Anthropic just published something every engineering leader needs to read.
What Happened
Three Chinese AI labs — DeepSeek, Moonshot, and MiniMax — were caught running large-scale distillation attacks on Claude. The numbers are staggering:
- 24,000+ fraudulent accounts created
- 16 million+ queries to Claude
- 13 million requests from MiniMax alone
- MiniMax pivoted to Claude's new model within 24 hours of release
The goal: extract Claude's reasoning capabilities, tool usage patterns, and censorship-compliant responses to train their own models.
Why This Matters for Developers
If we can't secure AI models from other AI companies, how do we secure the AI tools that developers install every day?
According to Snyk:
- 36.82% of third-party AI skills have security flaws
- 76 confirmed malicious packages
This isn't hypothetical. The AI security problem is here now.
What I Built
That's why I built verified-skill.com. Three tiers of verification before any AI skill touches your machine. If a skill can't prove it's safe, it never reaches your codebase.
The AI security conversation needs to catch up with the AI capabilities conversation.
Source: Anthropic — Detecting and preventing distillation attacks
Top comments (0)