Week 26
Enterprise AI Weekly: June 22–26, 2026
1. Anthropic Accuses Alibaba’s Qwen Lab of the Largest Known Distillation Attack on Claude
What happened: Anthropic sent a letter dated June 10 to US Senate Banking Committee Chair Tim Scott and Ranking Member Elizabeth Warren, alleging that operators affiliated with Alibaba and its Qwen AI lab ran what it called the largest known distillation attack against Claude to date. According to the letter, the campaign generated more than 28.8 million exchanges with Claude through approximately 25,000 fraudulent accounts between April 22 and June 5, using commercial proxy services to mask the geographic origin of API calls and bypass Claude’s China access restrictions. Anthropic said the targeted capabilities were specifically agentic reasoning, software engineering, and long-horizon task performance — the domains where its restricted Mythos-class models excel.
It is important to be precise about what is confirmed and what is alleged. The 28.8 million figure and the attribution to Alibaba-affiliated operators are Anthropic’s own claims, reported by Bloomberg and confirmed by CNBC, which reviewed the letter directly. Alibaba has not responded to requests for comment from CNBC, Reuters, or Bloomberg, and has not publicly disputed or confirmed the allegation as of this writing. This is also not Anthropic’s first such disclosure: in February, the company named DeepSeek, Moonshot, and MiniMax in similar but smaller-scale distillation complaints. In response to this latest letter, Senators Bill Hagerty and Andy Kim are reportedly moving to attach an amendment to defense legislation that would sanction or blacklist entities found conducting adversarial distillation campaigns.
Why it matters to sysadmins and IT decision-makers: Distillation itself is a legitimate and common machine learning technique — training a smaller “student” model on a larger model’s outputs is standard practice across the industry. What Anthropic is alleging is the adversarial version: using fraudulent accounts and proxy infrastructure to extract a competitor’s proprietary capabilities at industrial scale without authorization. If true, it represents a meaningful escalation from the smaller-scale campaigns disclosed earlier this year.
For IT teams, the practical takeaway has two parts. First, this reinforces why API providers increasingly enforce stricter account verification and anomaly detection — expect continued tightening of usage monitoring, geographic access controls, and account verification requirements across major AI providers as this dispute plays out, which may add friction to legitimate automated or high-volume API usage. Second, if your organization is evaluating or already using Chinese open-weight models (Qwen, DeepSeek, GLM, Kimi) for cost reasons — a trend covered in the next story — this dispute adds a geopolitical and legal dimension to that evaluation that goes beyond pure price-performance comparison. Build that into your vendor risk assessment rather than treating it as a side issue.
Read more: CNBC — Anthropic accuses Alibaba | TechTimes — distillation campaign details | Cybersecurity Magazine — inside the claims
2. The “Tokenmaxxing” Era Is Ending — Uber, Meta, and Lindy Pull Back on AI Spend
What happened: CNBC reported this week that enterprise AI spending is undergoing a hard correction after two years of what the industry has nicknamed “tokenmaxxing” — encouraging employees to maximize AI token consumption with little scrutiny of cost or return. Uber disclosed it exhausted its entire 2026 AI coding budget by April, after roughly 5,000 engineers drove token consumption far beyond projections; the company has since capped individual employee spend on AI tools at $1,500 per month, with an escalation process required for higher limits. Uber’s COO has publicly stated that the link between AI token spend and useful shipped features “is not there yet.” Meta reportedly shut down an internal token-usage leaderboard, nicknamed “Claudeonomics,” after employees collectively consumed roughly 60–74 trillion tokens in a single month; CTO Andrew Bosworth wrote internally that “token usage alone is not a measure of impact of any kind.”
The most direct example came from Lindy, a 25-person AI startup, whose CEO Flo Crivello told CNBC the company moved 100% of its API traffic off Anthropic’s Claude models to DeepSeek’s cheaper open-weight alternative, calling it “a matter of survival for the business.” Coinbase made a similar move, defaulting its engineers to two Chinese open-weight models, Zhipu AI’s GLM 5.2 and Moonshot’s Kimi K2.7 Code, cutting its AI bill nearly in half. A KPMG survey cited in the coverage found only 26% of companies have comprehensive visibility into their own AI costs.
Why it matters to sysadmins and IT decision-makers: This is the natural next chapter after the GitHub Copilot usage-based billing change covered in earlier editions of this newsletter. The pattern across every example this week is the same: AI tool spend scaled faster than any organization’s ability to measure whether it was producing proportional value, and the bill eventually forced the conversation that should have happened on day one.
If your organization has any AI tooling — Copilot, Claude, ChatGPT Enterprise, or developer-facing coding assistants — running without per-team or per-user cost visibility, this week’s news is a clear signal to build that visibility now rather than after a budget overrun forces it. Concretely: confirm whether your AI tooling vendors expose usage data at the team or individual level, set spending alerts or hard caps similar to Uber’s approach, and define a cost-per-outcome metric (tickets resolved, PRs merged, tasks completed) rather than relying on raw usage volume as a proxy for value. The Coinbase and Lindy examples also illustrate the real tradeoff IT decision-makers face when evaluating cheaper open-weight alternatives: meaningfully lower cost, but without the enterprise governance, support guarantees, and safety tooling that come with frontier Western models — a calculus that may be acceptable for some workloads and not others depending on your data sensitivity and compliance requirements.
Read more: CNBC — OpenAI and Anthropic face new AI spending reality | CBC News — companies pulling back from tokenmaxxing | Tom’s Hardware — Uber pumps the brakes
3. Microsoft Adds New Agent 365 Licensing Requirements and Conditional Access Service Plans
What happened: Microsoft made two related changes to its AI agent governance stack this month. First, effective June 1, Microsoft introduced Microsoft 365 E5 as a new licensing prerequisite for new Microsoft Agent 365 purchases — enterprise customers must now hold M365 E5 (or the equivalent frontline/SMB tier) to buy Agent 365, intended to ensure the foundational identity, security, and compliance capabilities are in place before agents are deployed. This does not affect existing M365 E7 customers, since E7 already bundles E5, Agent 365, Copilot, and the Entra Suite together. Second, Microsoft announced two new Entra service plans — Conditional Access for Agents and ID Protection for Agents — being added automatically to Microsoft Agent 365 and M365 E7 licenses, with worldwide rollout beginning early July and expected to complete by early August. No admin action or policy changes are required for the rollout itself, though Microsoft is recommending a license review beforehand.
Why it matters to sysadmins and IT decision-makers: If your organization has any Microsoft Agent 365 licenses, deployed agents (including Scout, the M365 Autopilot agent covered in a previous edition), or is evaluating Copilot Studio agents, this is worth a calendar note now rather than in August. The Conditional Access and ID Protection service plans landing automatically in July mean your existing Conditional Access policies may start evaluating agent identities for the first time without any configuration change on your part — which is generally a security improvement, but it is worth confirming your existing policies are written in a way that behaves correctly when applied to non-human, agent-type identities rather than only human users.
The E5 licensing prerequisite is the more immediate procurement-relevant detail. If your organization is in the process of purchasing or renewing Agent 365 and is not already on E5 or E7, confirm with your Microsoft account team or reseller whether your current licensing tier still qualifies — new purchases now require it, and being caught mid-negotiation without the right base license could delay a deployment timeline.
Read more: Microsoft Partner Center — June 2026 announcements | Microsoft Message Center — new Entra service plans for agents (MC1395007) | Microsoft Learn — What is Microsoft Entra Agent ID
The Week in Summary
Two threads connect this week’s stories. The Alibaba distillation dispute and the broader tokenmaxxing pullback are both, at their core, stories about enterprises and AI labs hitting the limits of a spend-first, ask-questions-later phase of AI adoption — whether that means data being extracted at industrial scale or budgets being blown through in months. The Microsoft Agent 365 licensing changes are the quieter, more structural version of the same correction: AI agent deployment is being wrapped in the same identity, governance, and licensing discipline that took years to mature for human users.
None of this week’s stories requires the kind of immediate failover action that the Fable 5 suspension did a few weeks back. But all three are worth a few minutes with your procurement and security teams: review your AI vendor’s account verification posture if you’re considering cheaper open-weight alternatives, build cost-per-outcome visibility into your AI tooling before a budget surprise forces it, and confirm your Microsoft licensing tier ahead of the July Agent 365 changes.
Next edition publishes July 4.
More Enterprise AI Weekly coverage:
- Enterprise AI Weekly: May 12–18, 2026 — Week 20
- Enterprise AI Weekly: May 19–25, 2026 — Week 21
- Enterprise AI Weekly: May 26–30, 2026 — Week 22
- Enterprise AI Weekly: June 2–6, 2026 — Week 23
- Enterprise AI Weekly: June 9–12, 2026 — Week 24
- Enterprise AI Weekly: June 15–19, 2026 — Week 25
- Enterprise AI Weekly: June 29 – July 4, 2026 — Week 27
- Enterprise AI Weekly: July 6–11, 2026 — Week 28