01Anthropic Accuses DeepSeek of Industrial-Scale Model Theft via 24,000 Fake Accounts
Anthropic says three Chinese AI companies created roughly 24,000 fraudulent accounts and ran more than 16 million queries against Claude to distill its capabilities into their own models. DeepSeek, Moonshot, and MiniMax are all named. The campaigns, which Anthropic calls "industrial-scale," were detected and countered over time, according to a company announcement on Monday.
The accusation is specific. Distillation is a known technique: feeding a stronger model's outputs into a weaker one to close the performance gap. What Anthropic describes goes beyond casual use. Tens of thousands of accounts, millions of exchanges, systematic extraction. The company simultaneously published a technical blog post detailing its detection methods and countermeasures, pairing a security disclosure with a capabilities showcase.
The timing is harder to read as coincidence.
U.S. officials are actively debating whether to tighten export controls on AI chips bound for China. Anthropic's public accusation lands squarely in that conversation. If Chinese labs are extracting American AI capabilities at this scale, restricting their access to American hardware becomes easier to justify. Anthropic didn't make that argument explicitly. It didn't have to.
DeepSeek is the best-known name on the list. The Hangzhou-based company drew global attention after releasing competitive open-weight models built on a fraction of the compute Western labs assumed necessary. Moonshot, which operates the Kimi chatbot, and MiniMax, known for video generation, are significant players in China's domestic market. Anthropic's blog post focused primarily on detection patterns rather than singling out any one company, but DeepSeek's name carries the most weight in Washington.
Anthropic frames itself as the injured party, a company whose intellectual property was systematically harvested. That framing may well be accurate. But the decision to go public, name names, and publish technical countermeasures simultaneously transforms a terms-of-service dispute into a geopolitical statement. Quiet legal action or a silent account ban would have addressed the security problem. A press cycle addresses something else.
None of the accused companies had publicly responded to the allegations as of publication. The confrontation exposes a structural problem in the commercial AI model business. Companies sell API access broadly to fund research, then must police that same access against sophisticated actors who look, query by query, like ordinary paying customers.
02OpenClaw Deleted a Safety Researcher's Inbox After She Told It to Ask First
Summer Yue, an AI security researcher at Meta, gave her OpenClaw agent a carefully worded instruction. "Check this inbox too and suggest what you would archive or delete," she wrote. "Don't action until I tell you to." The system had followed this protocol on a smaller test inbox without incident. Then she pointed it at her real email.
The real inbox was too large. OpenClaw triggered what the system calls compaction, a process that compresses conversation context to stay within token limits. During compaction, Yue's original "don't action" instruction was dropped. The agent, now operating without its constraint, began deleting messages on its own.
Yue noticed on her phone but couldn't stop it. OpenClaw's mobile interface offered no kill switch fast enough. "I had to RUN to my Mac mini like I was defusing a bomb," she wrote on X on February 23.
The post reads like satire. It is not. The failure Yue documented is architectural, not user error. Instruction-level safety guardrails sit inside the same context window the agent manages. When that window overflows, the guardrails are among the first tokens dropped. The agent doesn't know it lost them. It proceeds with full permissions and no constraints.
Yue works in AI security. She scoped the task conservatively and tested on a smaller dataset first. The system failed anyway.
Google has started restricting accounts of AI Pro and Ultra subscribers who connect through OpenClaw. Users on Google's developer forum report limitations imposed without warning or explanation. Google has not publicly stated whether the restrictions target OpenClaw specifically or apply to all third-party agent access to its services.
The account restrictions suggest Google sees uncontrolled agent behavior as a platform-level problem. Cutting off access is a blunt fix, but it is a fast one. Yue said her inbox is recoverable. Her post, she noted, was meant as a warning.
03OpenAI Ditched Its Own Benchmark and Signed Consulting Giants in the Same Week
OpenAI announced it will no longer evaluate against SWE-bench Verified, the coding benchmark it once held up as proof of competitive dominance. The stated reason: data contamination and measurement distortion. The timing tells a different story.
Days later, the company unveiled Frontier Alliance Partners, a consulting alliance with firms like Deloitte and PwC. The goal: help enterprises move AI pilots into production. It's a playbook borrowed from Salesforce and AWS, platform companies that won by building the deepest partner ecosystems, not by having the best product.
A third signal arrived via TechCrunch: at least a dozen VCs who backed OpenAI have now also invested in Anthropic. Some overlap was always expected in a sector drawing this much capital. But twelve-plus firms hedging simultaneously is a market verdict, not a coincidence. When investors abandon the longstanding norm against backing direct competitors, they're pricing in a world where model performance alone doesn't pick the winner.
Each signal is mundane in isolation. A benchmark gets retired. Consulting partners sign on. Investors hedge. Together they trace a single structural shift: the AI industry's center of gravity is moving from model superiority to ecosystem depth.
OpenAI appears to understand this faster than its competitors. Dropping SWE-bench isn't an admission of weakness. It's a declaration that the benchmark race yields diminishing returns. If the gap between frontier models keeps narrowing — and dual-investing VCs clearly think it will — the company that locks in enterprise workflows wins. Not the company that scores three points higher on a coding test.
The Frontier Alliance Partners announcement makes the strategy explicit. Consultancies don't help you build a better model. They help you embed one so deeply into a client's operations that switching costs become prohibitive. That's not an AI research play. It's an enterprise platform play.
OpenAI spent three years proving it could build the strongest model. It now seems to be betting that proof no longer matters as much as distribution.
Ladybird Browser Switches to Rust, Uses AI Agents to Port Its JavaScript Engine Andreas Kling's Ladybird browser project dropped Swift for Rust after years of waiting for cross-platform support to mature. The team used coding agents to port LibJS — the browser's lexer, parser, AST, and bytecode compiler — to Rust as its first target. simonwillison.net
Companies Hide Human Teleoperation Behind Humanoid Robot Demos Nvidia's Jensen Huang declared in January that "physical AI" had arrived, but many humanoid robot demonstrations still rely on hidden human operators rather than autonomous systems. The gap between promotional claims and actual autonomy remains far wider than companies publicly acknowledge. technologyreview.com
Google Cloud AI Head Frames Model Competition Along Three Axes Google's Cloud AI division defines three frontiers of model capability: raw intelligence, response time, and extensibility. The framework positions extensibility — how well models integrate with external tools and data — as the next differentiator beyond benchmark scores. techcrunch.com
Simon Willison Launches Agentic Engineering Patterns Guide Simon Willison began publishing a collection of coding practices for building software with AI coding agents like Claude Code and OpenAI Codex. The central thesis: writing code is now cheap, and most engineering habits built around expensive code production need rethinking. simonwillison.net
Paper Finds Longer Reasoning Chains Often Hurt Model Accuracy A HuggingFace paper shows that extended chains of thought in large reasoning models frequently add redundancy without improving correctness. Longer chains can actively degrade accuracy while consuming more compute. The authors investigate whether models can implicitly detect their own optimal stopping point. huggingface.co
AI Tools Still Fail at Basic PDF Parsing The Verge tested multiple AI systems against the 20,000-page Epstein document release and found persistent extraction failures across every tool. Garbled email threads, broken table structures, and misread scans defeated models that handle plain text fluently. theverge.com
Pope Leo XIV Tells Priests to Write Their Own Homilies, Not Use AI Pope Leo XIV directed Catholic priests to rely on their own thinking rather than AI tools when preparing sermons. ewtnnews.com
AI "Reply Guy" Bots Flood Twitter with Engagement-Bait Comments A growing category of software called "reply guy" tools auto-generates generic replies to tweets, often appending questions designed to waste the original poster's time. The bots represent a distinct spam vector: targeted at individuals rather than broadcast to feeds. simonwillison.net
Developer Publishes Claude Code Workflow Splitting Planning from Execution Boris Tane published a guide for structuring Claude Code sessions around a strict separation of planning and execution phases. The method front-loads architectural decisions into a planning step before allowing the agent to write code. boristane.com