Summary of "Anthropic is lying to us."

Summary — key technological points, product notes, and analysis

Core claim being criticized

Anthropic alleges coordinated “distillation attacks” from Chinese labs (DeepSeek, Moonshot, Miniax): roughly 24,000 fraudulent accounts and more than 16 million exchanges were used to extract chain-of-thought/reasoning, agentic behavior, tool use, and coding, then reproduce capabilities in locally developed models. Anthropic warns these illicitly distilled models would lack safeguards and pose national-security risks.

The speaker challenges the strength of Anthropic’s public claims and calls for verifiable evidence.

Definition — distillation (as used in the video)

Distillation: using outputs from a stronger model (inputs + outputs, sometimes reasoning traces) as training data to make cheaper/smaller models behave similarly.
It is a common ML technique for model compression or tuning, not novel.
Chain-of-thought or reasoning traces are especially valuable for distillation because they reveal intermediate reasoning that helps models learn behavior.

How major labs protect reasoning traces

Many providers obfuscate or hide chain-of-thought (examples: OpenAI hid 01’s internal reasoning trace; Gemini Pro, Grok, and GBT series summarize or re-run reasoning to prevent direct access).
Anthropic historically exposed reasoning traces for developer visibility, which increases the value of their outputs for anyone attempting distillation.

Practical mechanics that undermine Anthropic’s numeric claims (speaker’s analysis)

“Exchanges” vs “requests”: tool calls and agent workflows multiply the number of exchanges per single user request. One request can generate dozens or hundreds of exchanges as tools are invoked and results are passed back and forth. Counting exchanges without context inflates scale.
Benchmarks and internal testing (e.g., SWEBench/SWBench, SnitchBench) can easily produce hundreds of thousands to millions of exchanges; running standard evaluation or tuning suites can match or exceed Anthropic’s cited counts.
Real product usage patterns (new model releases attract most traffic) can explain spikes and traffic redirection that Anthropic attributes to distillation campaigns.
Third-party products legitimately calling Anthropic models (Cursor, Miniax’s agent product, other resellers) can create telemetry patterns similar to what Anthropic calls malicious activity.

Examples and product features discussed

Cursor: paid UI that calls expensive APIs and can use collected outputs to train its own cheaper models (legitimate if API terms allow).
Cloud Code / Claude: paid endpoints that can be resold or proxied at lower cost; cheaper resale/subscription models in some markets could be used to subsidize or support distillation.
Miniax & Moonshot: had products that used Anthropic models, so their telemetry could legitimately show high exchange counts.
T3 Chat (speaker’s product): a multi-model chat app. The speaker demoed traffic numbers (~160k requests/day) to show how Anthropic’s 150k example is relatively small and explained multi-architecture/multi-search features that produce many exchanges.
Benchmarks referenced: SWEBench (2,294 tasks), SnitchBench — used to show how tooling and testing generate large volumes of exchanges.
Other labs/models mentioned: OpenAI (01), Gemini 3.1 Pro, Grok, GBT 5 series, DeepSeek R1, Kimmy (Moonshot), Opus/Sonnet (Anthropic model names), Gemma (Google).

Attribution and detection claims (Anthropic’s method vs critique)

Anthropic’s stated attribution methods: IP correlation, request metadata, infrastructure indicators, and partner corroboration.
Speaker’s view:
- Accepts that proxy/resale operations in some markets plausibly exist (fraudulent accounts, hydra cluster proxies mixing distillation with customer traffic).
- Argues Anthropic provided insufficient evidence to tie the named labs to malicious distillation and that publicly calling out specific labs without strong proof is irresponsible.

Safety and national-security claim skepticism

Anthropic’s claim: distilled models could strip safety filters and enable misuse (bioweapons, cyberattacks).
Speaker’s counterpoints:
- Skeptical that distilling outputs alone would enable materially more dangerous capabilities compared with already-available knowledge or what the original models permitted.
- Notes that distillation reproduces parts of capability; it cannot exceed the source model’s capabilities in meaningful ways.
- Points out an inconsistency: many companies (including large labs) trained on massive scraped internet data themselves, so prohibiting distillation of their outputs while relying on public corpora appears hypocritical.

Evidence, transparency, and policy questions raised

The speaker asks Anthropic to privately share evidence for independent verification.
Policy and TOS questions:
- Is training on permissively licensed GitHub repos that include model outputs disallowed?
- What obligations do companies have to filter or abstract internet content, and how much abstraction counts as “safe”?
- Is a product like Cursor, which uses paid API calls and then trains on opt-in data, a distillation attack?
Notes Anthropic’s prior questionable claims and inconsistent enforcement as context for skepticism.

Conclusions and takeaways

The speaker believes Anthropic’s public report overstates or misattributes the problem and describes many of the report’s claims as unsupported or dishonest.
Acknowledges real risks from proxy resellers and hidden traffic patterns, but argues that Anthropic’s named accusations and numbers are plausibly explained by legitimate testing, product usage, and tool-call inflation.
Invites Anthropic to provide verifiable evidence; absent that, the report is viewed as misleading and potentially politically motivated.

Guides / tutorial-style explanations presented in the video

What distillation is and why reasoning traces matter.
How tool calls and agent workflows produce multiple “exchanges” per user request.
How benchmarks (SWEBench, SnitchBench) and model testing generate large volumes of exchanges.
How companies can legitimately reuse API output to train in-house models (example: Cursor).
How model providers obfuscate chain-of-thought to prevent direct extraction.

Main speakers and sources referenced

Main speaker: the video’s creator / founder of T3 Chat (speaks in first-person and references T3 Chat data).
Companies and labs discussed: Anthropic, DeepSeek (DeepSeek R1), Moonshot (Kimmy), Miniax, OpenAI (01), Google (Gemma), xAI (Grok), GBT (versions 5+).
Products, tools, and benchmarks: Cursor, Cloud Code (Claude), Opus/Sonnet (Anthropic models), SWEBench / SWBench, SnitchBench.
Other individuals mentioned: Will Brown (asked Anthropic questions).
Sponsor mentioned: Work OS

(Note: this summary focuses on the technological analysis and product details presented in the video. The speaker is highly critical of Anthropic’s public claims and requests evidence to validate them.)