How China is ripping off cutting-edge AI from Anthropic, OpenAI — and threatening US national security



Anthropic and OpenAI warn that China has been ripping off their cutting-edge AI to produce cheap, open-source chatbots — a massive, unchecked technology heist that threatens not only the US’s razor-thin lead in artificial intelligence but also its national security, according to experts.

On June 24, San Francisco-based Anthropic — headed by outspoken CEO Dario Amodei — sent a letter to Congress directly accusing Alibaba of “brazen” AI theft through so-callled “distillation” — a technique where an advanced AI model is used to train a less capable one without permission and at a fraction of the cost and time.

OpenAI recently accused DeepSeek of ripping off its technology. REUTERS

That was just months after Sam Altman’s OpenAI in February accused China-based DeepSeek of “ongoing efforts to free-ride” on its work. That same month, Google warned of surging “malicious activity” originating in China, Iran, North Korea and Russia.

As The Post reported, these attacks have helped Chinese models to steal away US business customers by dangling rock-bottom prices for the increasingly costly “tokens” needed to use them. Six of the top 10 most-used AI models were developed by Chinese tech firms, including Z.AI, Minimax and DeepSeek — all of which boast capabilities nearly as advanced as Anthropic’s Claude or OpenAI’s ChatGPT.

“If today we say China is roughly 6-9 months behind us on frontier models, we think that if they were not able to distill or they were less effective, they’d probably be closer to something like 18-plus months behind,” a source close to Anthropic told The Post. “That number of months makes a big, big difference.”

Anthropic — whose powerful “Mythos” and “Fable” models were temporarily taken offline due to the White House’s concerns they could be weaponized by China — have regularly briefed Trump national security officials about distillation attacks, including as recently as this month, sources close to the company told The Post.

“We have basically spoken to every part of the government about this,” including the White House and Congress, one of the sources added.

If the Chinese hacks aren’t stopped, sources warn they could allow adversaries to erode America’s global leadership on AI development – or even aid the spread of terrifying hacking or autonomous weapon capabilities.

Anthropic, led by CEO Dario Amodei, recently accused Alibaba of illicit distillation attacks. Dominique Jacovides-Pool/SIPA/Shutterstock

The Trump administration has identified distillation as a key challenge in the winner-takes-all race to develop advanced AI. In April, the White House’s Office of Science and Technology published a memo accusing “foreign entities, principally based in China” of engaging in “deliberate, industrial-scale” theft campaigns.

China’s distillation attacks are the “ultimate form of industrial homework theft,” according to Theresa Payton, who served as the White House’s chief information officer under President George W. Bush.

“It allows foreign adversaries to clone the smartest kid in the class for pennies on the dollar,” Payton told The Post. “They effectively are bypassing United States chip bans by using our own multi-billion-dollar AI model to build their own.”

The distillation technique is a crucial strategy for China in part because its AI labs have been hamstrung by US export controls on the powerful computer chips needed to build advanced models, such as those sold by Nvidia.

OpenAI boss Sam Altman speaks at an event. REUTERS

In its June 24 letter to the Senate Banking Committee, Anthropic alleged it had evidence that Alibaba employees illicitly generated 28.8 million outputs from its Claude chatbot using nearly 25,000 fraudulent accounts from April 22 through June 5 of this year.

Soon after the letter surfaced, Alibaba banned its employees from using Anthropic’s Claude model – an empty gesture, according to company sources, because Anthropic already bans China-based entities from using its AI models.

The Post reached out to Alibaba for comment on Anthropic’s allegations.

Anthropic previously called out three other China-based AI labs in February – DeepSeek, Moonshot and Minimax – for using the same distillation tactic to improve their models.

Meanwhile, OpenAI briefed the Congressional-Executive Commission on China and other Congressional staffers on China-linked misuse of AI in June, a company spokesperson said. The briefing included details on how China uses AI to conduct malicious influence operations and OpenAI’s view that stronger policy tools are needed to hold bad actors accountable for distillation attacks.

Z.AI’s GLM-5.2 model has become one of the most popular in the US. ZUMAPRESS.com

OpenAI also wants the NSA’s AI Security Center to serve as a centralized hub for the US tech industry — both AI giants and smaller startups — to share details on distillation attacks and other common AI security threats, the spokesperson added.

Distillation itself is a legitimate technique used in-house by AI labs to improve their own models. The tactic becomes “plagiarism” when a rival or foreign adversary uses a competitor’s code to train their own without permission, according to Payton.

In April, White House tech advisory Michael Kratsios said the administration would take a range of actions to protect US companies, including sharing intel when distillation attacks are detected, improving coordination with private companies to fight back and enacting new measures to “hold foreign actors accountable.”

Anthropic has held regular briefings with the Trump administration about AI distillation. REUTERS

The House Select Committee on China – which released a major report in April detailing China’s “history of AI Chip Smuggling and Model Distillation” –  said it is pushing for legislation to combat the threat.

Potential options include the AI Overwatch Act, which would require affirmative government permission for any sale of advanced AI chips to “countries of concern.”

“China’s effort to develop its own AI models is driven by theft, not innovation. This is a threat to our tech companies and our national security,” Select Committee Chairman John Moolenaar said in a statement to The Post. “The CCP buys what it can and steals what it must, so it is vital for our government and our companies to prevent China’s theft in the AI arms race. 

“In Congress, I will continue working to pass bills that support common-sense export controls and ensure our tech companies close cloud computing loopholes that China exploits,” Moolenaar added.

Part of the challenge for US officials that it’s “hard to quantify how much of their performance gains are resultant from distillation versus bona fide technical innovation,” according to Jared Dunnmon, a former technical director for AI at the Pentagon.

Aside from the national security implications, the attacks represent a threat to the fragile business models of US AI giants and American AI leadership as a whole, Dunnmon added.

“This is not necessarily because it gets China to the frontier and has better models than the best US ones,” Dunnmon said. “It is because it helps them get close enough that Chinese firms can offer near-frontier capabilities for a fraction of the cost of US alternatives, meaning developers and firms around the world build on a Chinese AI software stack.”



Source link

Related Posts