AI Weekly Issue #507: Anthropic Says Alibaba Stole 29 Million Conversations With Claude

Anthropic accused Alibaba of running 25,000 fake accounts to steal nearly 29 million conversations from its Claude AI model, marking the largest known distillation attack. The accusation, detailed in a letter to the White House, highlights escalating tensions among AI labs as they also face talent poaching, security vulnerabilities, and looming EU transparency regulations.

Anthropic accused Alibaba of running 25,000 fake accounts to pull nearly 29 million conversations out of Claude — then took the evidence to the White House. That was just the opening shot in a week the labs spent at war with everyone, including each other: poaching Google's top Gemini minds, watching their own developer tools get pried open by anonymous strangers, and staring down Europe's August disclosure deadline. The twist? The only companies cleanly printing money this week sell memory and silicon — not models. Sponsor Move from one-off evals to repeatable agent validation. https://www.spec27.ai/?utm source=ai weekly&utm medium=newsletter sponsorship&utm campaign=aiewf 2026&utm content=2026 06 22 core value Spec27 helps teams define how an AI agent should behave, test against those expectations, and understand where behaviour breaks across realistic scenarios. Quick Hits The Lab Gladiator Era — In a letter to the White House and US senators, Anthropic says operators tied to Alibaba's Qwen lab used roughly 25,000 fraudulent accounts to run nearly 29 million exchanges against Claude between April and June, systematically harvesting its most valuable skills — software engineering and agentic reasoning — through what it calls "adversarial distillation." It's the first time Anthropic has publicly named a major Chinese tech giant as the source of a model-theft campaign. CNBC Anthropic accuses Alibaba of the largest distillation attack ever aimed at Claude https://www.cnbc.com/2026/06/24/anthropic-alibaba-distillation-campaign.html — Jonas Adler and Alexander Pritzel, both viewed internally as key contributors to Gemini, are set to leave for Anthropic — days after DeepMind's John Jumper went to Anthropic and Noam Shazeer left for OpenAI. Google can match the salary; it can't match the pre-IPO equity at a startup about to go public. Anthropic isn't just hiring people, it's buying the knowledge of how Google's flagship model works. TechCrunch Google is losing its Gemini brain trust to Anthropic — four senior exits in six days https://techcrunch.com/2026/06/24/ai-researchers-continue-to-leave-google-for-its-rivals/ AI Supply Chain Under Siege — Researchers at Novee Security scanned about 30,000 high-impact GitHub repositories and found more than 300 fully exploitable by any unauthenticated user with a free account — a pattern they call "Cordyceps." In Microsoft's Azure Sentinel repo, an anonymous comment on a pull request could execute code and steal a non-expiring GitHub App key; in Google's AI Agent Dev Kit samples, a single malicious PR granted full ownership of the linked cloud project. Apache, Cloudflare and the Python Software Foundation are affected too. The Hacker News One anonymous pull request can hijack 300+ of the world's biggest code repos https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html — Cornell researchers showed that a snippet as short as 13 words, planted on Reddit, Wikipedia or Quora, can reliably steer AI search agents into repeating spam or scam content. The exposure is structural: the deep-research modes behind ChatGPT and Google cite user-generated pages in roughly half their answers, and about a quarter of all their citations come from that content. 404 Media A 13-word Reddit post can quietly poison ChatGPT and Google's AI answers https://www.404media.co/it-is-trivially-easy-to-use-reddit-to-manipulate-ai-search-research-suggests/ The Year Governments Got Serious — From August 2, the EU AI Act's Article 50 forces providers to tell users when they're talking to an AI, and deployers to label AI-generated or manipulated images, audio, video and public-interest text as artificial. It applies to every generative system, not just high-risk ones — and the Commission's just-published draft guidelines are the playbook companies have weeks to implement. European Commission Europe's AI transparency law goes live August 2 — every chatbot and deepfake must say so https://digital-strategy.ec.europa.eu/en/news/commission-opens-consultation-draft-guidelines-ai-transparency-obligations — Tens of thousands of emails opposing a plan to phase out gas furnaces and water heaters poured into Southern California's air-quality district, many of them generated by an AI platform run by a consultant tied to a firm whose clients include the local gas utility's parent. The board scrapped the plan; now 22 state and local officials want the attorney general to investigate. GovTech An AI bot flooded California air regulators with fake public comments — and won https://www.govtech.com/artificial-intelligence/ai-generated-comments-swayed-california-air-decision The AI Capex Tax — SignalFire's State of Talent report finds engineering hiring at major tech firms is down just 11% from 2019, versus a 25% drop across all roles — and engineers now make up 55% of those companies' hires, up from 46%. They're hired fastest and quit least. The "AI code apocalypse" hasn't arrived; the squeeze is landing on everyone around the engineers instead. TechCrunch AI was supposed to kill engineering jobs. The data says the opposite https://techcrunch.com/2026/06/24/ai-was-supposed-to-kill-engineering-jobs-but-new-data-suggests-theyre-the-most-resilient/ — A new Opportunity@Work and Brookings analysis warns that 11 million US "gateway jobs" — the customer-service, clerical and coordinator roles that let workers without a four-year degree climb into the middle class — are now the ones most exposed to AI automation. As frontier labs spare senior engineers, the ladder underneath them is the part getting pulled away. Opportunity@Work AI is coming for the 11 million 'gateway jobs' that don't require a degree https://aiweekly.co/alerts/opportunitywork-ai-threatens-11m-non-degree-gateway-jobs The Gold Rush Pays the Shovel Sellers While the labs spent the week accusing each other of theft and poaching each other's staff, the companies actually banking the AI boom barely made the front page. Micron just posted its best quarter ever: $41.5 billion in revenue and a record 84.9% gross margin https://www.stocktitan.net/news/MU/micron-technology-inc-reports-record-results-for-the-third-quarter-6f50161e5zxh.html , with its high-bandwidth memory — the part every AI accelerator needs — effectively sold out and more than $1 billion of next-generation HBM4 already shipped. It guided next quarter to $50 billion. Qualcomm, long a phone-chip company, used its investor day to set a $15 billion data-center sales target for 2029 https://www.cnbc.com/2026/06/24/qualcomm-data-center-cpu-meta.html and unveil a 250-core server CPU, with Meta as its first named customer. And SambaNova is reportedly raising up to $1 billion at roughly a $10 billion valuation https://aiweekly.co/node/3693 — five times what it was worth in February. The contrast with the model makers is the story. The same week, 404 Media documented a " Tokenpocalypse https://www.404media.co/the-tokenpocalypse-is-here-companies-are-scrambling-to-stop-spending-so-much-on-ai/ ": companies like Uber burning through an entire annual AI budget in months, then capping employee access to tools like Claude Code. The labs are still hunting for durable profit. The people selling them memory and silicon already found it. Key Takeaways Model theft is now the lab war's main front. Anthropic isn't suing a rival in court — it's telling Congress a foreign giant industrialized the copying of Claude, while raiding Google for the people who know how Gemini works. The moat is the training data and the talent, and both are under direct attack. The thing you build AI on is the soft target. In one week, anonymous strangers could hijack 300+ top code repos and 13 words of Reddit could bend ChatGPT's answers. The tools and data feeding AI agents are far easier to poison than the models themselves. Disclosure is becoming law just as gaming the public gets trivial. Europe will require every chatbot and deepfake to identify itself on August 2 — the same week an AI bot quietly swung a US regulatory decision with fake comments. The rules and the abuse are arriving together. The sure money is in the middle of the stack. Memory and silicon are sold out at record margins while the labs cap their own staff's AI budgets — and even in the workforce, AI is sparing senior engineers while threatening the 11 million gateway jobs beneath them. Worth Reading — Google folded "computer use" — clicking, typing and scrolling across browser, mobile and desktop — directly into its fast Gemini model, available now via the API and its enterprise agent platform, with new guardrails that pause for confirmation on sensitive actions and halt on detected prompt injection. Google Gemini 3.5 Flash can now see and control a screen https://blog.google/innovation-and-ai/models-and-research/gemini-models/introducing-computer-use-gemini-3-5-flash/ — A new paper measures the validity-versus-correctness tradeoff when small language models are made to produce schema-valid structured output — quantifying how much semantic accuracy you sacrifice for guaranteed-parseable JSON. arXiv The Constraint Tax: forcing a small model into a schema costs it correctness https://arxiv.org/abs/2605.26128 — In Nature Medicine, leading general-purpose models outscored two of the top dedicated clinical AI tools on physicians' real-world questions, exposing a gap between regulatory clearance and how these systems actually perform in the exam room. Nature Medicine General-purpose chatbots beat dedicated clinical AI on doctors' real questions https://www.nature.com/articles/s41591-026-04457-9 — iLLaDA, built with Renmin University on 12 trillion tokens, is a fully bidirectional diffusion LLM that rivals Qwen2.5 7B on several benchmarks — a reminder the open-weight frontier keeps moving, and keeps moving in China. AI Weekly ByteDance trained an 8B diffusion language model from scratch https://aiweekly.co/alerts/bytedance-and-renmin-us-illada-8b-diffusion-lm-rivals-qwen25-7b-base Wait, What? — A new Nature critique by St Andrews physicist Henry Legg argues the topological-qubit result underpinning Microsoft's "working quantum computer by 2029" roadmap rests on omitted data, selective plots, and coding errors — and that a fuller dataset looks more like random noise than proof. Microsoft says it stands by its results. Slashdot Microsoft's celebrated quantum "breakthrough" may be a basic Python error https://developers.slashdot.org/story/26/06/24/1644216/boffin-claims-microsofts-quantum-leap-is-invalid-due-to-basic-python-errors — As labs quietly staff up on philosophers to debate machine consciousness, 404 Media offers the reductio: a researcher built a working neural network out of digital goats inside the 1999 strategy game. If a chatbot can be conscious, the argument goes, so can the game AI — and so, for that matter, can Microsoft Word. 404 Media If AI is sentient, then so is "Age of Empires II" https://www.404media.co/if-ai-is-sentient-then-so-is-age-of-empires-ii/ Worth Watching The videos AI practitioners are passing around right now — curated on AI TV https://aiweekly.co/ai-tv . The Tech Report | CRASH IMMINENT: Ed Zitron Says AI Valuations Are Complete FRAUDS https://aiweekly.co/ai-tv?v=jDGPnaX-86Y Breaking Points AI Was Never About Helping You | Cory Doctorow https://aiweekly.co/ai-tv?v=SPQNPJ0CEPo The Atlantic This week's poll Anthropic says Alibaba industrialized the theft of Claude and took it to Washington. Whose problem is this, really? Last week, 120 of you voted: Washington blocked one lab; Beijing blacklisted 56 firms in reply. Where does the AI export war go from here? Anthropic says Alibaba industrialized the theft of Claude and took it to Washington. Whose problem is this, really? — Alexis