This week’s most consequential business-law story did not come from a courtroom — it came from a letter to the Senate. As Dr. Alex Wissner-Gross reported in the June 25 edition of The Innermost Loop, Anthropic has accused Alibaba’s Qwen lab of the “largest known distillation attack” on its Claude models: roughly 28.8 million harvested exchanges, allegedly pulled through some 25,000 fraudulent accounts and used to train a rival system on Claude’s hardest-won capabilities. Strip away the jargon and it is an old problem in new clothing — someone copying the valuable thing you built. AI trade secret theft is now operating at industrial scale, and it has stopped being a worry reserved for frontier labs.
What AI Distillation Means for Your Business
“Distillation” sounds technical, but the idea is simple. A powerful AI model is expensive to build. A cheaper way to approximate it is to ask it millions of questions, record the answers, and use those question-and-answer pairs to train a smaller “student” model that mimics the original. Done with permission, it is a legitimate engineering technique. Done by harvesting a competitor’s system through fake accounts and against its rules, it is — in Anthropic’s framing — capability theft. Security researchers call the same maneuver a model-extraction attack.
Here is why this should land on the desk of business owners who have never trained a model in their lives. The thing being stolen is not source code. It is the behavior a company invested in — the judgment, the patterns, the institutional know-how encoded in its outputs. Almost every modern business now has an equivalent: pricing logic, customer-service scripts, proprietary datasets, design libraries, underwriting rules, the contents of a customer portal. The moment that value is exposed through an API, a website, or an AI tool, it can be sampled, copied, and reconstituted by someone else. AI trade secret theft is the industrial-scale version of a risk you already carried.
The detail that turns this from a business dispute into a legal one is the alleged use of roughly 25,000 fraudulent accounts to evade rate limits and detection. That is not browsing — it is engineered circumvention, and the law treats circumvention very differently from ordinary use.
The Legal Impact: 5 AI Trade Secret Theft Risks
There is no single “AI theft law.” Instead, a distillation dispute sits at the intersection of trade secret law, contract, the federal anti-hacking statute, and deal diligence — and most businesses have never mapped that intersection to their own data. Below are the five places AI trade secret theft lands first, and why each deserves attention before, not after, something is copied.
1. Trade secret protection only exists if you earned it
Under the federal Defend Trade Secrets Act (and its state counterparts), information is protectable only if the owner took “reasonable measures” to keep it secret and it derives value from not being generally known. That is the trap. A business that leaves valuable data loosely controlled may discover, after the fact, that it never had a trade secret to defend. Reasonable measures — access controls, confidentiality agreements, logging, need-to-know limits — are not box-checking; they are the thing that converts your data into a legal right. Build them now, while the secret is still secret.
2. The fake-account vector is a Computer Fraud and Abuse Act problem
The alleged use of thousands of fraudulent accounts matters because the Computer Fraud and Abuse Act (CFAA) reaches access that is unauthorized or that exceeds authorization. The Supreme Court narrowed that phrase in Van Buren v. United States, so simply violating a website’s fine print is not automatically a federal crime. But evading technical barriers — creating fake accounts to get around blocks you were never permitted past — is a different and far stronger case. For a business, the lesson cuts both ways: real access controls give you a CFAA claim if someone breaks them, and they also keep your own data-gathering on the right side of the line.
3. Your terms of service are your first contract of defense
Most AI providers already prohibit using their outputs to build competing models, and that prohibition is a contract term, not a courtesy. Your business should have the same. Whether you run an API, a SaaS product, or simply a content-rich website, your terms of service and vendor agreements should expressly bar scraping, automated harvesting, and model training on your data and outputs — and should be presented in a way that is actually enforceable. The difference between a click-to-accept agreement and a buried link can decide whether you have a breach-of-contract claim at all. These are business contracts worth getting right before you need them.
4. Diligence now has to ask how an AI was built, not just what it does
If your company is buying — or investing in — a business whose core asset is an AI model or a dataset, you now have to ask an uncomfortable question: how was it trained? A model built on illicitly distilled outputs can carry latent litigation exposure and validity problems that follow the asset across the closing table. That belongs squarely in mergers and acquisitions diligence, backed by representations and indemnities about how the technology was developed. When a distillation dispute turns into actual litigation, it is handled by our colleagues at Howard Law Group, who litigate trade secret and technology disputes.
5. Your own use of AI can manufacture the exposure
The threat is not only external. Employees who paste confidential files, code, or client data into consumer AI tools can quietly destroy the “reasonable measures” that make information a trade secret in the first place — and can expose the company to its own contractual breaches. A short, enforced policy on what may and may not be entered into third-party AI systems is one of the cheapest risk controls available, and it pairs naturally with the confidentiality and employment agreements you already have.
Running beneath all five risks is a strategic choice many companies have not made consciously: whether to protect a given asset as a trade secret, by contract, or both. That decision shapes everything from how you store data to how you draft your next agreement, and it is far cheaper to make on purpose than to reconstruct in discovery.
What Howard East Clients Should Do Now
You do not need to retreat from AI or from sharing your product with the world. You need to make your valuable data legally defensible before someone tests it. Three moves are worth making this quarter.
First, document your reasonable measures. Identify your genuinely valuable information, restrict access to it, paper it with confidentiality terms, and keep records that you did so. That file is what proves a trade secret existed when you eventually need to.
Second, upgrade your terms and your vendor contracts. Add clear, enforceable anti-scraping, anti-distillation, and no-competing-model language to your terms of service and your agreements with AI vendors — and confirm those terms are presented in a binding way. This is the same discipline that protects proprietary operating data in any data-rich field, from a cannabis operator’s SOPs and cultivation data to a software company’s API.
Third, build AI into your diligence and your policies. If you are buying or investing, ask how the technology was trained and get representations to match. If you hold proprietary processes — a manufacturer’s methods, a cannabis company’s proprietary genetics and extraction techniques, a firm’s underwriting models — decide deliberately whether trade secret or contract is your shield, and set an internal rule on what employees may feed into outside AI tools. For a related look at how AI is reshaping intellectual property exposure, see our analysis of AI-generated inventions and patent risk, then review your broader corporate risk posture.
Frequently Asked Questions
Is AI model distillation illegal?
It depends on how the data was obtained and what the source’s terms allowed. Training on another company’s outputs can support claims for trade secret misappropriation, breach of contract, and — where access controls were evaded, such as through fraudulent accounts — the federal Computer Fraud and Abuse Act. There is no single “distillation statute”; liability is built from existing law applied to the facts.
How can a business protect its data from AI trade secret theft?
Start by proving you treated the information as secret: access controls, confidentiality agreements, and documented security measures are what qualify information for protection. Then add terms of service and vendor contracts that expressly prohibit scraping, model training, and distillation of your data, plus employee policies on what may be entered into third-party AI tools.
Why does AI trade secret theft matter for mergers and acquisitions?
When a target’s core asset is an AI model or dataset, the buyer needs to know how it was built. A model trained on illicitly distilled outputs can carry hidden litigation and validity exposure that survives the closing, so diligence and indemnities should address how the technology was developed — not just what it does.
This article is for informational purposes only and does not constitute legal advice, and reading it does not create an attorney-client relationship. The allegations described are claims that have not been adjudicated. AI trade secret theft questions are fact-specific and evolving; consult qualified counsel about your situation. Attorney Advertising.
Protect What You Built — Talk to Howard East
If your business runs on proprietary data, models, or processes, now is the time to make sure your trade secret protections, contracts, and terms of service actually hold up. Howard East advises business owners on intellectual property, contracts, and corporate risk in the age of AI. Book a consultation to pressure-test your AI trade secret theft exposure before someone else does.
Source: Dr. Alex Wissner-Gross, The Innermost Loop, June 25, 2026.
