"Models developed from surreptitious, unauthorized distillation campaigns like this do not replicate the full performance of the original," the White House memo warned.
OSTP memo: defining an "industrial-scale" theft
The White House Office of Science and Technology Policy (OSTP) has formally accused China and other foreign entities of running "deliberate, industrial-scale campaigns to distill U.S. frontier AI systems," according to a memo circulated to federal agencies. OSTP described distillation campaigns as attacks in which "an attacker sends a deluge of requests to an AI model to train a knockoff version of it." The memo warned that while copies produced by such campaigns "do not replicate the full performance of the original," they can nonetheless "enable foreign actors to release products that appear to perform comparably on select benchmarks at a fraction of the cost."
Anthropic and OpenAI allegations point to methods and scale
OSTP did not name companies in its memo, but U.S. firms have made public accusations. In February, Anthropic accused three China-based companies—DeepSeek, Moonshot AI and MiniMax—of overwhelming its Claude model with roughly 16 million exchanges generated from about 24,000 fraudulent accounts. Around the same time, OpenAI told members of the House China Select Committee it had seen evidence "indicative of ongoing attempts by DeepSeek to distill frontier models of OpenAI and other US frontier labs, including through new, obfuscated methods."
OSTP Director Michael Kratsios reinforced the technical picture in an X post, saying "these foreign entities are using tens of thousands of proxies and jailbreaking techniques in coordinated campaigns to systematically extract American breakthroughs." That language frames the campaigns as automated, distributed, and engineered to evade detection.
White House actions: information sharing, best practices, and accountability
The memo lays out a multi-part response the Trump administration will pursue with U.S. companies. OSTP told agencies it will share more information with the private sector about attempts to conduct large-scale distillation attacks, "enabling companies to better coordinate against such attacks." The administration plans to partner with firms to develop a set of best practices to counter distillation campaigns and is "looking at developing new steps to hold foreign actors accountable for their actions."
OSTP framed these actions as consistent with the White House's AI Action Plan, released in July 2025, which emphasizes "preventing our adversaries from free-riding on our innovation and investment." The memo therefore ties operational steps—threat reporting and defensive standards—to a broader policy line on protecting intellectual property.
Retired Gen. Paul Nakasone signals possible tools: export controls and diplomacy
Retired Gen. Paul Nakasone, who previously led the NSA and U.S. Cyber Command and now heads Vanderbilt University's Institute of National Security, described a menu of potential responses at a roundtable with reporters in Nashville. He said the administration may consider "export controls, diplomatic protests and tailored technology restrictions" as options to deter distillation efforts. He added, "And we're going to be very, very careful about how we're going to share that [AI technology] with a series of different partners."
The White House warning arrives against a backdrop OSTP flagged as strategically salient: the memo cites concern that advanced commercial models, including those with "exquisite cybersecurity capabilities," could pose national security risks if they "fall into the wrong hands." Lawmakers, the memo notes, have been worried about how technology advances may ultimately benefit Beijing through mechanisms such as military-civil fusion, especially given China's "increasingly bellicose tone toward Taiwan."
What this means for technologists, policymakers, and U.S. AI companies
- Technologists and security teams: Expect heightened operational coordination with federal agencies and peer firms, increased monitoring for high-volume request patterns (proxies, jailbreaking techniques), and a push to harden models against large-scale automated extraction attempts.
- Policymakers and regulators: The administration is preparing to combine information-sharing, best-practice guidance and potential accountability mechanisms—ranging from export controls to diplomatic actions—into a policy posture aimed at stopping "free-riding."
- U.S. AI companies and executives: Companies will likely be asked to participate in OSTP-led partnerships to develop defensive standards, share incident information more rapidly, and consider technical and contractual measures to limit large-scale model extraction.
The White House has moved the distillation problem from company grievance to stated federal concern: OSTP is coordinating a set of operational and policy steps, firms have named alleged Chinese actors and described scale, and national-security voices are urging a suite of tools that includes both technical defenses and statecraft. A proximate diplomatic moment will follow—the memo notes that President Donald Trump and Chinese President Xi Jinping are scheduled to meet next month in Beijing—raising a practical question the memo leaves in modern, blunt terms: can a mix of battlefield defenses, industry coordination and diplomatic pressure halt what OSTP calls industrial-scale efforts to siphon U.S. AI advances?
