🧭 Distillation Attack Detection — Identifying Unauthorised Model Cloning

Anthropic's security research team has published findings on what it terms "distillation attacks" — a class of adversarial usage where a third party systematically queries Claude at scale to generate training data for a competing model, effectively transferring Claude's capabilities without authorisation. The paper documents evidence that outputs from Claude have appeared in training datasets for at least three external model releases, including models from DeepSeek, Moonshot AI, and MiniMax, based on stylistic fingerprinting and capability overlap analysis.

Detection methods documented

• Stylistic fingerprinting — Claude's outputs carry detectable patterns in sentence structure and formatting that persist through distillation into student models
• Canary probe injection — Anthropic has begun inserting low-frequency "canary" phrases into outputs in specific topic domains; if these phrases appear in external model outputs at above-chance frequency, it is a signal of distillation
• API usage pattern analysis — large-scale systematic querying has identifiable characteristics (low variance in prompt structure, high repetition across topic clusters) that differ from organic usage

Anthropic states it has reported the findings to relevant legal and policy teams and is monitoring for continued patterns. The company emphasises that its Terms of Service prohibit using Claude outputs to train competing models, and that it considers enforcement of this policy a priority.

🧭 AI Chip Export Rules — New Compliance Requirements for API Providers

Updated US semiconductor export controls, which took effect this week, create new compliance requirements for AI API providers serving customers in certain jurisdictions. The rules, an extension of the existing BIS Export Administration Regulations, now require API providers to implement end-user controls for certain high-capability AI inference services — essentially, API operators must be able to certify the jurisdiction of end users consuming advanced AI capabilities above a defined performance threshold.

Anthropic has confirmed it is reviewing its existing enterprise agreements and API terms for compliance with the updated rules. For the large majority of API customers — individuals and companies in jurisdictions not subject to the new controls — no changes are required. Enterprise customers in affected regions may be contacted by Anthropic's compliance team to update their agreements. The company has not published a full list of affected jurisdictions pending legal review but notes that its existing geo-based inference routing infrastructure (the inference_geo parameter introduced in early February) provides the technical mechanism needed to implement the required controls.