In the high-stakes race for artificial intelligence supremacy, a new front has opened: the alleged systematic extraction of advanced Western AI capabilities by Chinese laboratories through automated “spy bots” and large-scale querying. This practice, known as distillation attacks, has sparked accusations of industrial-scale intellectual property theft and raised fresh national security concerns in Washington.

The Rise of DeepSeek and the Market Panic

The story gained global attention in early 2025 when Chinese startup DeepSeek released its R1 model. The system appeared to rival top American offerings like OpenAI’s ChatGPT and Anthropic’s Claude, despite operating with far fewer resources and under strict U.S. chip export restrictions. The release triggered a market sell-off, wiping more than $1 trillion from U.S. tech stocks as investors feared Beijing had caught up overnight.

What followed were pointed allegations. OpenAI accused DeepSeek of “inappropriately” distilling its models, using outputs from frontier systems to train cheaper, competitive alternatives. Similar claims soon emerged from other labs, painting a picture of coordinated efforts to bypass the enormous costs of original AI development.

What Are Distillation Attacks?

Distillation is a known technique in machine learning where a smaller “student” model learns from a larger “teacher” model by studying its responses to thousands or millions of queries. When done internally, it helps companies create efficient versions of their own models.

The controversy arises when third parties use it at massive scale against competitors’ public APIs, often violating terms of service. Critics describe it as “theft through the front door” — harvesting reasoning traces, chain-of-thought processes, and specialized capabilities without investing in the original training compute or data.

Anthropic’s Explosive Revelations

In February 2026, Anthropic went public with detailed findings. The company accused three prominent Chinese AI labs — DeepSeek, Moonshot AI, and MiniMax — of running “industrial-scale campaigns” to extract Claude’s capabilities.

According to Anthropic:

• The labs created over 24,000 fraudulent accounts.
• They generated more than 16 million exchanges with Claude.
• Tactics included proxy services, “hydra clusters” of accounts, and mixing distillation traffic with legitimate queries to evade detection.
• Targets included Claude’s strengths in agentic reasoning, tool use, coding, and handling complex tasks.

When accounts were banned, new ones quickly appeared. One proxy network reportedly managed tens of thousands of accounts simultaneously.

Google also reported a surge in suspicious distillation attempts against its Gemini model, while OpenAI shared evidence with U.S. lawmakers about DeepSeek’s efforts to circumvent restrictions using obfuscated routers and programmatic access.

U.S. Government Response

By April 2026, the issue had escalated to the highest levels. The White House and State Department issued warnings, with Michael Kratsios and others accusing China of a coordinated campaign. A diplomatic cable urged global allies to be alert to the risks of using distilled Chinese models potentially derived from U.S. technology.

Lawmakers have raised concerns about national security implications, particularly for military and strategic applications. U.S. firms are now collaborating more closely — through groups like the Frontier Model Forum — to detect, block, and share intelligence on such attacks.

China’s Perspective and Counterarguments

Chinese firms and officials have rejected the accusations, framing them as attempts to suppress legitimate competition and maintain U.S. technological dominance. Beijing emphasizes its focus on efficient model development, open-source contributions, and domestic innovation amid hardware sanctions.

Critics of the U.S. narrative point out that Western AI companies themselves have faced lawsuits over training on vast public datasets. Distillation, they argue, is a standard optimization method — the real issue is enforcement of terms of service and access controls rather than outright “theft” of code or weights.

Implications for the AI Arms Race

This episode underscores the intense U.S.-China tech rivalry. While export controls aim to slow China’s access to advanced chips, distillation offers a lower-cost workaround by leveraging existing Western models. The result could be a proliferation of capable but cheaper AI systems originating from extracted knowledge.

Western labs continue to bolster defenses with better anomaly detection, rate limiting, and regional restrictions. Policymakers are considering further sanctions, legal measures, and international coordination.

As AI becomes central to economic and military power, the battle over model capabilities — whether through massive compute investments or clever extraction — is likely to intensify. The “spy bot” allegations represent just one chapter in a longer contest that will shape the future of global technology leadership.

About The Author