Anthropic Tells Congress Alibaba Ran the Largest Distillation Attack It Has Seen
Anthropic accused operators linked to Alibaba and its Qwen AI lab of waging a large-scale campaign to “brazenly” and “illicitly” extract Claude’s capabilities. In a letter to the Senate Banking Committee’s Tim Scott and Elizabeth Warren — and to White House officials — the company says roughly 25,000 fraudulent accounts conducted about 28.8 million exchanges with Claude between April 22 and June 5, targeting its most commercially valuable skills: software engineering and agentic reasoning.
The technique is distillation — feeding carefully built queries to a frontier model, harvesting the responses, and using them to train a cheaper rival that approximates the original. Anthropic calls it the largest known distillation attack against it to date, and has now named four Chinese labs as distillers of its technology, with the Alibaba effort by far the biggest. Alibaba had not commented on the allegations as of publication.
Anthropic Says Claude Now Handles 95% of Its Internal Analytics Queries
Anthropic reported that Claude now answers around 95% of its internal analytics requests, letting employees pull business data on their own instead of queuing every question behind a data team. It’s a concrete dogfooding metric in the same vein as the “65% of our product team’s code” figure that accompanied Claude Tag — evidence that Anthropic is rewiring its own operations around the model.
For buyers weighing enterprise rollouts, self-serve analytics is one of the cleaner ROI stories: it shortens the path from question to answer and frees scarce data engineers for higher-order work. The caveat, as ever, is trust — a number is only useful if teams can verify how Claude arrived at it.
Service Accounts and a Rate Limits API Harden the Claude Platform
Anthropic added service accounts to the Claude Platform, giving each workload its own identity, roles, and audit trail rather than sharing one API key. It pairs with the recently GA Workload Identity Federation, which swaps static keys for short-lived, scoped credentials issued at request time — and ant auth login for interactive sessions.
A new Rate Limits API rounds out the release, letting admins programmatically query the limits set for their org and workspaces. Individually small; together they’re the access-control and observability scaffolding enterprises demand before wiring Claude into production. There’s also a quiet billing fix: requests that return stop_reason: "refusal" with no output are no longer billed.
Managed Agents Learn to “Dream” and Orchestrate Subagents
Claude Managed Agents gained two notable capabilities. Dreaming is a scheduled process that reviews past agent sessions, surfaces patterns, and curates memory — so an agent improves between runs instead of starting cold each time. Multiagent orchestration lets a lead agent delegate to specialist subagents working in parallel on a shared filesystem, each with its own model, prompt, and tools.
Combined with self-hosted sandboxes and private MCP server support, the picture is of agents that are both more autonomous and more contained — able to plan, remember, and split work, while staying inside boundaries an enterprise sets.
Fable 5 Still Dark on Day 13 as ID Verification Looms
Thirteen days after the US export-control directive took Fable 5 and Mythos 5 offline, both remain suspended for every user, and no public Commerce Department response has surfaced. The most-watched off-ramp isn’t a formal lifting of the order but identity verification: Anthropic’s updated support page says users may be asked for a government photo ID and a live selfie, processed by third-party partner Persona, starting July 8.
That mechanism points to a US-citizens-only restoration — verified domestic users back on Fable 5 while international subscribers stay on Opus 4.8 — without the directive being lifted outright. The privacy-policy changes that enable it have already drawn user pushback over biometric collection.
An Anthropic Engineering Leader on the “Lonely” Side of AI-Heavy Work
An Anthropic engineering leader told Fortune that leaning hard on Claude Code has made some employees’ work feel like a “lonely experience” — less of the back-and-forth pairing and shared problem-solving that once defined a dev team’s day. It’s a candid admission from the company arguably furthest down the AI-native path.
The morale wrinkle matters precisely because Anthropic is selling the opposite story: Claude as teammate, headcount, always-on collaborator. If the most AI-saturated workplace on earth is also feeling more isolated, that’s a tension every buyer racing to automate should sit with before they reorganize around agents.
The Alibaba Letter Is a Policy Play as Much as a Security One
Anthropic could have handled a distillation campaign quietly — ban the accounts, tighten detection, move on. Instead it wrote to the Senate Banking Committee and the White House, with numbers built for a headline: 25,000 accounts, 28.8 million exchanges, the largest attack it has ever seen. That’s not just incident response; it’s Anthropic shaping the policy weather around frontier-model security and Chinese AI competition.
The timing rhymes with everything else on the board: a confidential IPO filing, an export directive that already froze Fable 5, and an ID-verification regime arriving July 8. A frontier lab that can credibly say “rivals are stealing our best capabilities at industrial scale” strengthens the case for the very export controls and verification walls now reshaping who gets access to its models. Whether that protects an ecosystem or fences one off is the debate Washington now has to have — and Anthropic just made sure it happens on its terms.