{"slug": "anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist", "title": "Anthropic alleges Alibaba’s Qwen lab ran 28.8 million queries in massive AI distillation heist", "summary": "Anthropic accused Alibaba's Qwen AI lab of orchestrating a massive model distillation attack using 25,000 fake accounts to generate 28.8 million queries against its Claude model over six weeks, aiming to extract coding capabilities for training Qwen models. The allegations were outlined in a letter to US Senators Tim Scott and Elizabeth Warren, highlighting security vulnerabilities in API-based AI services and potential regulatory implications.", "body_md": "# Anthropic alleges Alibaba’s Qwen lab ran 28.8 million queries in massive AI distillation heist\n\nNearly 25,000 fake accounts allegedly siphoned Claude's coding capabilities over six weeks without tripping a single alarm\n\nAnthropic just accused one of China’s biggest tech companies of pulling off the largest known AI model theft in history. And the method was almost embarrassingly simple: create a bunch of fake accounts and just… ask questions. A lot of them.\n\nThe company alleges that Alibaba’s Qwen AI lab orchestrated a coordinated distillation attack using roughly 25,000 fake accounts that generated over 28.8 million interactions with Claude between April 22 and June 5, 2026. The operation’s goal, according to Anthropic, was to extract Claude’s advanced coding capabilities and use the outputs to train Alibaba’s own Qwen models.\n\n## How distillation attacks actually work\n\nModel distillation is one of those techniques that sounds innocuous until you see it weaponized at scale. In plain English: you feed a powerful AI model carefully crafted prompts, collect the responses, and then use those responses as training data for your own, cheaper model. The student learns from the teacher’s answers without ever seeing the teacher’s textbook.\n\nWhat makes this particular attack notable is how it stayed under the radar. The operation reportedly kept individual account activity below standard rate limits, meaning no single account was behaving suspiciously enough to trigger automated defenses. Spread across 25,000 accounts over roughly six weeks, that works out to an average of about 1,152 queries per account, or roughly 26 queries per account per day.\n\n## The geopolitical backdrop\n\nAnthropic outlined its allegations in a letter sent June 10 to US Senators Tim Scott and Elizabeth Warren. The letter became public through Reuters and other outlets around June 24-25, providing what amounts to a detailed technical complaint wrapped in geopolitical urgency.\n\nAlibaba has not publicly responded to the allegations. No regulatory action has been announced as a result of Anthropic’s claims.\n\nThe Qwen lab has been one of Alibaba’s flagship AI initiatives, producing models that have gained significant traction in the open-source community and commercial applications. If the distillation allegations hold up, it would suggest that at least some of Qwen’s recent performance improvements were achieved not through independent research breakthroughs but through systematic extraction of a competitor’s proprietary capabilities.\n\n## What this means for investors and the AI industry\n\nThe immediate market implications cut in multiple directions. For Anthropic, the disclosure is both a vulnerability admission and a strategic play. Admitting that nearly 29 million queries slipped through undetected doesn’t exactly inspire confidence in the company’s security infrastructure. But framing it as a foreign adversary attack positions Anthropic as a victim worthy of regulatory protection, which could translate into favorable policy treatment.\n\nThe broader AI industry should be paying close attention to the defensive implications. If the largest AI companies can’t detect a six-week, 28.8-million-query extraction campaign in real time, then the current security paradigm for API-based AI services needs fundamental rethinking. Rate limiting on a per-account basis is clearly insufficient when adversaries can trivially spin up thousands of accounts.\n\nThe fact that this letter went to the chairs of key Senate committees suggests Anthropic is betting on a regulatory response that could reshape the competitive landscape.\n\n**Disclosure:** This article was edited by Editorial Team. For more information on how we create and review content, see our\n\n[Editorial Policy](https://cryptobriefing.com/editorial-policy/).", "url": "https://wpnews.pro/news/anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist", "canonical_source": "https://cryptobriefing.com/anthropic-alibaba-qwen-ai-distillation-heist/", "published_at": "2026-07-13 22:37:07+00:00", "updated_at": "2026-07-13 22:59:30.183011+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "ai-policy", "ai-ethics", "ai-infrastructure"], "entities": ["Anthropic", "Alibaba", "Qwen", "Claude", "Tim Scott", "Elizabeth Warren", "Reuters"], "alternates": {"html": "https://wpnews.pro/news/anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist", "markdown": "https://wpnews.pro/news/anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist.md", "text": "https://wpnews.pro/news/anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist.txt", "jsonld": "https://wpnews.pro/news/anthropic-alleges-alibabas-qwen-lab-ran-28-8-million-queries-in-massive-ai-heist.jsonld"}}