Following up on the free versus proprietary models I recalled some of the US AI companies complaining that the Chinese were using US models to “distill” their own.
I ran this question through DeepSeek on OpenRouter. DS Flash complained about needing to upload my API key but Pro was happy to use my OpenRouter credits. The output is appended. (Note: I was particularly thinking of the hypocrisy mentioned in the summary - “OpenAI’s own history of arguing “fair use” for training on copyrighted data could undermine its legal position”.)
The query is somewhat involved and cost me 10 cents. Subsequent simpler questions cost one or two cents. This seems more expensive than that which you have found.
In recent court cases some AI America co
User - –
In recent court cases some AI America companies complained that some Chinese companies were training on their servers. What were the details?
Assistant - –
User - –
In recent court cases some AI America companies complained that some Chinese companies were training on their servers. What were the details?
Assistant - –
U.S. AI Companies Accusing Chinese Firms of Unauthorized “Distillation” — The Full Picture
There isn’t a single “court case” per se, but rather a multi-front campaign in early 2026 in which leading American AI companies have formally accused Chinese AI labs of illicitly extracting model capabilities. The complaints have played out through Congressional memos, public technical disclosures, a White House crackdown memo, proposed legislation, and a major DOJ criminal indictment. Below is a detailed breakdown.
1. OpenAI’s Memo to Congress (Feb 12, 2026)
What happened: OpenAI sent a formal memo to the U.S. House Select Committee on Strategic Competition with the Chinese Communist Party, accusing DeepSeek of systematic “distillation.”
Key allegations:
-
DeepSeek engaged in “ongoing efforts to free-ride on the capabilities developed by OpenAI and other US frontier labs.”
-
DeepSeek employees developed code to programmatically access U.S. AI models and harvest outputs for training.
-
They used “obfuscated third-party routers” to mask the origin of API traffic and circumvent access restrictions.
-
The distillation attempts involved “new, obfuscated methods” that evolved in sophistication as OpenAI hardened its defenses.
-
OpenAI claimed DeepSeek also used third-party routers to access models from Anthropic, Google, and xAI.
-
The memo warned that distilled models often strip away safety guardrails, creating national security risks in areas like bioweapons and cyber operations.
OpenlyAI stated this was an update to an earlier assessment it provided in March 2025, shortly after DeepSeek’s R1 model shocked markets.
2. Anthropic’s Public Technical Disclosure (Feb 23, 2026)
What happened: Anthropic published a detailed blog post (“Detecting and Preventing Distillation Attacks”) identifying three named Chinese AI labs and providing granular forensic evidence.
Click to expand — Detailed breakdown by company
| Company | Scale of Operation | Specific Tactics |
|—|—|—|
| DeepSeek | 150,000+ exchanges | Synchronized traffic across accounts; shared payment methods; “load balancing” to increase throughput and avoid detection |
| Moonshot AI (maker of Kimi) | 3.4 million+ exchanges | Hundreds of fraudulent accounts across multiple access pathways; later attempted to extract and reconstruct Claude’s reasoning traces; attribution confirmed via request metadata matching public profiles of senior Moonshot staff |
| MiniMax | 13 million+ exchanges (largest campaign) | Detected while still active; pivoted within 24 hours of a new Claude model release, redirecting nearly half its traffic to capture new capabilities |
Aggregate numbers:
-
~24,000 fraudulent accounts created
-
Over 16 million exchanges with Claude
-
Used “hydra cluster” architectures — sprawling networks of fake accounts distributed across Anthropic’s API and third-party cloud platforms (e.g., one proxy network managed 20,000+ fraudulent accounts simultaneously)
-
Targeted areas: complex reasoning, coding assistance, tool use, and agentic capabilities
How they circumvented restrictions: Claude is not commercially available in China. The labs used commercial proxy services that resell access to Western AI models, routing traffic to mask origin.
3. The Supermicro Criminal Indictment (March 19, 2026)
This is the only actual court case in this saga. The DOJ unsealed an indictment charging three individuals tied to Super Micro Computer, Inc. (SMCI) with conspiring to illegally divert AI servers to China.
Click to expand — Indictment details
Defendants:
-
Yih-Shyan “Wally” Liaw (71) — SMCI co-founder, board member, SVP of Business Development (U.S. citizen, arrested in California)
-
Ruei-Tsang “Steven” Chang (53) — General manager of SMCI’s Taiwan office (Taiwan citizen, remains a fugitive)
-
Ting-Wei “Willy” Sun (44) — Third-party broker/“fixer” (Taiwan citizen, arrested)
The scheme:
-
Servers with advanced Nvidia GPUs were assembled in the U.S.
-
Shipped to SMCI’s Taiwan facilities
-
Forwarded to a pass-through company in Southeast Asia
-
Repackaged into unmarked boxes and smuggled to end customers in China
-
Thousands of “dummy” servers (non-working physical replicas) were staged at storage sites to deceive SMCI’s compliance team and U.S. Commerce Department inspectors
Scale:
-
~$2.5 billion worth of servers diverted between 2024–2025
-
At least $510 million diverted in a ~3-week window (late April to mid-May 2025) alone
-
Liaw allegedly pushed the Southeast Asian front company to adopt Nvidia B200 (Blackwell architecture) chips in late 2024
-
Liaw allegedly urged speeding up shipments to beat an impending export rule change
Charges:
-
Conspiracy to violate the Export Controls Reform Act (max 20 years)
-
Conspiracy to smuggle goods from the U.S. (max 5 years)
-
Conspiracy to defraud the U.S. (max 5 years)
SMCI’s response: The company was not indicted. Liaw and Chang were placed on administrative leave; Sun’s contract was terminated. SMCI stated it is “cooperating fully” and maintains a “robust compliance program.”
4. The Nvidia Blackwell Angle (Feb 23, 2026)
In a related development, a senior Trump administration official told Reuters that DeepSeek’s latest model was trained on Nvidia Blackwell chips — the most advanced AI chip, whose export to China is banned. The chips were reportedly clustered at DeepSeek’s data center in Inner Mongolia. The official also stated that DeepSeek’s model “likely relied on distillation of models made by Anthropic, Google, OpenAI, and xAI.”
5. Legislative Response: The “Deterring American AI Model Theft Act” (April 15, 2026)
Rep. Bill Huizenga (R-MI) introduced H.R. 8283, which would:
-
Direct the State Department to identify foreign entities conducting “model extraction attacks”
-
Authorize discretionary sanctions (via IEEPA) against identified offenders
-
Create a “name and shame” list of AI thieves
-
Establish a framework for industry-government intelligence sharing on distillation attacks
-
Exempt legitimate distillation (with model owner approval) from penalties
The bill received unanimous bipartisan support in the House Foreign Affairs Committee. Huizenga stated: “Model extraction attacks are the latest frontier of Chinese economic coercion and theft of U.S. intellectual property.”
6. White House Crackdown Memo (April 24, 2026)
White House Chief Science and Technology Advisor Michael Kratsios issued a memo vowing to:
-
Work with American AI companies to identify distillation activities
-
Build defenses against extraction attacks
-
Punish offenders through coordinated government action
-
Singled out entities “principally based in China” for “deliberate, industrial-scale campaigns”
Key Distinction: No Civil Lawsuits (Yet)
Despite the severity of the allegations, neither OpenAI nor Anthropic has filed a civil lawsuit against DeepSeek, MiniMax, or Moonshot AI. The practical obstacles are significant:
-
Chinese companies operating primarily outside U.S. jurisdiction
-
Unclear whether AI model outputs are protected by copyright (the U.S. Copyright Office requires human authorship)
-
OpenAI’s own terms of service assign ownership of outputs to the user, not OpenAI
-
OpenAI’s own history of arguing “fair use” for training on copyrighted data could undermine its legal position
Instead, the U.S. strategy has relied on: (1) Congressional pressure, (2) export controls on hardware (chips), (3) criminal prosecutions of smuggling, and (4) proposed sanctions legislation.
