US AI firms team up against model theft

American artificial intelligence companies are starting to act less like isolated rivals and more like banks sharing fraud alerts. According to reports published on April 7, 2026, OpenAI, Anthropic, and Google have begun coordinating to detect and block efforts to copy their models through repeated querying, a practice the industry calls distillation. (latimes.com) (businesstoday.in) The basic trick is simple enough to explain without the jargon. If one company has spent billions training a powerful model, another company can ask that model huge numbers of carefully designed questions, collect the answers, and use those answers as training material for its own system. (anthropic.com) (openai.com) That does not mean all distillation is theft. Distillation is also a normal engineering technique used inside companies to make a smaller, cheaper model learn from a larger one, and OpenAI has openly offered tools for developers to do exactly that on its own platform since October 1, 2024. (openai.com) (developers.openai.com) The fight starts when the smaller model is trained on outputs taken from a rival’s system without permission. Anthropic said last month that distillation attacks show up as massive volumes of traffic, concentrated in a few areas, with highly repetitive structures aimed at extracting the most valuable capabilities for training. (anthropic.com) This is not just a theoretical weakness. A 2024 research paper showed that with ordinary application programming interface access, researchers could extract part of a production language model’s internal embedding layer for under $20, proving that black-box systems can leak meaningful structure even when their weights are hidden. (arxiv.org) Over the past few months, the concern has shifted from academic possibility to commercial alarm. Anthropic has publicly accused Chinese firms including DeepSeek, Moonshot AI, and MiniMax of using fake accounts and Claude outputs to train competing systems, and later reports said the company observed some behavior changing within 24 hours of a new Claude release. (economictimes.indiatimes.com 1) (economictimes.indiatimes.com 2) Google’s threat intelligence team has made similar warnings. In a report published last month, Google said model extraction attacks, including distillation attacks, are rising as a method of intellectual property theft, and its cloud security team urged providers to monitor application programming interface traffic for extraction patterns. (cloud.google.com 1) (cloud.google.com 2) What makes the current story different is the move toward collective defense. The reporting says these companies are sharing intelligence on suspicious accounts and suspicious traffic patterns, even though they compete fiercely in products, talent, and cloud partnerships. (businesstoday.in) (economictimes.indiatimes.com) That cooperation runs into an old problem from another part of American business law. Rival companies can share some security information, but once they start coordinating too closely on access rules, enforcement, or market behavior, antitrust concerns appear, which is why the companies are reportedly asking Washington for clearer guardrails. (businesstoday.in) The national security angle is becoming impossible to separate from the business angle. Anthropic argued last month that distillation can undermine United States export controls by letting foreign labs narrow the gap with American systems even if direct access to advanced chips is restricted. (anthropic.com) That framing changes how customers should read the next wave of product decisions. If model protection is treated like semiconductor protection, companies will have stronger reasons to tighten application programming interface limits, demand more identity verification, watch usage patterns more aggressively, and restrict access by region. (economictimes.indiatimes.com) (cloud.google.com) That could make the artificial intelligence market feel more fragmented than it did in 2024 or 2025. Instead of one global menu of models available to almost anyone with a credit card, developers may increasingly face different model catalogs, rate limits, verification checks, and safety filters depending on country, company, and use case. (anthropic.com) (economictimes.indiatimes.com) There is also a deeper irony here. The same industry that has spent years arguing that larger models learn by absorbing patterns from vast public data is now drawing a much harder line around the outputs of those models when rivals try to absorb them back. (openai.com) (anthropic.com) For now, the immediate story is narrower and more concrete. Three of the biggest United States model makers appear to believe that copying by repeated querying has become costly enough, fast enough, and geopolitically sensitive enough that competing with each other is no longer their only problem. (latimes.com) (businesstoday.in)