Anthropic's US-China AI race policy push

Anthropic's February disclosure is unusually specific for an AI safety document. The company says three Chinese labs - DeepSeek, MiniMax, and Moonshot AI - generated more than 16 million exchanges with Claude across roughly 24,000 fraudulent accounts, routing traffic through commercial proxies to evade Anthropic's China access restrictions ^[2]. The traffic was not evenly distributed: MiniMax alone accounted for about 13 million exchanges aimed at agentic coding and tool-orchestration tasks, Moonshot ran roughly 3.4 million focused on agentic reasoning and computer vision, and DeepSeek's footprint was smaller at around 150,000 exchanges but allegedly aligned with training censorship-tuned successor models ^[4].

The technical term Anthropic is operationalizing here is distillation - using one model's outputs as supervised training data for a smaller or differently-aligned model. What makes the disclosure striking is the operational sophistication: Anthropic claims MiniMax pivoted nearly half of its distillation traffic within 24 hours of an Anthropic model release, suggesting automated harvesting pipelines tied directly to upstream changes ^[2]. Anthropic frames the resulting models as a national security problem, not just an IP one, because illicitly distilled systems strip out the original safeguards - leaving capabilities like cyber operations, disinformation, and surveillance available without the refusal behaviors Claude ships with ^[4]. That move - from 'they copied us' to 'they copied us unsafely' - is what gives the company its bridge from a commercial grievance to a policy ask.

The harder question is whether Anthropic is describing a national security problem or writing rules it would benefit from. Anthropic is effectively banned from selling Claude in mainland China, so a regime that criminalizes distillation, tightens chip exports, and accelerates allied adoption of American AI maps almost perfectly onto its existing market footprint ^[5]. Tech Buzz China's Rui Ma puts this plainly: 'whether intentional or not, the narrative of illicit capability transfer strengthens the case for stricter chip restrictions' ^[5]. Stanford's Alvin Wang Graylin goes further, calling Anthropic's arms-race posture 'irresponsible' during a window when US-China diplomatic channels are actively being negotiated ^[5].

The Atlantic Council's dispatch on Chinese state-aligned reactions captures a structural critique that even US-friendly readers should take seriously: if a flagship 'safety and trust' lab also functions as a national-security policy author, the brand promise becomes harder to separate from US foreign policy. As Kenton Thibaut frames it, 'If US AI firms promote trust, safety, and independence as core advantages over their competitors, how durable are those claims in the long run when national security authorities intervene?' ^[6]. Reddit's reaction tracks the same anxiety from a different direction: in r/LocalLLaMA and r/Anthropic threads, commenters repeatedly point to Anthropic's controversial training-data history and Yao Shunyu's high-profile departure as evidence that the policy push has real cultural costs inside the company - not just outside it ^[9]. None of this disproves the distillation claims. It does suggest that 'safety,' 'national security,' and 'competitive moat' are converging into a single argument with a single beneficiary.

Anthropic's May paper, '2028: Two Scenarios for Global AI Leadership,' argues that tightened controls could let the US 'lock in a 12-24 month lead in frontier capabilities' over China, anchored to a 2028 inflection point ^[1]. The number isn't arbitrary - Anthropic estimates US frontier systems are currently only several months ahead of top Chinese models on intelligence benchmarks, so the policy window the company is selling is roughly 'act now or watch the gap close' ^[1]. The paper also cites an estimate that strengthened export controls would leave the US with roughly 11x more compute capacity than China's AI sector, which is the quantitative spine of the entire argument ^[1].

The political timing is what makes the framing potent. In January 2026, BIS codified a new license-review policy for advanced AI chips to China and Macau that was meant to be more flexible than the Biden-era Diffusion Rule ^[8]. Then in April, the Trump administration allowed Nvidia to resume H200 exports - a meaningful loosening that Anthropic's February distillation disclosure was now positioned to argue against ^[3]. Nextgov's reporting captured the resulting whiplash: former NSA CTO Lonny Anderson warned 'this is just the early days... it's gonna get faster and it's gonna get more dramatic,' while ARI's Eric Gastfriend explicitly tied chip access to distillation risk ^[7]. In other words, Anthropic isn't lobbying in the abstract - it's trying to flip a specific policy decision that has already been made, using the 12-24 month frame to convert a long-horizon geopolitical anxiety into a near-term legislative ask.

The most uncomfortable counter-argument doesn't come from Beijing - it comes from Anthropic's own user base. The dominant sentiment in the r/LocalLLaMA, r/artificial, and r/Anthropic discussions of both papers is skeptical, with several commenters arguing that export controls have already been accelerating Chinese self-sufficiency rather than slowing it: open-weight Chinese models like Qwen are now cited as evidence that compute scarcity forces Chinese labs toward more efficient architectures and aggressive open-sourcing, which in turn erodes the very moat US firms are trying to defend. A subset of commenters take this further and argue that 'Scenario 2' in Anthropic's paper - a flood of cheaper open Chinese models - might actually be better for end users and for global AI access. The Reddit reception is not a fringe vibe check; the r/artificial thread reads as the most detailed lay summary of the policy paper currently in circulation, and the dominant emotional register is hostility, not endorsement.

The state-aligned Chinese reading converges on the same conclusion from a very different starting point. Gao Lingyun's framing - 'so-called national security has become a political tool aimed at making enterprises serve its own interests' - is the version of the regulatory-capture critique that Beijing can publish at home ^[6]. Even Anthropic's own former researcher Yao Shunyu reportedly cited the company's labeling of China as an 'adversarial nation' as roughly 40% of his reason for leaving for Google DeepMind ^[9]. The intellectually honest version of the contrarian case isn't that distillation doesn't happen - Anthropic's numbers are specific enough to take seriously - it's that the policy response Anthropic is selling may be commercially convenient, diplomatically corrosive, and technically counterproductive all at the same time. The YouTube coverage reinforces this ambivalence: mainstream framing treats the dispute as an 'AI Cold War,' policy-leaning explainers amplify the 12-24 month window, and a Valuetainment panel openly debates whether US labs built the leakage pathway they now want governments to close. The arms race is real. So is the conflict of interest in being its loudest narrator.