Limitless: An AI Podcast - Anthropic Just Got Hacked by China. These are the New Front Lines.
Episode Date: February 25, 2026Anthropic came forward with a statement accusing China's open source AI labs of theft via distillation, taking data from 16 million fake conversations. With Google and OpenAI echoing similar... concerns, we examine the ethical dilemmas of "distillation attacks" and the hypocrisy within the U.S. AI industry. As the Pentagon leans on AI for national security, we discuss the precarious balance between innovation and ethics. Perhaps the most important conversation of our lifetimes.------🌌 LIMITLESS HQ ⬇️NEWSLETTER: https://limitlessft.substack.com/FOLLOW ON X: https://x.com/LimitlessFTSPOTIFY: https://open.spotify.com/show/5oV29YUL8AzzwXkxEXlRMQAPPLE: https://podcasts.apple.com/us/podcast/limitless-podcast/id1813210890RSS FEED: https://limitlessft.substack.com/------TIMESTAMPS0:00 Exposing China's AI Theft2:22 The Scale of China's Distillation Attack4:26 Legal Boundaries and Ethical Dilemmas5:50 The Pentagon's AI Dependency7:05 Balancing Safety and Speed in AI8:56 Hypocrisy in AI Practices10:20 China's AI Innovations and Open Source13:16 The Strategic Shift in AI Development15:00 The Moral Dilemma of AI Warfare19:57 Concluding Thoughts on AI Ethics------RESOURCESJosh: https://x.com/JoshKaleEjaaz: https://x.com/cryptopunk7213------Not financial or tax advice. See our investment disclosures here:https://www.bankless.com/disclosures
Transcript
Discussion (0)
China just got exposed for stealing our AI.
In a new report from Anthropic, three top Chinese AI labs
were exposed for having 16 million fraudulent conversations with Claude
with one specific goal to try and steal its capabilities to train their own models.
Now, the week before, Google said the same thing about China attacking their Gemini models.
The week before that, OpenEye said the same thing.
The top three American AI labs are blaming China for trying to hack their own AI models.
But here's the twist in the story.
What China's actually doing may not actually be illegal in the first place.
In fact, this is something that every AI company is doing to get ahead in the AI race.
In this episode, we're going to explore what all these reports confirm and whether distillation, the hacking vector, is actually a bad thing.
Yeah, so it starts with this blog post that Anthropic publisher earlier this week that says it's a title,
Detecting and Preventing Distillation Attacks.
And I guess maybe it's helpful to just kind of define distillation as a concept before we get into what they're accusing China.
of. And basically, the way it works is there is a teacher and a student model. So the teacher is
the large model. That would be Anthropics Claude Opus model. It's this huge model. They've spent
hundreds of millions, billions of dollars training it and turning it into the model that we use
every day. That model provides these high quality outputs to the student, which is the smaller
model that is getting distilled from. So basically, the smaller model, the distilled model,
learns to mimic the outputs of the larger model, but does so at a fraction of the cost because
it's able to kind of cherry pick the types of outputs that it gets by prompting it very specifically.
So anybody with sufficient access to a model and enough prompts can actually get enough
information to emulate the large model with a much smaller data set. Now, the outputs are not always
as good as the large model, but they're significantly cheaper and oftentimes very close. So in the
case that you get an extra breakthrough or two on top of that, you can build a pretty impressive
model and allegedly that's what's happening with these models from China, at least according to
anthropic. At least that's what they say.
But why is what you just described a good thing?
It's because all the hundreds of billions of dollars that are invested in building out the best AI model isn't sustainable for the long-term future.
In fact, if you want to have a model that's small enough to fit on your phone, but as intelligent enough as the top models, it needs to be distilled through that process that you just explained.
So it's going from a big model to a smaller model that is just as intelligent in certain specific ways.
The stats from this China hack on Anthropic, Josh, are kind of insane.
So I mentioned 16 million exchanges, but they spun up 24,000 fake Anthropic accounts.
Now, I have to specify, Anthropic does not allow Chinese users to access their models
for the specific reason that adversaries to the U.S. could get access to superintelligence that they're building.
So Deepseek, I'm going to name some names now.
Deepseek, one of the top AI labs, which caused the stock market to crash at the end of 2024,
I believe, were responsible for 150,000 of those exchanges.
Moonshot AI, 3.4 million, minimax, which is a favorite that you and I have spoken about on
this show, 13 million exchanges of those 15-minute conversations.
There is an argument here that the open source gold rush that has been happening in China
was mainly because they were stealing U.S. secrets.
Wouldn't that be funny if that was the case?
And then if that's also the case, then what do you do about it?
I mean, Anthropic kind of came out and they were very upset about this clearly.
But at the end of the day, it's like kind of on them, the onus is on them to protect their systems and prevent this from happening.
There's a really great post that you have on screen.
And it's a joke.
It says, my son asking me a lot of questions.
It's a distillation attack, obviously.
And I think it's kind of funny where, like, the irony is, and we can get into the hypocrisy of the whole thing, is that Anthropic as a company very much has done this in the past in order to get where they are.
and they are kind of the person who's crying wolf now saying,
wait, we're getting attacked, this is not allowed,
we should not be able to do this.
Yeah, I mean, Anthropic is doing this with their own models, right?
They've distilled Claude Opus into their haiku model.
Google's distilled Gemini Ultra into Gemini Nano.
This is a common practice.
So then the question becomes,
which part of this is illegal?
What is China done that is illegal?
Well, it's two things that Anthropics claim.
Number one, they've got this fancy terms of service,
which they're lawyers that have been paid millions of dollars
that have dropped it up, which says,
hey, hey, if it's our model that you're doing this to,
you can't do that.
We've patented this thing,
it's going to be illegal
and we're going to see you in a court of law.
The issue is China is in China
and they don't abide to the US legal system at all,
which brings me to the second thing that they've violated,
which is a geographical restriction.
They don't let anyone in that region access clause.
So the fact that China has been able to pull this off
from the top AI labs
means that they've illegally spun up accounts to do this.
Well, you know who doesn't care about laws is China?
Like, they could not care less.
In fact, this is the time for wartime CEOs.
Like, in very many ways, this is the largest war that's being fought between the U.S. and
China, and it's around AI.
And I think for them to say, that's against our terms of service, this is wrong.
Like, that is not a grounds for defending yourself.
Because clearly they have no disregard.
regard for any sort of law. I mean, you look at Seed Dance 2.0 and how it violates every copyright law
under the sun. And yet, people don't care. It's the best video generation model in the world that
exists. So it is a challenge to claim that because they're violating in terms of service, this is an
illegal thing that you shouldn't be able to do. And they've not just cut off China, but I think
it's important to note they've also cut off other frontier AI labs. They famously had this beef with
XAI recently where they cut off all of the Claude Code access to other labs. So Anthropic has been
very controlled and closed down in who's actually able to access their models. And it sounds like
someone was able to bypass that and they just got pretty upset about it. Well, I mean, the Pentagon
is relying on the likes of Anthropic, X-AI and Open AI to fund the warfare effort against China, right?
To your point, we're in like a wartime position. Like these AI models are being used as a geopolitical
weapon. And so whoever owns the best model per se can advance the quickest. So it's like an economically
dependent thing. And this whole drama with the Pentagon has been, the Pentagon has been using
Claude for pretty much quite a lot of covert activity, including the recent capture of Nicholas Maduro,
the former, I guess, president of Venezuela. And the issue now is that Anthropic is restricting
Pentagon's access, like American-owned self-defense against these kinds of things. And so the Pentagon's
getting fed up and issuing them an ultimatum and saying, listen, if you don't figure this out, we're going to
classify you as a threat to the country. Now, I have to give credit to Anthropic for maintaining
their identity evenly across every single facet, but I don't think it's the smart way to do it,
because at the end of the day, they're going to be things that require more unscensored versions,
and you just need to be compliant with that fact, because to your point earlier, Josh,
Claude, OpenAI, chat GPT has become a national asset, and so it needs to be treated as such.
Yeah, it's a matter of national security. And the thing about Anthropic that's unique to Anthropics,
and I'm not sure many other companies in the AI space is their mission statement,
where if you talk to any employee who works at Anthropic,
they'll tell you the purpose of the company is safety and alignment.
And I think while it's a valiant effort and incredibly important,
it doesn't really bode well for the current state of affairs
in which velocity, momentum, and just raw speed to get to the best model possible
is actually beneficial.
So I think what we're seeing here is there's just these increasing conflicts with,
I mean, the Secretive Defense and the Pentagon wanting access to do things that they deem to be a matter of national security and like XAI wanting to go and build code using their tools.
And they're like, no, no, no, no, no, that's not how we want this used.
We're not going to allow that.
And then the rumor is, is that apparently the Pentagon actually just kicked out Anthropic and now GROC and the XAI team is responsible for being the AI provider for the Pentagon.
So I found that interesting too.
It's just like a little side development.
Well, I mean, like, what you're getting at there is that some of these AI models or AI companies in America are kind of being super hypocritical.
Like, this tweet actually explains it really well.
Hey, did you hear about the little like $1.5 billion lawsuit that Anthropic had to pay out over pirating or illegally downloading 7 million books to train their own models?
Open AI is facing similar lawsuits against newspapers or across newspapers, code repositories and authors.
I'm pretty sure Anthropic got sued for using Reddit data to train their models.
Google trained their entire model over the index data that they took.
Now, the question then becomes, is that fair?
Who are paying the authors and creators of the content where these AI labs that have amassed
hundreds of billions of dollars worth of valuation?
Who's paying those creators?
No one is, right?
So you could argue that that is a form of distillation.
Now, obviously, that's looking at it in a very black and white face, but I do think it's
hypocritical and most importantly, the memes are just so, so good here. You've got people
asking Claude in Chinese, what model are you? And then replying, hey, I'm deep seek. And then
you've got this one here where it says, I can't believe someone would just steal from Anthropic like
this. Anthropics spent millions of man hours, handwriting, code, text, art, and books.
Obviously, you know, tongue and cheek, this isn't actually real. The point that's being made is that
all information is kind of taken or stolen or interpreted in some way, shape, shape, or form. So,
what makes it any different for China in this regard?
The crux of the argument is that the same foundation that Anthropic built its models on
is the foundation that Chinese models are building their foundation on.
It's just one level kind of up where they clearly stole, maybe not stole content,
but they clearly used the content that we've produced as humans over time to train their model.
What Deep Seek is doing is the next layer up.
It's taking the, I guess the quantized version of all of the human intelligence that we've developed
and then distilling that one layer up, it's easy to see why they would be upset,
but it's also easy to see why everyone is kind of deeming them as hypocritical.
It's like, again, you know that you are a nation-state actor,
like relatives the rest of the world, in one of the most important wars that's being fought.
You know that you are going to be getting attacked.
You know that these people are going to be coming for you,
to build their own models in the race for this AGI and beyond.
And to think that it's not going to happen,
and to be upset when it does just seems wrong.
And I think that's probably where a lot of the backlash is coming from is because, I mean, again, it's on them to solve for these issues before they happen or accept the consequences if they don't. And that's just what happens here. I mean, there's like, this is a, this is a bar fight. There are no rules in this fight. It is the only thing that you're trying to do is get to AGI as fast as possible. And clearly, China doesn't care. Can I say something in China's defense? And maybe this is a hot take. Their models be banging recently. Okay. Like, they have been.
churning out new model updates from the likes of Alibaba with Quen 3.5.
By the way, if you haven't tried this model out, apparently it's really amazing with agents.
It's absolutely crushed benchmarks.
Once again, open source.
We've got Minimax AI that we mentioned earlier, which was the biggest perpetrator of this distillation
attack against Anthropic.
It's the most used model on open router.
Also, what's interesting is like Minimax 2.5 is the most popular Chinese model for OpenClaw,
too.
And I personally used it.
Like when I was running into the OAuth issues with Claude, because
They were kind of threatening.
Again, they were threatening to ban users for using OAuth, for going around things.
They're just the hardos.
Like, they have no fun.
But when they were threatening to, like, break people's accounts and ban them, I switched over
to Minimax 2.5, and it actually worked very well.
And it's a fraction of the cost.
And I was like, hey, if you're going to push me away, I'm going to go here to these
models that get the job done for me.
And Minimax was that one.
I have a question for you.
Like, where are you geographically located right now?
Are you in China?
No, I'm certainly not.
Okay.
So it looks like they're just giving you.
free access to do these things. There's no geographical jurisdictions that they're kind of like
placing on your restrictions. They're just letting you do the thing. It's awesome. Like all of these models
are open source. These are kind of embellishments that America should be propagating, but they're not.
They're playing the opposite. They're playing kind of secretive and it's not working out in their
favor. I mean, you got minimax. All these latest Chinese labs, by the way, GLM5, Kimmy K2.5,
Minimax are crazy good at computer use and agentic tooling. Kimi K2,000.
2.5, actually, for the OpenClaw fans out there, released a browser extension. And it's actually
really good because the major issue with using OpenClaur was that there was security issues. Well,
they created a sandbox environment that you can now use it. So they're innovating at scale.
And to the case that they might be stealing certain secrets, I don't think this is regarded
as a hack or a stealing thing. I actually just think they're trying to get better models out
to more people. And hey, if America can use it, it's hardly a geopolitical thing. So I don't know,
I'm kind of in the defense of China here, and maybe that's a hot take. And then
And then finally, I just want to put one thing on that China note, I'm not sure that it's out of their own goodwill of their heart.
I think it's like the reason their open source is probably because they're behind.
I have, I would imagine that if they did have an Nvidia equivalent in China that was creating top tier GPUs.
And they did have the, yeah, they did have these leading models like Opus 4.6 and GPT 5.3.
They would close it down because there is so much value in owning that.
But because China's behind, there's value in being open and sharing it and gaining as much adoption
as possible as quickly as possible. And it seems like it's more strategic and tactical than out of
the goodness of their heart. But I mean, again, open source really benefits everyone. And as a U.S.
citizen, I've used plenty of the Chinese models and they work awesome because they're just so cheap
and effective. Well, to be clear, it doesn't benefit everyone. It benefits the users of those models,
because the American AI labs, their valuations are going to tank if you have a Chinese open source much cheaper version that can run on much less expensive hardware. So it makes sense that the Chinese models are basically going the open source route so that they can kind of like chip away at American valuations and then, as you said, Josh, entrenched users in it. But it's not even just American LLMs. There's Chinese models that are specifically just good in China and beat a lot of the American models. Like, what you're looking on the screen now is not Transformers.
it is a 30 second video from C-Dance 2.0,
which is a Chinese video model,
which is just at the front of its own race.
It's basically at the top of its kind.
And it's super cheap to produce
like Hollywood cinematic effects right now.
Seedance 3, the stats were leaked the other day,
10 to 18 minutes of continuous cinematic video.
So we're going from 30 seconds to almost like a casual episode on,
I don't know, like on your network TV's worth,
in a matter of seconds. It's just kind of insane to see. And I don't think that, you know, this is a
nudge against China. I just think like, you know, this thing is accessible to anyone and everyone
should be at scale soon. When you're in a bar fight, the dude who like smashes the bottle over the
counter and starts waving it around as a weapon, like that's the guy that wins. The person who
are armed and willing to break the rules and willing to do whatever it takes to win, that's the person
that wins. And China time and time again has proven that that's what they're willing to do. And
it creates really difficult moral dilemma between companies like Anthropic that I genuinely do believe
have people's best interests at hearts, but none of the incentives align with that mission.
There is no incentive for being safe when the opposers on the other side of the planet have no regard for it.
Because should being safe slow down our progress that only allows them to catch up or accelerate ahead,
and then we are living under a world in which it is run by Chinese rules from Chinese models.
and it's this impossibly difficult to lemma that they're trying to navigate,
and I really have a lot of empathy for that,
because it's a difficult place you want to create this safe superintelligence,
this safe AGI that doesn't harm the world.
But at the same time, you do need to be a wartime presence.
You need to lock down your endpoints.
You need to have detection for 24,000 fake accounts that are extracting tons of data for you.
Like this is a serious issue,
and I really hope that this is kind of like a warning cry
or just like a refocusing for a lot of these AI labs
in how important it is to keep your stuff locked down
or just do whatever needs to be done to win this race.
To round this up, I see a few things happening going forwards.
Number one, I think companies like Anthropic
and maybe even Open Air and Gemini or Google to an extent
are going to start locking down their APIs in a few ways.
Google started locking down their thing to OpenClaw,
their API to OpenClaw this week.
Anthropics started doing the same after announcing this distillation attack.
Now, this is not going to be good for net net for users because, you know, they say that
they're preventing Chinese hacks, but really like it's the software engineer in America that
suffers from this. And I would say it would have the opposite effect that they want, which is
these software engineers who can't afford, you know, to spend tens of thousands of dollars
every month to access top tier models are just going to go to these Chinese models. So it's going to
have the opposite effect of what you actually want. I think the other thing that we have to
recognize, which is just the uncomfortable truth is this isn't.
a conversation about AI models and the AI race, I think this is a geopolitical discussion.
This is America versus China, as it always has been. And to Dario's point in, what was it,
it's the name of it, Davos, he stated that, you know, giving or selling GPUs or selling model
access to China is the equivalent of giving them the keys to nukes, right? Because if you assume
that these AI models are going to become intelligent enough, they're going to be used against each other's
adversary. So you can't necessarily or you don't necessarily want to give China access to these side of
things. The progress of AI and the safety of AI will fall to that lowest common denominator.
Where like we want a good video model. Well, China doesn't care for copyright. They go and create
seed dance. Anthropic doesn't want to cooperate with the Pentagon and it wants to make sure that
the Pentagon does things a little safer than the Pentagon would like. Well, Grock is there to step in and
to fill that void. And the reality is, is that while these morals are so,
important to stand on. They're so incredibly difficult to enforce because the stakes are as high as they
are. And I think when we look at the Game of Thrones, how to evaluate all the positions of all these
companies, it's becoming increasingly clear that the moral compass is going to become increasingly
complex as the stakes get higher. And a company like Anthropic who wants to be Anthropic is going to
have a very difficult time maintaining that, even though it's probably critical for the safety and
well-being. The other thing I was thinking about is when these types of hacks, hacks using distillation,
removes all the safety caps that American AI labs put in. So for example, if you had an uncensored
version of Claude, you could use it to create or help you create biochemical weapons. But Anthropic
puts in safeguards so that you aren't able to do such things, right? Chinese model labs that are
distilling models into there, to train their own models, don't have that safety limit. You would need to
rely on China being able to do that and not adding any nefarious backdoors. So, like, I see the
point around, like, you know, American model labs being responsible for their own thing and
understanding that they are now a national level asset and they need to kind of respond effectively.
But equally, we can't necessarily just be relaxed and let China do similar things like this.
So it's, it is a tricky one. I think without doubt, the frontier of modern warfare against
these two nations looks like an AI model attacking each other. I don't think it's got anything to
do with weapons. It's got quite the opposite. That's why the Pentagon cares so much. That's why
they're signing deals with Open Air and GROC to create drone warfare technology and so much more.
So I think this is in the end. We're going to see way more attacks from this. Maybe even in
switched roles, I don't know. But interesting to see, nevertheless. Yeah, it's, I mean, again,
this Game of Thrones is just going to keep getting more interesting, higher stakes. People are going to
start sacrificing more and more. And this is just the most recent example of Anthropic being the one in
the crosshairs. But I'm sure it's just a matter of time.
others are as well. But I think that concludes the episode today. That is the update on the
anthropic drama. That's everything we need to know about it. And I guess the problem for today,
which I'm curious about, is like, kind of where do you stand on the issue? It's complicated
because in a way, everyone is right and everyone is wrong. Like, everyone is breaking the rules,
but does, like, what are the rules actually, are they actually able to be enforced? I don't know.
But yeah, I'm curious to hear just general takes on the issue here. It's a good one. Like, how do
you feel? Like for those of you who are playing around with like Kimi K2.5 or Minimax, like myself,
do you feel like more likely to pick them up now that you know what's going on? Or are you just
kind of on the side of like, ah, this is happening and it's cheap for me to use and I can run it
privately at home. Maybe it doesn't matter. I don't know. Let us know. We didn't talk about that.
Are you now more or less inclined to use these models?
Dude, I, okay, I'm just going to be very honest. I'm still going to use these models because
I'm not exactly convinced, even though I understand where Anthropics is coming from, that distillation
is such a bad thing, I think they need to figure out a way to prevent people from distilling them.
If you can access it via an API, you've got a security issue, not a national threat.
Yeah, I think I'm probably in the same boat where I will continue to experiment with C-Dance
because C-Dance is so much better than everything else.
And I'll just use the best products at the time.
And I hope that the American companies continue to provide the best products.
And yeah, I guess that concludes today's episode.
So if you did enjoy it, please don't forget to share it with your friends.
that's a big way to help us grow, liking, subscribing, commenting if you're listening to this
podcast, rating five stars goes a long way. And yeah, we have an amazing substack that comes out
twice a week that you can also subscribe to. Everything is linked down below in the description.
And Ejazz, unless you got anything else, I think that's it for today.
No, that's it. So we'll see you guys on the next one. I'll see you folks.
See you guys.
a while the race is friends