The New AI Arms Race: Model Extraction
Major U.S. AI companies including OpenAI, Google, and Anthropic are sharing intelligence about Chinese firms allegedly using 'distillation' techniques to extract capabilities from American AI models. Anthropic has specifically blocked Chinese-controlled companies from using Claude and identified three Chinese AI labs - DeepSeek, Moonshot, and MiniMax - as illicitly extracting model capabilities. The practice involves making large-scale data requests to extract and reverse-engineer AI model capabilities, with the threat extending 'beyond any single company or region' and posing national security risks.
How It Works
Distilled models often lack safety guardrails designed to prevent malicious use, while U.S. companies report measuring the prevalence of attacks based on volumes of suspicious large-scale data requests.
The technique is simple but effective: make thousands of API calls to a frontier model (Claude, GPT-5, etc.), extract the outputs, then train your own model on those outputs. The result is a model with comparable capabilities but without U.S. safety restrictions.
Industry Response
Rivals OpenAI, Anthropic, and Google have begun working together to try to clamp down on Chinese competitors extracting results from cutting-edge US artificial intelligence models to gain an edge in the global AI race. The firms are sharing information through the Frontier Model Forum, an industry nonprofit that the three tech companies founded with Microsoft in 2023, to detect so-called adversarial distillation attempts that violate their terms of service.
My View: This is the semiconductor export-control debate happening in real-time, except the commodity is API access. The U.S. can't easily block API access without breaking their business model, but they can track it and respond. Expect escalation: rate-limiting by IP geolocation, stronger API authentication, and lobbying for export controls on compute clusters. The Chinese labs are moving fast because they know the window is closing.