Tag: AI Security

  • Anthropic Accuses Alibaba of Largest Known AI Distillation Attack: 28.8 Million Fraudulent Claude Exchanges

    Anthropic Accuses Alibaba of Largest Known AI Distillation Attack: 28.8 Million Fraudulent Claude Exchanges

    Anthropic, the San Francisco AI safety company behind Claude, disclosed this week that it has accused Alibaba Group of orchestrating what it calls the largest known model distillation attack ever recorded against its systems. Between April 22 and June 5, 2026, operators linked to Alibaba’s Qwen AI lab allegedly used nearly 25,000 fraudulent accounts to generate 28.8 million exchanges with Claude, specifically targeting the model’s most advanced reasoning and software-engineering capabilities. Anthropic described the campaign as “brazen” and “illicit,” formally alerting US Senate Banking Committee leadership and Reuters via a letter dated June 10, 2026. The incident marks a significant escalation in the technology competition between US and Chinese AI development programs, and raises urgent questions about how frontier AI companies protect their intellectual property.

    What Was Announced

    Anthropic disclosed the alleged attack through a formal letter sent to Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren on June 10, 2026, with the letter later reviewed by Reuters. The company stated that the campaign ran from April 22 to June 5, 2026, and involved nearly 25,000 fraudulent accounts generating more than 28.8 million interactions with Claude over that period.

    According to Anthropic, the accounts were operated by individuals connected to Alibaba’s Qwen AI lab, a division of Alibaba Cloud responsible for the Qwen family of large language models. The targets of the data extraction were Claude’s most advanced capabilities, described as its “Mythos Preview” features, which include advanced agentic reasoning, multi-step task planning, and software-engineering performance that Anthropic markets as among the most capable in the industry.

    Anthropic characterized the incident as the largest distillation attack in its history, explicitly surpassing a prior campaign it disclosed in February 2026. In that earlier case, Anthropic alleged that teams linked to DeepSeek, Moonshot AI, and MiniMax conducted a combined operation involving 16 million exchanges across 24,000 fraudulent accounts. The alleged Alibaba campaign exceeds that in both scale and the sophistication of the capabilities targeted.

    As of the time of publication, Alibaba had not publicly responded to the allegations. Alibaba is also separately contesting a US Department of Defense designation that classified it as a military-affiliated company, a designation that would restrict its relationships with US enterprise customers and defense contractors.

    Technical Details

    Model distillation is a machine learning technique in which a smaller or less capable model is trained using the outputs of a larger, more advanced model, rather than learning directly from raw training data. The resulting “student” model can achieve performance well above what its size and independent training would normally allow, by learning the behavioral patterns and reasoning strategies of the more capable “teacher” model. Distillation is a legitimate and widely used practice within AI development, but conducting it using unauthorized access and fraudulent accounts violates the terms of service of the models being queried and potentially constitutes IP theft under applicable law.

    In Anthropic’s account of this attack, the fraudulent accounts were designed to systematically query Claude in patterns that would expose the model’s reasoning chains, multi-step planning behavior, and software-engineering outputs at scale. By accumulating millions of high-quality query-response pairs from a frontier model, a competitor can create a richly labeled training dataset for its own models without independently developing the underlying research, alignment techniques, or computational resources that produced the original capability.

    The specific targeting of Claude’s agentic and software-engineering capabilities is significant. These represent some of the highest-value and most commercially lucrative capabilities in the current AI landscape, with AI coding tools alone representing a market that reached approximately $9.3 billion in 2026. Extracting these behavioral patterns from a frontier model at scale would give a competing lab a substantial shortcut in closing capability gaps that might otherwise require years of independent research.

    Industry Impact and Reactions

    The Anthropic-Alibaba dispute is the most prominent example yet of what appears to be a growing pattern of systematic data extraction targeting Western frontier AI models. The February 2026 disclosures about DeepSeek, Moonshot, and MiniMax established that multiple Chinese AI organizations had allegedly used similar techniques, and the scale of the alleged Alibaba campaign suggests the practice is becoming more organized and more targeted rather than opportunistic.

    For the broader AI industry, the incidents highlight a significant structural vulnerability in the current model for commercial AI deployment. Large language models are monetized by providing API access that, in principle, allows any paying customer to query the model at scale. Detecting unauthorized distillation campaigns requires distinguishing between legitimate heavy users and actors systematically mining model outputs, a detection challenge that becomes harder as the attacks become more sophisticated and the accounts more convincingly mimic ordinary usage patterns.

    The decision to route the complaint through the US Senate Banking Committee, rather than pursuing purely civil litigation, signals that Anthropic is framing this as a national security and trade policy issue as much as an intellectual property dispute. Given Alibaba’s simultaneous contest of the Pentagon’s military-company designation, the timing creates a complex regulatory context in which US policymakers are being asked to act on multiple fronts regarding the same company’s activities in the AI sector.

    What Comes Next

    Congressional attention on AI-related IP theft has been building throughout 2026, and Anthropic’s letter to the Senate Banking Committee is likely to accelerate that focus. Legislators on both sides of the aisle have signaled interest in developing legal frameworks that specifically address distillation attacks and unauthorized data extraction from AI systems, which are not cleanly addressed by existing copyright law or trade secret statutes.

    On the technical side, API providers across the industry are likely to review and tighten their fraud detection systems in response to the disclosures. Anthropic has not detailed what countermeasures it has implemented since detecting the campaign, but the company’s decision to make the attack public is itself a deterrent signal to other potential actors. The industry will also be watching closely to see whether Alibaba responds with its own statement and whether any legal action follows Anthropic’s congressional notification.

    Conclusion

    Anthropic’s accusation against Alibaba represents one of the most consequential IP disputes in the short history of large language model development. With 28.8 million alleged fraudulent interactions targeting the most advanced capabilities of a leading US frontier model, the incident underscores that the competition for AI leadership is playing out not only in research labs and on GPU clusters, but increasingly through attempts to extract and replicate the most valuable outputs of rival systems. How regulators, courts, and the industry respond to this and similar incidents will help define the rules of AI development for years to come.

    Stay updated on the latest AI news at Evolve Digital.

  • Anthropic Launches Claude Fable: The Public Release of Claude Mythos Arrives

    Anthropic Launches Claude Fable: The Public Release of Claude Mythos Arrives

    Anthropic today officially released Claude Fable, the publicly available version of its Claude Mythos model, marking one of the most significant AI launches of 2026. The model had been accessible only to a small group of institutional partners since April through a restricted program called Project Glasswing. As of June 9, 2026, Claude Fable is now available via the Claude API and Claude.ai, positioned as Anthropic’s most capable and highest-priced model to date. The release arrives as Anthropic continues to push the frontier of what large language models can accomplish in enterprise and security-critical environments.

    What Was Announced

    Anthropic announced that Claude Fable, the public identity for the model internally developed under the codename Claude Mythos, is now generally available to qualified enterprise customers, developers, and institutional partners. The model was first introduced in April 2026 through Project Glasswing, a controlled early-access program that included major technology companies such as AWS, Microsoft, Apple, and cybersecurity firm CrowdStrike.

    The public release expands access significantly while introducing new safeguards designed to prevent misuse. Anthropic has worked to retain the model’s strongest capabilities in reasoning, coding, and complex task completion, while implementing additional policy controls around high-risk use cases. The company has not yet released a full technical report, but has indicated that documentation will follow in the coming weeks.

    Pricing for Claude Fable is set at approximately double the current rates for Claude Opus, making it the most expensive model in Anthropic’s lineup. This pricing positions the model squarely toward institutional buyers, regulated industries, and security operations teams rather than casual consumer or small business users. Access is available now through the Anthropic API and through Claude.ai for eligible enterprise plan subscribers.

    Anthropic has not confirmed the total number of parameters or full architecture details for Claude Fable. The company has historically been selective about releasing model internals, a pattern that continues with this launch.

    Technical Details

    During the Project Glasswing preview period, Claude Fable attracted significant attention for its performance on cybersecurity benchmarks. Reports from preview participants, including some that circulated publicly in May 2026, described the model as demonstrating autonomous capability to identify software vulnerabilities across a range of operating system and browser targets. Anthropic has confirmed the model has strong performance in security-related tasks, though the company has been careful to frame these capabilities in the context of defensive security and authorized testing scenarios.

    Beyond security, Claude Fable is described by Anthropic as a significant improvement over Claude Opus 4.8 in reasoning depth and coding performance. The model is expected to handle longer, more complex multi-step workflows with greater accuracy and lower rates of hallucination on technical tasks. The release also includes expanded context window support, though Anthropic has not yet disclosed the maximum token limit publicly.

    The public version of Claude Fable includes what Anthropic describes as enhanced Constitutional AI training and additional output filtering layers, implemented specifically to reduce the probability of the model generating content that could enable offensive security operations without appropriate safeguards. This reflects a recurring challenge for frontier AI labs: how to release highly capable models while managing dual-use risks responsibly.

    Industry Impact and Reactions

    The launch of Claude Fable comes at a particularly active moment in the AI industry. Anthropic filed confidentially for an IPO in early June 2026, and the company reported a revenue run rate approaching $47 billion in May 2026, up from approximately $10 billion the prior year. This growth trajectory underscores how quickly enterprise adoption of frontier AI has accelerated, and Claude Fable represents Anthropic’s effort to capture further share of the high-value institutional market.

    The model’s positioning is notable in the context of an increasingly competitive landscape at the frontier. Google released Gemini 3.5 Pro in June 2026, and xAI’s Grok 5 has been in various stages of release and preview. OpenAI, which also filed for an IPO just days after Anthropic, continues to develop its own flagship models. Claude Fable represents Anthropic’s bid to establish a clear tier of performance and capability above its existing lineup, at a price point that signals its intended enterprise and institutional audience.

    The cybersecurity community has been closely watching the Claude Fable launch since reports of its capabilities during the Project Glasswing preview surfaced earlier this year. Security researchers and enterprise security operations teams are among the most likely early adopters, given the model’s reported strength in vulnerability analysis and complex system reasoning. At the same time, security professionals and policy researchers have raised questions about the standards governing how such capabilities are made available to the public, a debate Anthropic is clearly navigating carefully with the safeguards included in the public release.

    What Comes Next

    Anthropic has indicated that a full technical report for Claude Fable will be published in the weeks following launch, which should provide a clearer picture of the model’s architecture, training methodology, benchmark performance, and safety evaluations. The company is also expected to expand access tiers for Claude Fable over the coming months, potentially including availability through cloud marketplaces and additional partner integrations beyond the initial enterprise rollout.

    Looking further ahead, Anthropic has described Claude Fable as part of a broader Claude 5 family of models, with additional variants expected later in 2026. The company’s planned IPO, combined with its revenue trajectory and expanded compute partnerships with Google and Broadcom, positions Anthropic to accelerate both model development and enterprise go-to-market efforts through the remainder of the year.

    Conclusion

    The public launch of Claude Fable marks a meaningful milestone for Anthropic and for the broader frontier AI landscape in 2026. As the company transitions one of its most anticipated model releases from a restricted preview to general availability, the focus will be on how enterprise customers use these capabilities, how the broader research community evaluates the model’s performance, and how Anthropic continues to balance capability and safety at the frontier. Claude Fable is now available through the Anthropic API and Claude.ai for qualifying enterprise users, with broader access and additional documentation expected in the weeks ahead.

    Stay updated on the latest AI news at Evolve Digital.

  • Anthropic Uses Claude Opus 4.6 to Find 22 Vulnerabilities in Firefox

    Anthropic Uses Claude Opus 4.6 to Find 22 Vulnerabilities in Firefox

    Anthropic researchers used Claude Opus 4.6 to autonomously discover 22 security vulnerabilities in the Firefox web browser, the company disclosed this week. The finding highlights the growing capability of large language models to perform substantive security research beyond their traditional use for code generation and explanation.

    What Happened

    The vulnerability discovery effort used Claude Opus 4.6 in an agentic capacity, directing the model to analyze Firefox source code and identify potential security weaknesses. The model found 22 distinct vulnerabilities across the codebase. The discovery underscores a trend that security researchers have been tracking: frontier AI models are now capable of identifying software flaws at a level of depth that previously required specialized human expertise.

    Anthropic reported the findings to Mozilla, the organization behind Firefox, following responsible disclosure practices. The vulnerabilities span multiple severity levels and components of the browser. Mozilla has been notified and is expected to address the issues through the standard patching process.

    The disclosure positions Anthropic Claude models not just as productivity assistants but as tools capable of conducting meaningful independent security analysis. For the broader security community, the result raises both exciting possibilities — AI models could dramatically accelerate bug discovery — and sobering concerns about the dual-use nature of such capabilities.

    Why It Matters

    Security vulnerability discovery has traditionally been one of the most demanding tasks in software engineering, requiring deep familiarity with a specific codebase, knowledge of common attack patterns, and the patience to trace execution paths across complex systems. The fact that an AI model can autonomously identify 22 vulnerabilities in a major open-source browser suggests that this capability threshold has been meaningfully crossed.

    The result has implications for both offensive and defensive security. Organizations can use AI models to audit their own software more rapidly and at lower cost. But the same capability in adversarial hands could accelerate the discovery of exploitable vulnerabilities in widely deployed software. The security community is watching closely as AI vulnerability research capabilities continue to develop.

    Stay updated on the latest AI news at Evolve Digital.