Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Anthropic has accused three leading Chinese AI labs of “industrial-scale” attacks, raising national security concerns for the industry.
The AI start-up, which developed the popular coding tool Claude, said on Monday that DeepSeek, Moonshot and MiniMax conducted “industrial-scale distillation attacks on our models”.
Distillation refers to the practice of training smaller models on the outputs of more advanced systems, allowing developers to replicate high-level performance without the same computing resources.
It has become an increasingly sensitive issue as Chinese AI groups grapple with sweeping US export controls that restrict their access to Nvidia’s most advanced chips, including its Blackwell series. Those curbs have forced companies to adopt alternative strategies, such as training models overseas, using older or smuggled semiconductors, and cutting costs through engineering efficiencies.
San Francisco-based Anthropic said it had identified 24,000 fraudulent accounts and generated over 16mn exchanges with Claude, which it alleged the companies used to “train and improve their own models”. DeepSeek, Moonshot and MiniMax did not immediately respond to requests for comment.
“Distillation attacks undermine those controls by allowing foreign labs, including those subject to the control of the Chinese Communist Party, to close the competitive advantage that export controls are designed to preserve through other means,” said Anthropic.
Chinese AI groups, including Moonshot and MiniMax, have over the past month released a flurry of powerful new models that developers have praised for their efficiency in building applications such as AI agents and video generation.
DeepSeek, whose breakthrough R1 model in January last year stunned Silicon Valley with its performance and low cost, had been expected to unveil a successor ahead of last week’s Lunar New Year holiday. But it has yet to make an announcement.
Since releasing R1, DeepSeek has issued incremental updates rather than a new flagship model, allowing domestic rivals including Alibaba and ByteDance to gain ground and attract developers seeking low-cost, open-source systems.
US AI companies, as well as the US administration, have warned that distilled models could create national security risks. Anthropic said models “built through illicit distillation” were “unlikely to retain” safety measures to prevent the use of AI to develop bioweapons or carry out malicious cyber activities.
Last January, OpenAI said it found evidence of distillation of its models that underpin ChatGPT, which it suspected to be from DeepSeek.
OpenAI sent a memo to the US House Select Committee on Strategic Competition between the US and the Chinese Communist Party earlier this month which said DeepSeek’s upcoming model “should be understood in the context of its ongoing efforts to freeride on the capabilities developed by OpenAI and other US frontier labs”.
It accused DeepSeek of reflecting “CCP censorship and control of information” and argued that “adversarial distillation poses serious cost, safety, commercial and strategic risks to the US.”
Read the full article here