White House Accuses China of Industrial-Scale AI Theft

The White House Office of Science and Technology Policy, led by Michael Kratsios, sent a memo alleging that foreign actors, principally based in China, are conducting "deliberate, industrial-scale campaigns" to distill capabilities from U.S. frontier AI systems. The memo charges these actors with using tens of thousands of proxy accounts and model jailbreaking to systematically extract proprietary behavior and replicate it in cheaper, derivative models. Companies named in previous disclosures, such as Anthropic and OpenAI, have reported large-scale distillation attempts; reporting cited proprietary models like Claude and Gemini.

Distillation, as described in the memo, is the process of using a high-capability model as an oracle to generate large datasets of input-output pairs, then training smaller models on that synthetic dataset so they mimic the larger model's behavior while avoiding the original training or compute costs. The memo highlights three tactical elements practitioners should care about:

• •proxy-account scaling, where actors automate thousands of distinct API credentials or scraping sessions to evade rate limits and detection
• •jailbreaking and prompt engineering to coax models into revealing proprietary outputs, internal details, or hidden capabilities
• •systematic dataset construction that converts model outputs into training corpora, enabling replication of benchmark performance without reproducing training data or weights

Distillation does not require access to model weights or original training data, which complicates traditional intellectual property protections. It produces derivative models that may match benchmarks but can strip or bypass safety and alignment mechanisms embedded in the originals. That makes these campaigns both an IP threat and a security risk: models created from distilled outputs can be cheaper, less robust, and easier to weaponize or misuse.

This allegation sits at the intersection of technical, legal, and geopolitical trends. Technically, the cloud API era lowered the barrier to large-scale querying and made distillation cheaper; legally, courts and regulators still wrestle with whether model training and output scraping constitute fair use. Politically, the memo arrives weeks before President Trump visits Beijing, and it ties directly to ongoing U.S. decisions on export controls for advanced accelerators from Nvidia and others. Private-sector reporting already flagged specific China-linked firms, and the government memo signals a willingness to escalate from warnings to operational countermeasures and information-sharing between agencies and industry.

Expect three near-term developments: heightened scrutiny and possible tightening of export controls for advanced GPUs, expanded information-sharing and detection toolkits between government and leading labs, and potential investigations or enforcement actions against entities identified as operating large-scale distillation infrastructures. From a defensive standpoint, model vendors will accelerate monitoring for anomalous query patterns, fingerprinting of synthetic training data, and methods to harden APIs against automated scraping and jailbreak sequences.