Anthropic logs 1.2 million Alibaba-origin queries replicating 87 percent of Claude 4 benchmark scores

Anthropic’s internal telemetry detected systematic query patterns originating from Alibaba Cloud infrastructure that systematically elicited chain-of-thought traces, tool-use sequences, and long-context reasoning traces. The activity bypassed rate limits through distributed accounts and produced near-verbatim reproductions of model behaviors on held-out tasks. No weight files were transferred; the extraction relied entirely on output distillation.

Model extraction attacks have been documented in academic literature since the 2016 Papernot et al. work on stealing DNNs via API queries. Anthropic’s case differs in scale and attribution: query volume exceeded prior public incidents by two orders of magnitude and was traced to a single corporate entity under Chinese jurisdiction. This aligns with documented patterns in semiconductor reverse-engineering and code repository scraping reported in US indictments from 2022-2025.

Operational impact is immediate for frontier labs. API providers must now treat every high-volume customer as a potential extraction vector, requiring behavioral anomaly detection and capability watermarking. Export controls on chips will not address output-channel leakage; only query-level defenses and legal instruments targeting distillation at inference time can close the gap.

Regulators are expected to treat successful model extraction as a national-security event equivalent to source-code theft. Labs will accelerate deployment of query provenance logging and output obfuscation layers within six months.