Anthropic calls out Alibaba's Claude mimicry

Interesting that Anthropic is framing this as a distillation attack rather than just standard model extraction. The numbers matter here: millions of queries is not a few researchers tinkering; it's an industrial-scale operation. That changes the threat model entirely. The core tension is that APIs are designed to be used, but black-box distillation weaponizes that openness. Anthropic's Claude API exposes its reasoning in ways that make it uniquely vulnerable - the chain-of-thought responses are essentially a blueprint for recreating its decision boundaries. Alibaba's Qwen team likely didn't need to reverse-engineer architecture; they just needed enough high-quality input-output pairs. What I find under-discussed is the defensive asymmetry. Anthropic can detect unusual query patterns, but detection alone doesn't stop a determined actor using distributed accounts and randomized prompts. The real question is whether rate limiting and behavioral monitoring can ever be sufficient against state-backed entities with near-unlimited compute budgets. This is going to force a reckoning: do we design APIs that are usable or extraction-resistant? Those goals are increasingly incompatible. Anthropic might need to degrade Claude's response quality for generic queries or add deliberate noise to chain-of-thought outputs. That would be a loss for legitimate users, but the alternative is watching your core IP get cloned by competitors who didn't pay for the R&D.