In a move that escalates the geopolitical tensions surrounding artificial intelligence, Anthropic, the American AI safety start-up, has formally accused Chinese e-commerce giant Alibaba of illicitly extracting proprietary model weights from its Claude language system. The allegation, which sources say includes evidence of systematic probing and model inversion attacks, has prompted an unprecedented warning from British intelligence agencies about the acceleration of state-linked corporate espionage in critical AI sectors.
The accusation centres on what Anthropic describes as a coordinated effort by a team working out of Alibaba's DAMO Academy research division. Using a technique known as black-box model extraction, the group allegedly reverse-engineered key parameters of Anthropic's Claude-3 architecture. This method involves querying a target AI system with thousands of carefully crafted inputs to map its decision boundaries and reconstruct a functional clone. While such techniques are publicly known in academic literature, Anthropic claims Alibaba's approach involved close to 1.2 million queries in a three-week period, an intensity that raises questions of industrial-scale theft.
British intelligence, through its GCHQ-linked National Cyber Security Centre, has issued a rare technical note to AI labs and cloud providers warning of 'model hijacking' as a growing vector for intellectual property theft. The note, seen by this desk, describes how model weights can be exfiltrated not only via traditional cyber intrusion but through legal access channels under false pretences. It also flags the use of proxy networks and data centres in low-regulation jurisdictions to mask the source of extraction attacks. This marks the first time UK intelligence has explicitly singled out model theft as a national security issue on par with hacking critical infrastructure.
The timing is particularly damaging. Anthropic is currently in advanced fundraising rounds at a valuation exceeding $18 billion, with its Claude models being integrated into enterprise systems across healthcare, finance, and defence. Any dilution of their unique safety features could create vulnerabilities in downstream applications. More broadly, the episode reveals a new front in the US-China technology war: the theft of algorithmic value rather than just data or patents. A senior advisor to the UK's AI Safety Institute told me 'we are now in the era of software espionage 2.0, where the target is not what a system knows but how it thinks.'
Chinese authorities have dismissed the claim, with a spokesperson for Alibaba calling it 'unsubstantiated and driven by competitive fear'. The company insists its research complies with all international IP laws and has offered to open its AI research logs for third-party audit. Yet, the lack of a global framework for AI model copyright leaves Anthropic with limited legal recourse. Unlike source code, model weights are often protected only by end-user licence agreements, which vary by jurisdiction.
This story is still developing, but one thing is clear: the trust structures that underpin the AI industry, trust in cloud providers, trust in research collaborations, and trust in state-mediated data flows, are fraying. For users of AI tools, the immediate effect may be subtle: slightly less capable chatbots as companies safeguard their models behind obfuscation layers. For the average citizen, however, it signals a darker trajectory: the weaponisation of intelligence itself. As I wrote in my last column, we must urgently define digital sovereignty for algorithms. This incident is the shot across the bow.
