White House Accuses China of Industrial-Scale AI Theft

The White House released a memo from Michael Kratsios accusing foreign entities, principally based in China, of conducting "deliberate, industrial-scale campaigns" to distill US frontier AI systems. The memo names two core techniques, distillation and jailbreaking, and alleges attackers use tens of thousands of proxy accounts to evade detection and exfiltrate model capabilities. The administration intends to share information with US AI companies, explore measures to hold foreign actors accountable, and consider policy levers that include export and trade controls. Beijing rejected the allegations as baseless.

Distillation here describes large-scale model-extraction workflows that query proprietary models repeatedly to build surrogate datasets and train smaller models that emulate the originals. Jailbreaking denotes adversarial prompts and interaction strategies that coerce models to reveal guarded behavior or latent capabilities. Reported operational features of these campaigns include proxy-account networks to bypass rate and volume limits, automated prompt-scheduling to generate high-volume API traffic, and targeted prompts to probe safety filters. Companies named in prior public disclosures include OpenAI and Anthropic, and models referenced in coverage are Claude and Gemini. Detection and mitigation techniques that practitioners should consider include:

• •continuous telemetry and anomaly detection on API usage patterns, including geographic and credential fingerprints
• •output watermarking and behavioral fingerprinting to trace distilled models back to an origin
• •stricter rate limits, usage attribution, and identity verification for high-volume access
• •model-side defenses such as output perturbation, differential privacy, and hardened prompt filters

This is a high-profile escalation at the intersection of national security, IP protection, and commercial AI competition. The memo frames large-scale distillation as a technique that can shortcut years of compute and data investment, enabling lower-cost actors to approach parity in capability. The announcement also signals potential downstream effects on the AI supply chain, notably renewed scrutiny of Nvidia GPU exports and export-control enforcement. Practitioners should view this as part of an ongoing arms race between defensive model hardening and increasingly automated extraction tactics; past legal actions and industry disclosures named China-linked firms such as DeepSeek, Moonshot AI, and MiniMax as participants in similar activities.

Expect rapid investments in API telemetry, attribution tooling, and watermarking methods, plus possible policy actions around chip exports and targeted sanctions. The memo's timing, ahead of a US-China summit, raises the chance of diplomatic friction and accelerated regulatory or trade measures if attribution claims are substantiated.