White House warns on AI theft

The White House told federal agencies on April 23 that it believes China-based actors are running large-scale campaigns to copy U.S. frontier artificial intelligence models. (whitehouse.gov) In a memo signed by Office of Science and Technology Policy Director Michael Kratsios, the administration said foreign entities “principally based in China” are using “tens of thousands of proxy accounts” and jailbreaking techniques to extract capabilities from American systems. (whitehouse.gov) The memo describes the tactic as distillation: flooding a model with prompts and outputs, then using those answers to train a cheaper imitation. Nextgov reported the warning went to agency heads on Thursday, April 23, and said the administration plans closer coordination with private AI companies. (nextgov.com) The White House drew a line between normal distillation and theft. It said distillation is a standard way to make smaller, faster models when it is authorized, but called “surreptitious, unauthorized distillation campaigns” unacceptable when they target proprietary systems. (whitehouse.gov) The administration said copied models may not match the original across the board, but can still look competitive on selected benchmarks while costing far less to build. The memo also says actors can remove safety controls from those derivative models after extraction. (whitehouse.gov) The immediate policy shift is tighter protection around what the government calls strategic AI assets. OSTP said it will share threat information with U.S. AI firms, help companies coordinate defenses, develop best practices, and examine measures to hold foreign actors accountable. (whitehouse.gov) This warning lands after a year of broader U.S. fights over how to control advanced AI systems, chips, and model weights — the numerical parameters that make a model work, like the recipe inside the software. In January 2025, the Commerce Department created export controls for some advanced closed-weight models, and in May 2025 the Trump administration rescinded that Biden-era diffusion rule while promising a replacement approach and tougher chip controls. (federalregister.gov, bis.gov) Private companies have been describing the same problem in public. Google’s Threat Intelligence Group said in February 2026 that model extraction attacks were rising as a form of intellectual-property theft, though it said it had not seen advanced persistent threat groups directly attacking frontier models. (cloud.google.com) OpenAI said in a February 2025 threat report that it disrupted two China-linked operations using or attempting to use models from OpenAI and another U.S. lab. Nextgov also reported that Anthropic had accused DeepSeek, Moonshot AI, and MiniMax of sending 16 million exchanges from about 24,000 fraudulent accounts to its Claude model, while OpenAI told House lawmakers it had seen signs of attempts by DeepSeek to distill frontier models. (openai.com, nextgov.com) The White House did not name specific Chinese companies in its April 23 memo, and the document frames the case as a government assessment rather than a public indictment. For now, the administration’s message to agencies is that protecting leading U.S. AI systems will be treated more like protecting other strategic technologies. (whitehouse.gov, nextgov.com)