By Sagar Shankaran, Founder of CallSphere
Anthropic identifies 24,000 fraudulent accounts generating over 16 million exchanges to extract Claude's capabilities, with MiniMax driving the most traffic.
Key takeaways
Anthropic publicly accused three Chinese AI companies — DeepSeek, Moonshot AI, and MiniMax — of coordinated campaigns to illegally extract Claude's capabilities through model distillation, the company revealed on February 24, 2026.
The numbers are staggering:
Distillation is a technique where a less capable model is trained on the outputs generated by a stronger AI system. In this case, the Chinese firms allegedly used commercial proxy services and fraudulent accounts to access Claude at scale while avoiding detection, then used the outputs to train their own models.
flowchart TD
HUB(("16 Million Exchanges via<br/>24,000 Fake Accounts"))
HUB --> L0["Scale of the Attack"]
style L0 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L1["What is Distillation?"]
style L1 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L2["National Security<br/>Implications"]
style L2 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L3["Industry-Wide Problem"]
style L3 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
style HUB fill:#4f46e5,stroke:#4338ca,color:#fff
flowchart LR
IN(["Input prompt"])
subgraph PRE["Pre processing"]
TOK["Tokenize"]
EMB["Embed"]
end
subgraph CORE["Model Core"]
ATTN["Self attention layers"]
MLP["Feed forward layers"]
end
subgraph POST["Post processing"]
SAMP["Sampling"]
DETOK["Detokenize"]
end
OUT(["Generated text"])
IN --> TOK --> EMB --> ATTN --> MLP --> SAMP --> DETOK --> OUT
style IN fill:#f1f5f9,stroke:#64748b,color:#0f172a
style CORE fill:#ede9fe,stroke:#7c3aed,color:#1e1b4b
style OUT fill:#059669,stroke:#047857,color:#fff
flowchart TD
HUB(("16 Million Exchanges via<br/>24,000 Fake Accounts"))
HUB --> L0["Scale of the Attack"]
style L0 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L1["What is Distillation?"]
style L1 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L2["National Security<br/>Implications"]
style L2 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
HUB --> L3["Industry-Wide Problem"]
style L3 fill:#e0e7ff,stroke:#6366f1,color:#1e293b
style HUB fill:#4f46e5,stroke:#4338ca,color:#fff
Anthropic framed the attacks as national security threats, expressing concern about "authoritarian governments deploying frontier AI for offensive cyber operations, disinformation campaigns, and mass surveillance."
OpenAI has reported similar distillation attacks from Chinese firms. The revelation comes as the U.S. debates AI chip export controls and the broader implications of Chinese AI development.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
Anthropic said it has implemented new detection systems and banned the accounts involved.
Source: CNBC | The Hacker News | TechCrunch | CNN | Anthropic
Treat Anthropic Accuses DeepSeek, Moonshot, and MiniMax of Large-Scale Distillation Attacks on Claude the way you'd treat any other dependency change: pin the version, run it through your eval suite, watch p95 latency for a week, and only then promote it from canary. For an SMB call-automation operator the cost of chasing every new release is real — re-baselining evals, re-pricing per-session economics, retraining the on-call team. The ones that ship adopt slowly and on purpose.
Most AI news is noise. A new benchmark score, a leaderboard reshuffle, a leaked memo — none of it changes whether your AI receptionist books appointments without dropping the call. The handful of things that do move production AI voice and chat are concrete: realtime API stability (does the WebSocket survive 5+ minutes without a stall?), language coverage (does it handle 57+ languages with usable accents, or is English the only first-class citizen?), tool-use reliability (does the model actually call the right function with the right argument types under load?), multi-agent handoffs (do specialist agents receive structured context, or just transcripts?), and latency under load (p95 first-token under 800ms when 200 concurrent calls hit the same endpoint?). The CallSphere rule on news is: if it doesn't move at least one of those five numbers in a measurable eval, it's a blog post, not a product change. What to track: provider changelogs for realtime endpoints, tool-call schema changes, language-add announcements, and any deprecation that pins your stack to a sunset date. What to ignore: leaderboard wins on tasks that don't map to your call flow, "agentic" benchmarks that don't measure tool latency, and demos that work because the prompt was hand-tuned for the demo. The teams that ship fastest treat AI news the same way ops teams treat CVE feeds — read everything, act on the small fraction that touches your runtime, archive the rest.
Q: Why isn't anthropic Accuses DeepSeek, Moonshot, and MiniMax of Large-Scale Distillation Attacks on Claude an automatic upgrade for a live call agent?
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
A: Most of the time it doesn't, and that's the right starting assumption. The relevant test is whether it improves at least one of: p95 first-token latency, tool-call argument accuracy on noisy inputs, multi-turn handoff stability, or per-session cost. Setup takes 3-5 business days. Pricing is $149 / $499 / $1,499. There's a 14-day trial with no credit card required.
Q: How do you sanity-check anthropic Accuses DeepSeek, Moonshot, and MiniMax of Large-Scale Distillation Attacks on Claude before pinning the model version?
A: The eval gate is unsentimental — a regression suite that simulates real call traffic (noisy ASR, partial inputs, tool-call timeouts) measures four numbers, and a candidate has to win on three of four without losing badly on the fourth. Anything else is treated as a blog post, not a stack change.
Q: Where does anthropic Accuses DeepSeek, Moonshot, and MiniMax of Large-Scale Distillation Attacks on Claude fit in CallSphere's 37-agent setup?
A: In a CallSphere deployment, new model and API capabilities land first in the post-call analytics pipeline (lower stakes, async, easy to roll back) and only later in the live realtime path. Today the verticals most likely to absorb new capability first are IT Helpdesk and After-Hours Escalation, which already run the largest share of production traffic.
Want to see it helpdesk agents handle real traffic? Walk through https://urackit.callsphere.tech or grab 20 minutes with the founder: https://calendly.com/sagar-callsphere/new-meeting.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
A three-way comparison of Gemini Enterprise, Anthropic managed agents and OpenAI Frontier Platform after Cloud Next 2026 — strengths, gaps, buyer fit.
Anthropic's May 2026 push positions Claude as a vertical platform for financial services. The strategic positioning versus OpenAI and Google.
Anthropic's Mythos sharpens the asymmetry between AI-armed defenders and AI-armed attackers. A working guide for pentesters and blue teams in 2026.
ServiceNow Project Arc vs Anthropic Managed Agents — runtime, governance, integration, and use cases. The 2026 enterprise autonomous agent comparison.
May 2026's biggest agent-architecture shift: planning, tool selection, and self-correction move inside the model. Framework code shrinks. Here is what changes.
Anthropic and Moody's announced a data partnership in May 2026 that grounds Claude in audited financial reference data. Why grounding reduces hallucination and what it unlocks.
© 2026 CallSphere LLC. All rights reserved.