Chinese AI companies 'distilled' Claude to improve own models, Anthropic says


FILE PHOTO: Anthropic logo is seen in this illustration taken May 20, 2024. REUTERS/Dado Ruvic/Illustration/File Photo

Feb 23 (Reuters) - Three Chinese artificial ⁠intelligence companies used Claude to improperly obtain capabilities to improve their own models, ⁠the chatbot's creator Anthropic said in a blog post on Monday while ‌also making a case for export controls on chips.

The announcement follows a memo by OpenAI earlier this month, when the startup warned U.S. lawmakers that Chinese AI firm DeepSeek is targeting the ChatGPT maker and ​the nation's leading AI companies to replicate models and ⁠use them for its own training.

DeepSeek, ⁠Moonshot and MiniMax created more than 16 million interactions with Claude using roughly 24,000 fake ⁠accounts, ‌in violation of Anthropic's terms of service and regional access restrictions, the company said.

They used a technique called "distillation," which involves training a less capable model ⁠on the outputs of a stronger one, Anthropic said.

"These campaigns ​are growing in intensity ‌and sophistication. The window to act is narrow, and the threat extends beyond ⁠any single company ​or region."

Anthropic warned that illicitly distilled models lacked necessary safeguards, creating significant national security risks. If these models are open-sourced, the risk multiplies as capabilities spread freely beyond any single government's control.

Anthropic, ⁠which raised $30 billion in its latest funding round ​and is now valued at $380 billion, said that distillation attacks support the case for export controls: chip access restrictions reduce both direct model training capabilities and the extent of improper distillation.

DeepSeek's ⁠operation targeted reasoning capabilities across diverse tasks and the creation of censorship-safe alternatives to policy-sensitive queries, while Moonshot aimed at agentic reasoning and tool use, as well as coding and data analysis, Anthropic said.

MiniMax targeted agentic coding, tool use and orchestration and Anthropic ​detected the campaign while it was still active — before MiniMax ⁠released the model it was training.

"When we released a new model during MiniMax's active campaign, ​they pivoted within 24 hours, redirecting nearly half their ‌traffic to capture capabilities from our latest system," ​the blog post said.

DeepSeek, Moonshot and MiniMax did not immediately respond to requests for comment.

(Reporting by Juby Babu in Mexico City; Editing by Alan Barona)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Others Also Read