Anthropic Accuses Deepseek, Moonshot, and MiniMax of Stealing Claude's AI Data Through 16 Million Queries

Distillation attacks, where a weaker model learns from a stronger one, have moved from theoretical risk to concrete threat. Anthropic’s disclosure shows that malicious actors can orchestrate massive query campaigns using fabricated identities and proxy networks, effectively reverse‑engineering proprietary AI capabilities. This development underscores the vulnerability of large language models (LLMs) when exposed via public APIs, especially when access controls are lax or can be circumvented through offshore services.

The three Chinese labs each pursued distinct objectives within the broader theft operation. Deepseek concentrated on extracting Claude’s chain‑of‑thought reasoning and obtaining censorship‑compliant responses to politically sensitive prompts, aiming to replicate nuanced decision‑making. Moonshot AI cast a wider net, probing agent‑based reasoning, tool usage, and even computer‑vision outputs to reconstruct Claude’s internal thought processes. MiniMax launched the most aggressive campaign, issuing over 13 million queries and swiftly pivoting to newer Claude iterations within a day, indicating a real‑time adaptation capability that could accelerate model cloning.

For the AI ecosystem, this incident signals a pressing need for stronger defensive measures. Companies may adopt query‑rate limiting, watermarking of model outputs, and anomaly detection to flag suspicious usage patterns. Policymakers are likely to consider tighter regulations on cross‑border AI data flows and mandatory reporting of large‑scale extraction attempts. Coordinated industry standards, combined with governmental oversight, could help safeguard intellectual property while preserving the openness that fuels AI innovation.