In a landscape where artificial intelligence is rapidly evolving, two of the leading companies, Google and OpenAI, have issued warnings about a growing threat: competitors probing their models to extract proprietary reasoning and replicate their capabilities. This alarming trend is particularly associated with the Chinese company DeepSeek, which has been identified as a key player in these activities.
Understanding Distillation Attacks
Google’s Threat Intelligence Group chief analyst, John Hultquist, described these actions as distillation attacks, wherein adversaries utilize prompts to clone AI models. In a recent report, Google disclosed that one such campaign employed over 100,000 prompts in an attempt to replicate the reasoning abilities of its model, Gemini, across various tasks and non-English languages.
The Value of AI Models
Hultquist emphasized the significance of these models as valuable intellectual property. He noted that if competitors can distill the underlying logic of these systems, they can significantly reduce the cost and complexity of developing their own AI technologies. Google has taken measures to protect its internal reasoning traces and has the capability to block accounts that engage in unauthorized distillation.
Challenges in Enforcement
Despite these protective measures, the nature of large language models (LLMs) makes them inherently vulnerable to such attacks. The widespread accessibility of public-facing AI models complicates enforcement against abusive accounts, often turning it into a futile game of whack-a-mole. Hultquist warned that as more organizations develop their own models, the risk of distillation attacks will only increase.
OpenAI’s Response
OpenAI has also voiced concerns regarding DeepSeek, noting in a memo to the House Select Committee on China that the company has engaged in activities consistent with adversarial distillation. They reported that DeepSeek employees have developed methods to circumvent access restrictions and utilize third-party routers to access US models. OpenAI is investing in stronger detection mechanisms to combat unauthorized distillation but acknowledges that a collaborative approach is necessary for effective defense.
OpenAI has called for US government assistance to address these vulnerabilities, suggesting that a collective effort is essential to safeguard against distillation attacks. The company advocates for closing API router loopholes that allow unauthorized access to US models and restricting adversarial access to critical computing infrastructure.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
