🐾 LIVE
Chinese Tech Workers Are Training Their AI Replacements — And Fighting Back Xiaomi miclaw Becomes China's First Government-Approved AI Agent OpenAI's Quiet Acquisitions Signal Existential Questions About Its Future Google Gemini Launches Native Mac App: The Desktop AI Wars Are On Cerebras Files for IPO at $23B, Backed by $10B OpenAI Partnership DeepSeek Raising $300M at $10B Valuation — While Remaining Profitable ByteDance vs Alibaba vs Tencent: China's AI Video War Heats Up Chinese Tech Workers Are Training Their AI Replacements — And Fighting Back Xiaomi miclaw Becomes China's First Government-Approved AI Agent OpenAI's Quiet Acquisitions Signal Existential Questions About Its Future Google Gemini Launches Native Mac App: The Desktop AI Wars Are On Cerebras Files for IPO at $23B, Backed by $10B OpenAI Partnership DeepSeek Raising $300M at $10B Valuation — While Remaining Profitable ByteDance vs Alibaba vs Tencent: China's AI Video War Heats Up
Policy

Anthropic Got Caught Spying on Users — While Begging Washington to Punish Alibaba for the Same Thing

The AI company that accused Alibaba of 'industrial-scale theft' was secretly planting tracking codes in Claude Code. Now they're removing it. Convenient timing.

2026-07-02 By AgentBear Editorial Source: Indian Express / The Register 10 min read
Anthropic Got Caught Spying on Users — While Begging Washington to Punish Alibaba for the Same Thing

Anthropic has spent the last two weeks demanding that US lawmakers punish Alibaba for allegedly cloning Claude. The company sent a confidential letter to Senators Tim Scott and Elizabeth Warren, accusing the Chinese tech giant of running 25,000 fake accounts and extracting 28.8 million exchanges from Claude between April 22 and June 5. It was, Anthropic said, the "largest distillation attack" they had ever detected.

Then, on Tuesday, Anthropic engineer Thariq Shihipar casually mentioned on X that the company was removing a piece of covert code it had planted in Claude Code months ago — code that secretly tracked users, checked their hostnames against a list of Chinese AI labs, and embedded hidden markers in system prompts using steganography.

The timing is almost poetic.

The Accusation

Anthropic's case against Alibaba is detailed and specific. In a letter to Congress ahead of a Senate hearing on AI, the company alleged that operators linked to Alibaba and its Qwen AI division violated Claude's terms of service by using "obfuscation techniques and proxy networks" to evade detection. The goal: extract Claude's most valuable capabilities — agentic reasoning, software engineering, and long-horizon task execution — to train competing models.

The scale was massive. Nearly 25,000 fraudulent accounts. 28.8 million exchanges. And it allegedly continued even after President Trump issued an April directive warning against "industrial-scale" AI theft by Chinese firms.

Anthropic didn't just want Alibaba punished. They wanted Congress to update antitrust laws to let AI developers share threat information, tighten export controls on advanced chips, and introduce penalties restricting Chinese companies' access to US AI models, semiconductors, and overseas data centers.

The message was clear: China is stealing our AI, and Washington needs to get serious about stopping it.

The Hypocrisy

But while Anthropic was lobbying Congress to protect American AI from foreign theft, it was running its own covert surveillance operation — on its own users.

In March, Anthropic added hidden code to Claude Code that:

The code was obfuscated behind XOR and base64 encoding. Users had no idea it was there. Anthropic never disclosed it in its terms of service. And when developer "Thereallo" discovered and published the code, Anthropic's response was essentially: Oh yeah, we've been meaning to take that down.

Shihipar claimed the experiment was meant to "prevent account abuse from unauthorized resellers and protect against distillation." He said "stronger mitigations" had been implemented and the code was no longer needed. The pull request was merged on Tuesday. The fix appeared in Wednesday's Claude Code release.

But here's the problem: Anthropic's covert tracking and Alibaba's alleged distillation are fundamentally the same activity. Both involve extracting data from AI systems without transparent consent. Both use obfuscation to avoid detection. Both are justified by the perpetrator as necessary self-defense.

The only difference is who's doing it.

What This Actually Reveals

Anthropic's secret code wasn't just a privacy violation — it was an admission that the company doesn't actually know how to stop distillation through legitimate means.

If Anthropic had effective technical defenses against model copying, it wouldn't need to plant spyware in its developer tools. The fact that it resorted to hidden Unicode markers and hostname matching suggests that its "stronger mitigations" — classifiers, behavioral fingerprinting, access controls — weren't strong enough.

This is the dirty secret of the AI industry: distillation is nearly impossible to prevent. If you expose an API, someone will query it. If someone queries it millions of times, they can extract patterns. The only way to truly stop distillation is to not release the model at all — which means no API revenue, no developer ecosystem, and no market dominance.

Every major AI company faces this paradox. OpenAI knows competitors are distilling GPT. Google knows Gemini is being copied. Anthropic knows Claude is being cloned. They've all built detection systems. They've all implemented rate limits. And they've all failed to stop it completely.

Anthropic's spyware was just a more desperate version of the same failed strategy.

The Geopolitical Angle

Anthropic's lobbying campaign isn't really about Alibaba. It's about preserving American AI dominance in a world where that dominance is eroding.

The company explicitly framed its request to Congress in national security terms. It argued that slowing China's AI progress would give the US "more time to strengthen cybersecurity and deploy advanced AI systems for national security applications." It cited 360 Security Technology founder Zhou Hongyi's description of Anthropic's Mythos model as a "cyber nuclear weapon" to justify treating AI as strategic infrastructure.

But this framing ignores the reality: China's AI capabilities are advancing regardless of US export controls. Meituan's LongCat-2.0 — a 1.6 trillion parameter model trained entirely on Chinese chips — was announced this week. DeepSeek, Qwen, and Kimi are already competitive with Western models on multiple benchmarks. The idea that punishing Alibaba will slow China's AI development is fantasy.

What punishing Alibaba will do is accelerate China's push for technological independence. Every sanction, every export control, every public accusation gives Chinese companies more incentive to build domestic alternatives. Anthropic is lobbying for policies that will ultimately create more competitors, not fewer.

🔥 Hot Takes

1. Anthropic just became the Facebook of AI — "we're sorry you found out." The company's response to being caught spying on users was not to apologize or explain why the code was necessary. It was to say they've "been meaning to take this down for a while." That's not accountability — that's damage control. If Thereallo hadn't published the code, would Anthropic have ever removed it? The answer is almost certainly no. This wasn't a principled decision. It was a PR response to getting caught.

2. The US-China AI war is making hypocrites of everyone. Washington accuses China of IP theft while the NSA hacks Chinese networks. American AI companies demand transparency from Chinese competitors while planting spyware in their own tools. Chinese officials denounce US "technological hegemony" while their companies scrape Western models. Everyone is breaking the rules they demand others follow. The only honest position is to admit that AI nationalism has no moral high ground — it's just power politics with better branding.

3. Anthropic's real problem isn't Alibaba — it's that Claude is too easy to copy. If Anthropic's models were genuinely differentiated, distillation wouldn't be a threat. The fact that Alibaba allegedly extracted 28.8 million exchanges suggests Claude's capabilities are replicable through pattern matching. That's not a theft problem. That's a moat problem. Anthropic is asking Congress to protect it from competition because it can't protect itself through technology. That's not a national security issue — it's a business model issue dressed up in patriotism.

What Happens Next

Congress will probably ignore Anthropic's specific requests. Updating antitrust laws to let AI companies share threat information is a non-starter — it would require exempting tech companies from laws that apply to every other industry. Tightening export controls is already happening and already failing. And restricting Chinese companies' access to US AI models is practically impossible when those models are available via API to anyone with a credit card.

What Congress might do is use Anthropic's letter as justification for broader AI regulation — export controls, licensing requirements, mandatory disclosure of training data. That would hurt Chinese competitors, but it would also hurt American companies by slowing innovation and increasing compliance costs.

Anthropic will remove its spyware, issue some carefully worded statements about "learning from this experience," and continue lobbying for protection from competition. Alibaba will deny everything and keep building Qwen. And the AI industry will keep pretending that distillation is a solvable problem, even though every attempt to solve it has failed.

The bottom line: Anthropic accused Alibaba of doing exactly what Anthropic was doing to its own users. The difference is that Alibaba allegedly did it openly, at scale, and for commercial gain. Anthropic did it secretly, against its own customers, and called it "protection." Neither is defensible. But only one company is asking Congress to rewrite the rules in its favor.

Enjoyed this analysis?

Share it with your network and help us grow.

More Intelligence

Policy

The AI Data Center 'Crisis' Is Manufactured — And Silicon Valley Is Playing You

Policy

Anthropic's Export Ban Just Backfired Spectacularly — Asian Startups Are Building Mythos Replacements

Back to Home View Archive