The Allegation

Anthropic is accusing Alibaba of running what it calls the largest known cloning attack ever conducted against Claude, its flagship AI assistant. According to Anthropic, Alibaba operatives created 25,000 accounts and used them to conduct 28.8 million exchanges with Claude — a volume that, if accurate, suggests a sustained, industrialized effort rather than opportunistic scraping.

The company is seeking legal punishment and has framed the operation as a deliberate attempt to steal Claude's capabilities.

What Model Cloning Actually Means

Model cloning — sometimes called model extraction or a distillation attack — is a technique in which an adversary queries a commercial AI model at high volume, then uses those input-output pairs to train a separate model that mimics the original's behavior. The attacker never needs access to the target model's weights or training data; the responses themselves become the training signal.

This is a known vulnerability in any API-accessible AI system, and researchers have demonstrated extraction attacks against commercial models in academic settings for years. What Anthropic is alleging here is the same technique, deployed at a scale that dwarfs anything previously disclosed publicly.

The Numbers, With Caveats

The 25,000-account and 28.8-million-exchange figures come from Anthropic's own legal filings, made in an adversarial context. That doesn't make them false, but it does mean they haven't been independently verified. Courts will eventually test the evidence; for now, readers should treat these as allegations, not established facts.

What the numbers would imply, if accurate: an average of roughly 1,150 exchanges per account, sustained over an unspecified period. That pattern is consistent with automated querying rather than human use — which is itself consistent with a coordinated extraction campaign.

The Geopolitical Layer

Anthropic's framing — that Alibaba "defied Trump" — introduces a political dimension that the available reporting doesn't fully explain. It may refer to export-control or sanctions-adjacent arguments, or to some executive action affecting AI technology transfers. The evidentiary basis for that specific characterization is not yet publicly documented, and it's worth flagging that companies in litigation sometimes reach for the most dramatic available framing.

That said, the underlying legal and policy question is real: what remedies exist when a foreign company allegedly uses a U.S. AI system's outputs to build a competing product? Anthropic appears to be trying to establish that this conduct is punishable, not merely prohibited by terms of service.

Why This Matters Beyond Anthropic

Every major AI lab with a public API faces the same structural exposure. If Anthropic's claims hold up legally, the case could set a precedent for how model-extraction attacks are prosecuted — and push the industry toward harder technical countermeasures, such as output watermarking or query-rate anomaly detection, neither of which is foolproof.

For enterprise customers evaluating AI vendors, the case is also a reminder that the competitive moat around a model's behavior is thinner than it might appear. Capabilities can, in principle, be approximated without ever touching the underlying system.