nature critique by St Andrews physicist Henry Legg argues the topological-qubit result underpinning Microsoft's \"working quantum computer by 2029\" roadmap rests on omitted data, selective plots, and coding errors — and that a fuller dataset looks more like random noise than proof. Microsoft says it stands by its results. [Slashdot][Microsoft's celebrated quantum \"breakthrough\" may be a basic Python error](https://developers.slashdot.org/story/26/06/24/1644216/boffin-claims-microsofts-quantum-leap-is-invalid-due-to-basic-python-errors)— As labs quietly staff up on philosophers to debate machine consciousness, 404 Media offers the reductio: a researcher built a working neural network out of digital goats inside the 1999 strategy game. If a chatbot can be conscious, the argument goes, so can the game AI — and so, for that matter, can Microsoft Word. [404 Media][If AI is sentient, then so is \"Age of Empires II\"](https://www.404media.co/if-ai-is-sentient-then-so-is-age-of-empires-ii/)\n\n## Worth Watching\n\nThe videos AI practitioners are passing around right now — curated on [AI TV](https://aiweekly.co/ai-tv).\n\nThe Tech Report |\n\n[CRASH IMMINENT: Ed Zitron Says AI Valuations Are Complete FRAUDS](https://aiweekly.co/ai-tv?v=jDGPnaX-86Y)Breaking Points\n\n[AI Was Never About Helping You | Cory Doctorow](https://aiweekly.co/ai-tv?v=SPQNPJ0CEPo)The Atlantic\n\n## This week's poll\n\nAnthropic says Alibaba industrialized the theft of Claude and took it to Washington. Whose problem is this, really?\n\nLast week, 120 of you voted:\n\nWashington blocked one lab; Beijing blacklisted 56 firms in reply. Where does the AI export war go from here?\n\nAnthropic says Alibaba industrialized the theft of Claude and took it to Washington. Whose problem is this, really?\n\n— Alexis", "url": "https://wpnews.pro/news/ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with", "canonical_source": "https://aiweekly.co/issues/anthropic-says-alibaba-stole-29-million-conversations-with", "published_at": "2026-06-25 00:00:00+00:00", "updated_at": "2026-06-25 11:17:18.770654+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "large-language-models", "ai-ethics", "ai-research"], "entities": ["Anthropic", "Alibaba", "Claude", "Google", "Gemini", "DeepMind", "OpenAI", "European Commission"], "alternates": {"html": "https://wpnews.pro/news/ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with", "markdown": "https://wpnews.pro/news/ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with.md", "text": "https://wpnews.pro/news/ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with.txt", "jsonld": "https://wpnews.pro/news/ai-weekly-issue-507-anthropic-says-alibaba-stole-29-million-conversations-with.jsonld"}}