In February 2026, roughly 24,000 fraudulent accounts bombarded Anthropic's Claude model with 16 million interactions, likely harvesting outputs to train a competing model—while OpenAI simultaneously reported that DeepSeek employees circumvented access restrictions to extract model outputs. A new report from the Center for Data Innovation, published June 26, 2026, warns that these incidents reveal a growing national security threat known as adversarial AI distillation, where foreign actors systematically steal the capabilities of U.S. frontier AI models. The report argues that while policymakers are right to take the threat seriously, they need a carefully calibrated response to avoid damaging America's broader AI ecosystem.
The report identifies three distinct problems created by adversarial distillation. First, it threatens U.S. competitiveness by allowing foreign competitors to close the gap with American AI leaders while exploiting billions in U.S. research and development investment. Second, extracted capabilities risk flowing into Chinese military and intelligence applications through Beijing's military-civil fusion strategy—a downstream risk the House Homeland Security Committee's investigation has highlighted explicitly. Third, distilled models can inherit a frontier AI model's underlying capabilities while losing its safety guardrails, enabling systems that could assist with weapons development, offensive cyber operations, or dangerous materials synthesis without the constraints U.S. developers built in.
According to the report, existing U.S. laws offer some tools to address adversarial distillation, but they're unlikely to be sufficient against coordinated, state-affiliated, industrial-scale efforts. The Computer Fraud and Abuse Act likely covers campaigns involving thousands of fraudulent accounts designed to defeat access controls, but criminal prosecution of individuals abroad—especially in China—is often unenforceable. The report notes that firms could bring claims under the Defend Trade Secrets Act, but model outputs themselves aren't trade secrets, so they'd face an uphill legal battle proving the technically complex connection between extracted outputs and resulting model capabilities. Most importantly, the report finds, existing law provides no systematic mechanism for intelligence sharing between government and targeted AI companies, no structured process for identifying adversarial actors, and no diplomatic framework for coordinated allied response.
Policymakers have already started filling these gaps. The House Foreign Affairs Committee unanimously passed the Deterring American AI Model Theft Act of 2026, which would use export controls and sanctions to raise costs for foreign bad actors who systematically scrape U.S. models to shortcut their AI development. The White House Office of Science and Technology Policy issued Memorandum NSTM-4 characterizing foreign adversarial distillation campaigns as a national security threat. But the report warns that policymakers must tread carefully to ensure anti-distillation measures don't inadvertently criminalize standard academic benchmarking or undermine legitimate AI research and development. A poorly calibrated law risks walling off American innovation from the global developer ecosystem or limiting U.S. developers from using distillation while foreign ones do so with impunity.
The report concludes that defensive legislation is only a stopgap. To maintain strategic advantage, the U.S. government should treat AI security not merely as a matter of trade secrets and export controls, but as a core pillar of cyber defense. The authors recommend pairing statutory enforcement with aggressive technical investments—such as supporting advanced watermarking and algorithmic detection mechanisms—to build a dynamic, public-private defense strategy capable of evolving as fast as the models themselves. Any legislative response, the report argues, should enhance existing authorities while combining better technical defenses with international coordination to create a comprehensive framework that protects American AI leadership without stifling innovation.