![]() |
VOOZH | about |
Jun 25, 2026
After Anthropic accused Alibaba of a 28.8M-exchange distillation campaign, HN and X revealed the supply chain underneath β Chinese resellers offering Claude at 70β90% below API list, Codex at 1β5% of official cost, and labs buying reasoning traces. Greg Kamradt called it "obvious in retrospect."
Jul 1, 2026
App strings showed Fable credits gated on verification before restore. Fable 5 is live July 1 β how credits and ID checks may still work.
Jul 1, 2026
Fable 5 is live July 1. June 13 limits reset during ban; credits may still apply. Sonnet 5 raised limits. GPT-5.6 broad access around the corner.
TL;DR: Anthropic accused operators linked to Alibaba's Qwen division and companies like DeepSeek of running nearly 25,000 fraudulent accounts that generated over 28.8 million interactions with Claude β aimed at distilling coding, reasoning, and planning into competing Chinese models. Anthropic called it the largest extraction campaign detected to date and briefed U.S. lawmakers and White House officials. On X, @GregKamradt said the underlying token black market was "obvious in retrospect"; @pmarca replied "Cyberpunk AF."
According to Reuters and CNBC (June 24, 2026), Sarah Heck, Head of Policy at Anthropic, sent a June 10, 2026 letter to Chairman Tim Scott and Ranking Member Elizabeth Warren on the U.S. Senate Committee on Banking, Housing, and Urban Affairs.
Anthropic describes distillation attacks as systematic, industrial-scale efforts to harvest American IP and repackage US frontier capability without bearing original R&D costs. The letter frames the Alibaba campaign as the largest known distillation attack Anthropic has detected β targeting agentic reasoning, software engineering, and long-horizon tasks specifically.
| Claim | Detail |
|---|---|
| Fake accounts | ~25,000 fraudulent accounts |
| Volume | 28.8 million Claude model exchanges |
| Window | April 22 β June 5, 2026 |
| Targets | Agentic reasoning, software engineering, long-horizon tasks |
| Operators | Affiliated with Alibaba / Alibaba Qwen |
| Prior campaigns | DeepSeek, Moonshot, MiniMax β ~16M exchanges via ~24,000 accounts (Feb 2026 blog post) |
| Capability concern | PRC labs reaching Mythos Preview-level capability faster via extraction |
The letter ties distillation to national security: if PRC labs reach Mythos-caliber models through extraction, advanced cyber capabilities could deploy against US government and companies. Anthropic cites Project Glasswing as a US defensive program that has helped harden cyber posture β the same Glasswing context behind Mythos testing and the June 12 export controls.
Distillation here means using a frontier model's outputs β and often chain-of-thought reasoning traces β as training signal for a cheaper rival. You do not need weights; you need volume, diversity, and persistence.
Alibaba did not immediately respond to Reuters' request for comment in published reports.
The distillation letter landed before the June 12 Fable/Mythos suspension, but the two stories collided publicly on June 27, 2026 when trending coverage juxtaposed:
| Washington framing | Operational reality |
|---|---|
| Mythos too capable for public release; cyber demos alarm lawmakers | ~25,000 fraudulent accounts ran 28.8M exchanges undetected (Apr 22 β Jun 5) |
| Export controls protect national security | Bot farms used dynamic IPs, reseller APIs, and subscription arbitrage |
| Federal pre-release access needed (Garbarino demo via Punchbowl) | July 8 ID verification targets fake accounts β separate from EAR |
Neither side is fully wrong. Real banking vulnerabilities exist β security firms disclose ACH and transaction-initiation bugs regularly. Controlled demos can show exploit paths without proving Mythos can drain arbitrary live accounts on demand. Likewise, Mythos-class cyber and bot-account detection are different engineering problems; failing one does not invalidate the other, but it complicates the political case for a global API shutdown.
For Fable restoration: the letter strengthens Anthropic's argument that identity verification matters for US-first return, while export-control opponents cite the same letter as evidence the ban overshoots operational risk. Status hub: Is Fable 5 back? β answer remains no on June 27.
Grok's X summary (June 25, 2026) framed the story as a fast-moving news item: Anthropic's disclosure, lawmakers briefed, penalties still unclear.
Notable posts:
The through-line: builders already suspected capability leakage; Anthropic put numbers on it.
The HN thread on Anthropic vs Alibaba exploded because tristanj explained how cheap Claude access scales β not just that labs want traces.
Core mechanics (summarized from the top comment):
That comment is the bridge between headline geopolitics and developer economics. We captured the full HN screenshot and reseller playbook in AI Token Black Market: Claude Resellers at 70β93% Off.
Important distinction from HN debate:
| Activity | What it is |
|---|---|
| Token reselling | Cheap inference via subscription arbitrage β ToS gray area, consumer-facing |
| Distillation | Training competitor weights on harvested outputs β industrial IP extraction |
| Anthropic's Alibaba letter | Focuses on the latter at scale β 28.8M exchanges |
Many HN commenters argued the two overlap: resellers log everything and double-dip β margin on tokens plus payment from labs for training data.
Anthropic's layered defenses β geoblocking, phone verification, credit cards, live biometric KYC β map directly to bot-farm economics.
From the HN thread:
"These resellers operate tens of thousands of bot accounts, which is also why Anthropic introduced identity verification, to slow down the onslaught of bots."
Commentators also note evasion: residential proxies, ID verification as a service in low-income countries (~$30/account), and human prompt farms if automation fails.
Our export-control coverage ties the same week to Fable 5 / Mythos 5 restrictions β different lever, same war: keep frontier capability from becoming commodity training data.
HN users debated whether Chinese labs are "winning on merit" or riding subsidized Claude access.
tristanj argued DeepSeek permanently cut V4-pro API prices 75% because resold Opus tokens undercut them β Chinese open-weight providers forced to match impossibly cheap frontier access.
Counter-arguments on HN:
For builders, the practical takeaway: ultra-cheap Claude endpoints are a trust problem β wrong model, logged prompts, no DPA, sudden cutoffs.
Anthropic's letter asks Congress for three measures:
The letter references NSTM-4 (Trump administration OSTP memo on distillation) and NSPM-11 (national security enterprise partnership with private AI companies for threat sharing and red-team exercises). Despite those whole-of-government efforts, Anthropic writes that distillation attacks remain widespread among PRC AI labs.
Open questions X and HN keep asking:
@aleabitoreddit summarized the mood: "Feels like this is kind of known by now... but there's been no real penalties enforced yet. We'll see."
| Date | Event |
|---|---|
| Feb 2026 | Anthropic flags smaller distillation campaigns (DeepSeek, Moonshot, MiniMax) |
| Apr 22 β Jun 5, 2026 | Alleged Alibaba/Qwen campaign β 28.8M exchanges |
| Jun 10, 2026 | Anthropic letter to Senate Banking Committee |
| Jun 24, 2026 | Reuters / CNBC publish; HN thread surges |
| Jun 25, 2026 | X trending; Greg Kamradt "black market" thread; Grok news summary |
| Jul 8, 2026 | Anthropic identity verification policy (scheduled) |
Primary sources: Reuters β Anthropic vs Alibaba Β· CNBC Β· Hacker News #48667495 Β· Greg Kamradt on X Β· YouTube Short
Alibaba allegations are Anthropic-reported unless independently verified. Reseller pricing claims come from HN/X community reports. This article is analysis for developers and policy readers β not legal advice.