The White House Is Accusing China of Industrial-Scale AI Theft

The White House Is Accusing China of Industrial-Scale AI Theft

The White House Office of Science and Technology Policy issued a formal memo on April 23, 2026, accusing China of conducting "deliberate, industrial-scale campaigns" to steal US frontier AI capabilities. The memo, signed by OSTP director Michael Kratsios, names distillation attacks — querying US AI systems millions of times to replicate their outputs — as the primary method. The timing, immediately before a Trump-Xi summit, is not accidental.

What Distillation Attacks Actually Are

When you query a large AI model, the response contains embedded information about how the model reasons and what it knows. Repeated, systematic querying — at scale, using tens of thousands of accounts — allows a sophisticated actor to build a training dataset that replicates the queried model's capabilities at a fraction of the development cost. The resulting model can also have its safety guardrails removed, since it's being retrained on outputs rather than built with safety considerations from scratch.

The memo cites Chinese AI labs — including DeepSeek, Moonshot, and MiniMax — as running these campaigns. Anthropic reported in February 2026 that approximately 24,000 fraudulent accounts had been used to extract millions of Claude responses.

The Geopolitical Timing

Issuing this accusation days before a Trump-Xi summit is a calculated move. It gives the US delegation leverage in AI governance discussions and signals that the administration views AI IP theft as a negotiating priority — not just a national security complaint. Whether it results in concrete commitments at the summit level is a different question.

What Companies Should Know

The memo creates new pressure on AI companies to implement API-level controls against systematic distillation. Rate limiting, account verification, anomaly detection on query patterns, and output watermarking are all technical mitigations. But the scale of the campaigns described — tens of thousands of proxy accounts — suggests that reactive, account-by-account enforcement is insufficient. Platform-level controls are needed.

My Take

The distillation attack vector is real and has been documented in academic literature for years. What's new is the White House naming specific Chinese companies and framing it as a national security issue rather than a terms-of-service problem. That framing has regulatory consequences: it opens the door to export-control-style restrictions on AI API access from certain geographies. That would be a significant shift in how AI companies operate globally, and the industry should pay close attention.

Related Articles

Sources