Anthropic has accused Chinese technology conglomerate Alibaba and its AI research division, Qwen, of carrying out a large-scale effort to extract capabilities from its Claude family of artificial intelligence models, describing the incident as the most extensive distillation operation the company has encountered.
The allegations were detailed in a June 10 letter sent to U.S. Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren. In the correspondence, Anthropic claimed that operators linked to Alibaba and Qwen systematically interacted with Claude in an attempt to capture and reproduce some of the model's most advanced capabilities.
According to the company, the activity occurred between April 22 and June 5, 2026. During that period, Anthropic says it recorded more than 28.8 million exchanges associated with the operation. The requests were allegedly distributed across nearly 25,000 fraudulent accounts, enabling the actors to conduct high-volume interactions with the platform while obscuring the true source of the activity.
Anthropic stated that the campaign was not focused on general-purpose chatbot functions. Instead, it allegedly targeted capabilities considered among the most valuable within the Claude ecosystem, including software engineering tasks and advanced agentic reasoning. These functions form a critical component of the company's Mythos Preview model, one of Anthropic's most sophisticated AI systems designed to perform complex reasoning and autonomous task execution.
At the center of the allegations is a technique known as adversarial distillation. In machine learning, distillation generally refers to the process of training a model using outputs generated by another system. While the approach itself is commonly used within the AI industry, Anthropic argues that the method becomes problematic when it relies on unauthorized access to proprietary models.
According to the company, the actors behind the campaign repeatedly queried Claude and collected its responses at scale. Those outputs could then be used as training material for another AI system, allowing developers to reproduce aspects of Claude's behavior without investing the time, computational resources, and research expenditure typically required to build a frontier model from the ground up.
Anthropic warned lawmakers that such activity enables organizations to appropriate years of research and development through large-scale extraction campaigns. The company argued that these operations are designed to gather capabilities developed by leading U.S. AI laboratories and incorporate them into competing systems without bearing the costs associated with original model development.
Beyond intellectual property concerns, Anthropic also raised questions about safety. The company noted that models trained through adversarial distillation may replicate useful capabilities while failing to inherit the safeguards, alignment mechanisms, and risk controls embedded within the original system. As a result, the practice could create AI models that retain advanced functionality but operate with fewer protections against misuse.
The allegations against Alibaba follow earlier claims made by Anthropic regarding unauthorized access attempts linked to Chinese AI developers. In February 2026, the company disclosed that DeepSeek, the startup whose low-cost AI models attracted global attention in 2025, was among several organizations accused of attempting to improperly obtain Claude outputs. Anthropic now characterizes these incidents as part of a broader pattern of repeated efforts to extract capabilities from leading U.S. AI systems.
The dispute emerges amid growing government scrutiny of advanced AI technologies. Earlier this month, Anthropic revealed that it had received guidance from the Trump administration requiring the company to restrict access to its newest AI models, including Fable 5 and Mythos 5. Under the directive, access would be limited to U.S. persons, preventing non-U.S. citizens, including some employees, from interacting with the latest systems.
The issue is also beginning to influence policy discussions on Capitol Hill. Senators Bill Hagerty and Andy Kim are reportedly preparing legislation that would authorize sanctions or other penalties against Chinese organizations found to have improperly obtained outputs from U.S. AI models for the purpose of training competing systems. The proposal reflects growing concern among lawmakers that frontier AI capabilities have become both strategic economic assets and matters of national security.
Alibaba has not publicly responded to the allegations.
The dispute surfaces a new battleground in the global AI race. As companies invest billions of dollars to develop increasingly capable models, concerns are shifting beyond traditional cybersecurity threats toward the protection of model knowledge itself. For AI developers, the challenge is no longer limited to securing infrastructure and data. It increasingly involves preventing the large-scale extraction of capabilities that can be repurposed to accelerate the development of rival systems.
With governments, technology companies, and regulators paying closer attention to model security, the Anthropic-Alibaba dispute may become an early test case for how the industry addresses unauthorized AI capability harvesting and the growing geopolitical competition surrounding advanced artificial intelligence.
Addressing the incident, a company spokesperson told BleepingComputer, "A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems," adding, "Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected."
Tata Electronics, a subsidiary of the Tata Group, specializes in semiconductor production and electronic component manufacturing. Established in 2020, the company has rapidly expanded its footprint in India's technology manufacturing sector and is currently involved in the production and assembly of Apple iPhones and related components.
While the company has not identified the threat actor behind the attack, its statement follows claims made by the World Leaks cybercrime group, which allegedly published data stolen from Tata Electronics.
According to reports, the leaked material includes folders and documents that purportedly contain manufacturing-related information linked to Apple products. The exposed files are said to feature internal component schematics, printed circuit board (PCB) designs, material specifications, and software development kit (SDK) files.
BleepingComputer has reportedly reached out to Apple for clarification regarding the alleged exposure of proprietary information but has not yet received a response.
World Leaks is widely believed to be the successor to the Hunters International ransomware operation, which ceased activities in July 2025. Unlike its predecessor, which encrypted victims' systems, World Leaks focuses solely on data theft and extortion, threatening to release stolen information publicly unless demands are met.
The group has previously been linked to attacks on several major organizations. Among its notable victims are Dell, which confirmed a cybersecurity breach in July 2025, and Nike, which initiated an investigation after cybercriminals claimed to have stolen 1.4 terabytes of company data in January 2026.
The U.S. government has taken another step in its ongoing campaign against large-scale cyber fraud operations, announcing the seizure of online infrastructure allegedly used to support one of the world's most active criminal marketplaces while simultaneously expanding financial restrictions against the network behind it.
On Tuesday, the Department of Justice (DOJ) revealed that it had seized a cloud computing account connected to Cambodia-based Huione Group and its subsidiaries. According to federal investigators, the account hosted backend systems used to operate Huione Guarantee, also known as Haowang Guarantee, a platform that authorities say enabled a broad range of illicit activities spanning cybercrime, fraud, money laundering, and other criminal services.
The enforcement action coincided with a series of measures from the U.S. Department of the Treasury, which announced additional sanctions targeting Huione-linked entities and individuals associated with the Prince Group network. The latest moves build upon actions taken by U.S. authorities last year as part of a wider effort to disrupt transnational criminal organizations operating across Southeast Asia.
Federal officials described the seized infrastructure as a key component of a marketplace that allegedly served cybercriminals and fraud operators on a global scale. Rather than functioning as a conventional online marketplace, investigators say the platform acted as an ecosystem where illicit services, stolen information, and financial laundering tools could be accessed by criminal actors.
According to the DOJ, the cloud-based infrastructure provided technical support for operations conducted through Huione Guarantee. Authorities allege that the platform relied heavily on Telegram channels to facilitate communications and transactions involving illegal products and services.
Investigators claim those channels were used to advertise and trade stolen credit card information, sensitive personal data, and services linked to malware-enabled theft. The platform is also accused of facilitating money laundering activities and supporting schemes connected to human trafficking operations. In addition, authorities allege that proceeds generated through romance scams and fraudulent investment schemes were moved through the network.
The DOJ further alleges that Huione Guarantee offered escrow services designed for cryptocurrency transactions. Such services act as intermediaries between parties involved in a transaction, holding digital assets until agreed conditions are met. While escrow systems are commonly used in legitimate commerce, investigators contend that the service was leveraged by criminal actors seeking a trusted mechanism for conducting illicit transactions and laundering funds.
Officials believe the infrastructure played an important role in moving and concealing criminal proceeds. According to the Justice Department, billions of dollars in fraud-related funds were transferred through systems supported by the seized account. Authorities further stated that a massive portion of those proceeds originated from scam compounds operating throughout Southeast Asia, where organized criminal groups have increasingly adopted digital platforms and cryptocurrency networks to scale their operations.
The Treasury Department's actions were designed to expand existing restrictions against the Huione network. One measure formally added H-Pay Service as a successor entity under Treasury's existing rule targeting Huione Group. Treasury also imposed sanctions on nine individuals and 26 entities linked to Prince Group, broadening the scope of enforcement against organizations allegedly connected to the movement of illicit funds.
According to Treasury officials, Huione served as an important financial conduit for proceeds generated through cyber-enabled theft, virtual currency investment fraud, and other criminal schemes. Authorities further allege that the network was used by Prince Group to transfer, consolidate, and manage assets derived from fraudulent operations.
The latest actions follow a series of previous enforcement efforts directed at the same ecosystem. Last October, Treasury moved to further isolate Huione Group from the U.S. financial system, reflecting growing concerns over the company's alleged role in facilitating illicit financial activity.
Federal agencies have increasingly focused on scam networks operating across Southeast Asia as losses linked to online fraud continue to rise. Criminal organizations in the region have become known for running large-scale investment scams, romance fraud operations, and cryptocurrency-related schemes that target victims worldwide. Many of these operations rely on complex laundering networks and digital payment channels to obscure the origin and movement of stolen funds.
The investigation also intersects with earlier actions involving Prince Group chairman Chen Zhi. In October, the DOJ announced the seizure of bitcoin connected to investigations involving Chen and alleged cryptocurrency-related offenses, alongside accusations involving additional criminal schemes. Authorities have also reported that an individual identified as a significant participant in Chen's network was arrested in Cambodia before being extradited to China.
The coordinated actions by the DOJ and Treasury illustrate an emphasis on targeting the infrastructure that enables cyber-enabled fraud rather than focusing solely on individual perpetrators. By disrupting cloud services, financial channels, and marketplace operations that allegedly support criminal activity, U.S. authorities are seeking to make it more difficult for transnational fraud networks to move money, coordinate operations, and reach potential victims.
Intelligence and cybersecurity agencies from five allied nations have issued a warning that advanced artificial intelligence systems capable of performing meticulously executed cybersecurity tasks may become widely accessible much sooner than many organizations expect.
In a joint statement, representatives from the Five Eyes intelligence alliance, comprising the United States, Canada, the United Kingdom, Australia, and New Zealand, cautioned that frontier AI models are progressing at a pace that could reshape how cyber operations are conducted on both sides of the security landscape. According to the agencies, capabilities that are currently associated with a small number of highly advanced AI systems may reach broader availability within months rather than years.
The warning instills a sense of concern among governments, security practitioners, and AI researchers who have spent the past year examining how rapidly improving language models can influence vulnerability discovery, exploit development, system reconnaissance, and defensive security operations.
Officials stated that frontier AI systems are expected to outperform current industry assumptions regarding cybersecurity-related tasks. As these systems continue to improve, they may alter how organizations identify weaknesses, respond to incidents, and defend critical infrastructure. At the same time, the same technological advances could provide malicious actors with new opportunities to automate portions of cyberattacks that previously required substantial technical expertise.
Notably, the agencies emphasized that their concern is not based solely on future developments. Many of the building blocks needed for AI-assisted cyber operations already exist today.
Security-focused AI models can currently be accessed through a variety of channels, including older commercial systems, open-source releases, and models developed outside Western technology companies. While some frontier AI developers have restricted access to their most capable systems, cybersecurity experts have repeatedly noted that advanced capabilities often spread beyond their original environments as newer generations of models are released.
The agencies argued that one of the most immediate concerns is not the creation of entirely new attack techniques, but the ability of AI systems to exploit weaknesses that organizations have failed to address for years.
Among the issues highlighted were aging technology environments, delayed software patching, unnecessary exposure of internal systems to the public internet, weak identity verification practices, inadequate access controls, and insufficient preparation for responding to security incidents. These weaknesses have contributed to countless breaches over the past decade, and officials believe increasingly capable AI systems could allow attackers to identify and exploit such gaps more efficiently and at greater scale.
The statement suggests that organizations should reassess assumptions about how much time they have to prepare. Traditional planning cycles often operate on the expectation that technological shifts unfold gradually. However, intelligence officials warned that AI-related cyber risks may evolve quickly enough to render existing security assumptions obsolete within a matter of months.
"The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years," the agencies wrote, urging organizations to prepare for changing threat conditions before they become operational realities.
The warning also comes amid growing debate surrounding the release and control of advanced AI systems. The statement references frontier models such as Anthropic's Fable 5 and the cybersecurity-focused Mythos model family, which have attracted attention because of their reported performance on security-related tasks.
While companies have attempted to limit access to some of their most advanced systems, researchers have repeatedly observed that the gap between proprietary frontier models and publicly available alternatives continues to narrow. Historically, open-source models have often trailed leading commercial systems by only several months. As a result, capabilities that are initially restricted to a limited group of users can eventually become available through other channels.
This pattern has intensified concerns among policymakers who worry that highly capable cyber-oriented AI tools may become accessible to a broader range of actors, including criminal groups and nation-state operators seeking to automate parts of their operations.
Government officials and AI developers have already begun exploring ways to use these technologies defensively before they become commonplace in offensive campaigns. Programs such as Anthropic's Project Glasswing and OpenAI's Trusted Access for Cyber Program are designed to provide vetted organizations with access to advanced AI systems for security testing, vulnerability identification, and defensive research.
The objective is straightforward: allow defenders to discover and remediate weaknesses before increasingly capable AI systems can routinely identify and exploit them.
Recent research has reinforced the view that AI is becoming increasingly effective at cybersecurity tasks. Studies conducted in controlled environments have shown that advanced models can assist with vulnerability analysis, code review, system enumeration, and portions of attack-chain development. Although these systems still require human oversight and are far from replacing experienced security professionals, their capabilities continue to improve with each generation.
Despite the attention surrounding frontier AI, the recommendations issued by the Five Eyes agencies are remarkably familiar. Rather than advocating entirely new security frameworks, officials argue that organizations should focus on practices that have long formed the foundation of effective cybersecurity programs.
These include maintaining timely patch management processes, reducing unnecessary internet-facing exposure, strengthening identity and access management controls, developing incident response plans, and treating cybersecurity as a strategic business responsibility rather than a compliance exercise delegated solely to technical teams.
For business leaders, the warning serves as a reminder that advances in artificial intelligence are unlikely to eliminate longstanding cybersecurity challenges. Instead, they may increase the speed at which those challenges can be exploited.
As frontier AI design systems continue to upgrade, organizations that maintain strong operational discipline, address known weaknesses promptly, and integrate cybersecurity considerations into decision-making processes will be better positioned to withstand a rapidly changing threat environment. Those that fail to do so may find that vulnerabilities once considered manageable can be identified, analyzed, and exploited far faster than before.