Adversarial Distillation: The Industrial-Scale Theft of Frontier AI

John Z Black Apr 23, 2026 AI Security #ai-security #china #adversarial-distillation #deepseek #white-house #espionage #frontier-ai #anthropic

The White House just gave a name to a threat that’s been an open secret in the AI world: Adversarial Distillation.

Basically, you don’t need to hack into a lab and steal model weights to get a top-tier AI. You can just “distill” the behavior of a big model by feeding its outputs into a smaller, cheaper one. Do that enough, and the student becomes a clone of the teacher. The OSTP memo explicitly links this to the rapid rise of Chinese models like DeepSeek, framing it as a systematic, industrial-scale campaign to clone U.S. frontier capabilities.

We aren’t talking about a few researchers messing with an API. Anthropic detected 24,000 fraudulent accounts being used to scrap their models. That is a production pipeline dedicated to IP theft.

The trouble is, there’s no “malware” to find here. They are just using the API as it was intended—to answer questions. Detecting this requires behavior analysis on a massive scale. If you are serving your own AI models, your inference logs are now a primary threat-hunting surface.

The government is already moving to treat model weights like nuclear secrets, considering sanctions for anyone caught cloning them. The race for AI leadership has moved past research and straight into strategic capability theft.