Artificial Intelligence

Anthropic accuses DeepSeek, Moonshot and MiniMax of unauthorised distillation of the Claude model

Anthropic this week claimed that Chinese competitors were stealing its AI technology by launching so-called distillation attacks on its models.

by Riccardo Saporiti

26 February 2026

Claude 3, le mappe elettorali e l’analisi dei dati

2' min read

Translated by AI

Versione italiana

2' min read

Translated by AI

Versione italiana

The accusation is that of distillation, but spirits have nothing to do with it. Making the accusation is Anthropic, the American company that developed the Claude artificial intelligence model. And ending up in the crosshairs are three Chinese competitors, DeepSeek, Moonshot and MiniMax, who allegedly used their LLM to create 24,000 accounts and engage in more than 16 million conversations with the US AI.

The aim is precisely to distil knowledge, a kind of training whereby a model converses with a more powerful one to learn how to generate better and better answers. This is, Anthropic explains, a normal practice in the industry, but one that is usually carried out internally: one distils one's own model in order to create a smaller, cheaper version to put on the market. The problem arises precisely when the coach, i.e. the LLM questioned, is that of another company.

Claude's developers, in a post published on the company blog, announced that they had encountered more than 150 thousand interactions between their model and that of DeepSeek. Conversations that would have sought to make the latter understand Claude's reasoning capabilities, asking him to articulate and explain them step by step. But there were also requests to provide alternative answers, able to go beyond the meshes of censorship, on politically sensitive topics such as dissidents, party leaders, authoritarianism.

Ai a due velocità nel mondo, cosa dice l'ultimo report di Microsoft

On the other hand, more than 3.4 million conversations were orchestrated by Moonshot AI, this time targeting the use of agents, coding and data analysis skills, and computer vision. Finally, most of the training sessions, over 13 million, involved MiniMax. Again, interaction focused on agent development.

The issue, Claude's creators emphasise, is not only about using other people's models to train their own. Models distilled in this way, they say, 'lack the necessary safety measures'. What does that mean? 'Anthropic and other American companies build systems that prevent artificial intelligence from being used, for example, to develop biological weapons or to manage cyber attacks'. Prohibitions, however, are lost through distillation. At stake, in other words, is a national security issue.

That is why, in addition to announcing the development of technological countermeasures to reduce the effectiveness of distillation processes and the sharing of intelligence with other American Big Techs, Anthropic is making an appeal to politics to give a coordinated response to this type of attack. An appeal that comes at the same time that the company is at loggerheads with the Pentagon over questions concerning the limits to be placed on the use of artificial intelligence in the defence sector.