O Alibaba atacou a Anthropic e mostrou como roubar qualquer IA, incluindo a sua

In 44 days, Alibaba made 28.8 million interactions with Claude using 25,000 fake accounts. The goal was to copy what the model knows how to do without paying for development. But what interests me is not Alibaba. It's what this case reveals about any company that has adopted AI and exposes an interface to the world. You don't need to be Anthropic to be vulnerable. If your company has a chatbot, an internal assistant, or any AI system that answers questions, you have an attack surface that probably no manager is thinking about. WHAT YOU WILL LEARN • Distillation: how to extract the capabilities of a model by answering questions at scale • System prompt reverse engineering: how to discover the proprietary instructions that shape your assistant's behavior • RAG extraction: how to mine your knowledge base through model responses • The three questions any manager should be asking their technology team right now ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Sources: CNBC: https://www.cnbc.com/2026/06/24/anthr... Bloomberg: https://www.bloomberg.com/news/articl... Reuters: https://www.reuters.com/world/china/a... Financial Times: https://www.ft.com/content/8496c940-f... Valor Econômico: https://valor.globo.com/empresas/noti... The Wall Street Journal: https://www.wsj.com/tech/ai/anthropic... Presented by Maria Alice Maia, data scientist from UC Berkeley, professor, doctoral candidate and researcher in AI usage behavior and governance at FGV EBAPE, founder of Estudio 68 and Micah 6 AI. micah6ai.com ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ FREQUENTLY ASKED QUESTIONS: Q: What is an AI distillation attack? A: Distillation is a method of training a smaller model using the responses of a larger model. When done without permission, via fraudulent accounts, it becomes intellectual property theft. The resulting model learns the capabilities of the original without the attacker incurring any costs. Q: What is system prompt reverse engineering? A: It is the process of systematically asking questions to an AI assistant to infer the proprietary instructions that shape its behavior. It's not technical distillation, but the effect is similar: the competitive advantage of the system prompt can be reconstructed from the responses. Q: How does RAG extraction work? A: RAG (Retrieval-Augmented Generation) systems consult proprietary documents in real time to answer questions. An attacker can ask systematic questions to reconstruct the content of these documents from the model's responses, without directly accessing the database. Q: What is the difference between distillation, prompt reverse engineering, and RAG extraction? A: The attack vector is the same (exposed interface + volume of interactions), but what is extracted is different. Distillation extracts capabilities from the model. Reverse engineering extracts proprietary instructions. RAG extraction extracts data from the knowledge base. A company can be vulnerable to all three simultaneously. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CHAPTERS 00:00 The case that changes the question 00:53 Introduction 01:16 What happened: Alibaba attack 04:01 Risk 1 — Distillation 07:03 Risk 2 — Reverse engineering of System Prompt 10:43 Risk 3 — Extraction via RAG 14:26 Friction pause 15:26 What changes in practice 16:58 Framework — 3 questions for your team