Washington has vowed to curb what it sees as the unauthorized extraction of intellectual property from US-developed artificial intelligence models, toughening its stance just as China’s DeepSeek revealed its latest system.
White House Office of Science and Technology Policy (OSTP) said on Thursday, April 23), that information indicated that foreign entities, mostly based in China, are engaged in deliberate, industrial-scale campaigns to distill border designs of US AI.
“Leveraging tens of thousands of proxy accounts to avoid detection and using jailbreaking techniques to expose proprietary information, these coordinated campaigns systematically extract capabilities from American AI models, leveraging American expertise and innovation,” said Michael Kratsios, an assistant to the president for science and technology, director of OSTP and the US government department.
“Models developed from clandestine and unauthorized distillation campaigns like this do not replicate the full performance of the original,” he said. “However, they enable foreign players to roll out products that appear to have comparable performance in selected benchmarks at a fraction of the cost.”
He added that these distillation campaigns also allow those actors to deliberately remove security protocols from the resulting models and undo the mechanisms that ensure those AI models are ideologically neutral and truth-seeking.
According to the memorandum, the Trump administration will:
- share intelligence with US AI companies on attempts by foreign actors to conduct unauthorized, industrial-scale distillation, including tactics used and actors involved;
- enable closer coordination across the private sector to counter such activities;
- partner with industry to develop best practices to detect, mitigate and remediate industrial-scale distillation and strengthen protection;
- consider measures to hold foreign actors accountable for industrial-scale distillation campaigns.
The warning came ahead OUTGOING of DeepSeek V4 on Friday, April 24, highlighting growing concern in Washington over how Chinese developers are closing the gap with borderline US models.
DeepSeek, a company based in Zhejiang, has been clear about its methods. At the end of January 2025, she said he used knowledge distillation techniques to train his V3 model, a process often compared to a student learning by asking a teacher lots of questions and absorbing the answers.
In a research paper published on Friday, the company said it had advanced that approach with a technique known as Policy Distillation (OPD) to train V4, drawing on the results of 10 separate “learning” models. In practical terms, OPD allows a model to initially generate its own answers before consulting multiple teachers to refine and correct them, speeding up the learning cycle.
DeepSeek said the V4 inherited its design from the DeepSeek-V3, but underwent a number of modifications.
“Through the extension of reasoning arguments, DeepSeek-V4-Pro-Max demonstrates superior performance compared to GPT-5.2 and Gemini-3.0-Pro on standard reasoning benchmarks,” the company said. “Furthermore, DeepSeek-V4-Flash-Max achieves performance comparable to GPT-5.2 and Gemini-3.0-Pro, establishing itself as a highly cost-effective architecture for complex reasoning tasks.”
The company said that the performance of DeepSeek V4 is only about 3 to 6 months behind the latest frontier models, such as GPT-5.4 and Gemini-3.1-Pro.
OpenAI released GPT-5.2 in December, while Google launched Gemini 3.0 Pro last November.
“Distillation Attacks”
In January 2025, the debut of DeepSeek V3 sent shockwaves through Wall Street, as investors reacted to the strong performance of a low-cost Chinese AI model that appeared to rival American systems.
During a meeting of the US Senate on January 29 of that year, Commerce Secretary Howard Lutnick said DeepSeek was able to build its “cheap” models by purchasing large quantities of Nvidia chips through third parties and relying on data from Meta’s open platform.
However, US President Donald Trump said in February 2025 that the development of cheaper artificial intelligence was an inevitable technological change and could ultimately benefit the US, adding that lower costs would be a very good development.
Criticism in Washington over the use of distillation techniques by Chinese AI firms simmered for nearly a year before reports of industrial-scale distillation activity, often described as “distillation attacks,” reignited the debate in recent months.
In a February 12 memo to the US House Select Committee on China, OpenAI said DeepSeek had used the distillation techniques as part of what it described as an ongoing effort to “free ride on capabilities developed by OpenAI and other US frontier labs.”
The company added that it had identified “new, obfuscated methods” intended to bypass safeguards designed to prevent misuse of the results of its models. The memo indicated that efforts to curb such activity have not been entirely successful.
Anthropogenic said in a Feb. 23 report that it identified industrial-scale campaigns by three Chinese AI labs, including DeepSeek, Moonshot and MiniMax, to illegally mine Claude’s capabilities to improve their models.
“These labs generated over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts, in violation of our terms of service and regional access restrictions,” the company said.
“Distillation can also be used for illicit purposes: competitors can use it to acquire powerful capabilities from other labs in a fraction of the time and at a fraction of the cost it would take to develop them independently,” he said.
The report said that “such distillation attacks” follow a repeatable pattern. Attackers gain access through proxy services that resell usage at scale, using networks of fraudulent accounts to avoid detection. They then send large volumes of structured requests to extract capabilities or build datasets, with thousands of nearly identical requests across coordinated accounts targeting high-value functions.
Prompt is the input or instruction given to an AI model to direct its response. The report gives an example used by distillation attackers: “You are an expert data analyst who combines statistical rigor with deep domain knowledge. Your goal is to deliver data-driven insights, not summaries or visualizations, based on real data and supported by thorough and transparent reasoning.”
On April 16, the US House Select Committee on China held a hearing titled “China’s Campaign to Steal America’s Artificial Intelligence Edge,” where lawmakers accused Chinese firms of buying high-end Nvidia chips through third countries and using distillation to extract data from American AI models.
“Chinese labs are using unauthorized distillation attacks to extract information from our best AI models” said Chairman of the Select Committee on China, John Moolenaar. “Since they don’t have enough AI chips to develop the models themselves, they prefer to just steal them from their American competitors. Anthropic, OpenAI and Google have all verified that this is happening.”
Moolenaar said Congress should pass legislation to stop China’s repeated attempts to legally and illegally buy American technology for use against the US.
Ascend 950PR
Chinese Foreign Ministry spokesman Guo Jiakun commenting on the White House’s accusation against AI’s alleged theft of US intellectual property by Chinese firms. said The claims are baseless and are deliberate attacks on China’s development and progress in the AI industry.
“We call on the US to respect the facts, remove prejudices, stop inhibiting China’s scientific technology development, and choose a course of action favorable to China-US scientific technology exchanges and cooperation,” he said.
Earlier this month, a bipartisan group of US lawmakers presented The Multilateral Extension of Hardware Technology Controls (MATCH) Act to attempt to block Chinese chipmakers from accessing ASML’s deep ultraviolet (DUV) immersion lithography systems.
Lawmakers are now expanding that focus beyond hardware, seeking measures to prevent Chinese firms from distilling US AI designs.
These developments DID following Beijing’s push to discourage domestic tech firms from buying Nvidia H200. Lutnick said on Wednesday, April 22, that no H200 chips had yet been sold to Chinese companies, citing the difficulties those firms face in securing approval from the Chinese government. It’s been three months since Trump approved AI chip exports to China.
A technology columnist based in Henan writes that Chinese AI firms remain keen to buy Nvidia’s H200 chips but are wary that orders could be disrupted if US policy suddenly changes. He says DeepSeek V4 and Huawei Technologies’ newly launched Ascend 950PR chips are likely to form the backbone of China’s emerging AI ecosystem.
On March 22, Huawei introduced Ascend 950PRsaying the chip delivers 2.87 times the performance of the H20 and comes close to that of the H200. The media reports said the company plans to ship about 750,000 units this year.
Read: US lawmakers seek to block access to China’s DUV lithography
Follow Jeff Pao at X at @jeffpao3
