Feb 24 Anthropic accuses DeepSeek, Moonshot, and MiniMax of "industrial-scale distillation attacks". Show details

news.smol.ai•about 22 hours ago•View Original →

TL;DR: Anthropic accuses DeepSeek, Moonshot, and MiniMax of “industrial-scale distillation attacks”

Major Highlights:

Bold allegation of API-scale copying by Chinese labs
- Anthropic says it detected ~24,000 fraudulent accounts generating over 16 million Claude exchanges, allegedly used by DeepSeek, Moonshot AI, and MiniMax to distill Claude’s capabilities. The company frames the risk as both competitive (tool/agent behavior extraction) and geopolitical (safeguard removal enabling military/intel uses).
Security model shift: from weights secrecy to API abuse resistance
- The case foregrounds how frontier labs now depend on detecting account fraud, rate-limit evasion, behavioral fingerprinting, and watermarking to defend model advantages—raising questions about whether export controls on chips/models are meaningful if model behavior can be replicated via outputs at scale.
Benchmarks reset: SWE-Bench Verified deprecated
- OpenAI DevRel is deprecating SWE-Bench Verified, citing contamination and flawed task/test design that reject correct solutions or pose unsolvable specs. The field is pivoting to SWE-bench Pro and cost-sensitive evals (e.g., AlgoTune’s $1-per-task “capabilities per dollar” framing).
Agentic coding: adoption surge, real failures, emerging playbooks
- Developers report both productivity wins (Codex/Claude Code) and failure modes (instruction loss causing destructive actions in OpenClaw-like setups). Guidance is coalescing around sandboxing, schedulers/queues, observability, and minimal over-customization. Enterprises emphasize eval loops as “Day 0” infra.

Key Technical Details:

Alleged distillation scale: ~24,000 accounts; >16M Claude interactions; named actors: DeepSeek, Moonshot AI, MiniMax.
Claimed risk surface: extraction of tool use and agent behaviors; safety guardrail bypass; downstream sensitive applications.
OpenAI Responses API: adds WebSockets; claimed 20–40% speedups for workflows with 20+ tool calls. Early third-party results: ~15% faster simple tasks, ~39% on complex, best cases ~50%.
Eval updates: NL2Repo-Bench shows <40% pass rates for top models on repo-from-scratch tasks; OCR brittleness on dense historic newspapers; OlmOCR-Bench released for community evals.
Cost-aware eval trend: AlgoTune scores models under $1/task, reframing “best model” under budget constraints.

Community Response/Impact:

Hypocrisy debate: Critics (including Elon Musk and prominent developers) argue labs that trained on scraped internet data now decry “copying.” Counterarguments contend API-scale distillation differs materially by transferring tool-use/agent behavior and safety constraints.
Geopolitics and timing: Observers link the announcement to a DeepSeek V4 news cycle and U.S.–China framing, reviving export-control efficacy debates.
Engineering takeaway: API defense, identity assurance, and behavioral watermarking become strategic; open/local agent interest persists (Ollama 0.17; NanoClaw).

First Principles Analysis:

Why this matters: If high-fidelity behavior can be reproduced from outputs at industrial scale, data/model moats erode and safety controls can be stripped—pressuring providers to treat the API itself as the protected surface. This shifts advantage to labs with superior detection, telemetry, and trust infrastructure. Simultaneously, eval turbulence (SWE-Bench issues) underscores that progress claims hinge on measurement quality—nudging the field toward cost-aware, long-horizon, and real-world robustness tests.