Anthropic's new 2028 scenario paper turns AI safety into a geopolitical contest over chips, data centers and who gets to copy frontier models.
Anthropic is no longer just warning about powerful AI in the abstract. Its latest 2028 AI leadership paper frames the next two years as a practical test of American state capacity: can the United States and its allies keep control of the compute stack long enough to preserve a meaningful lead over China?
That is a different kind of argument from the usual AGI safety debate. The paper is less concerned with a runaway model in a lab and more concerned with smuggled Nvidia servers, offshore cloud access and mass model distillation. In Anthropic's telling, the strategic advantage still belongs to the U.S. because the most advanced chips, manufacturing tools and frontier models sit inside a largely allied supply chain. But that advantage is not self-executing. It has to be defended.
The paper lays out two possible 2028 outcomes. In the first, Washington closes loopholes, strengthens export enforcement and makes it harder for Chinese labs to obtain restricted compute or cheaply copy frontier model behavior. Anthropic says that could widen the compute gap to roughly 11x and keep U.S. models 12 to 24 months ahead. In the second, enforcement remains porous, China reaches near-parity and then exports cheaper models along with AI-enabled surveillance capabilities to governments that prefer control over openness.
The strongest evidence for that argument is not theoretical. According to the Associated Press, U.S. prosecutors charged Super Micro Computer senior vice president Yih-Shyan Wally Liaw, Taiwan sales manager Ruei-Tsang Steven Chang and contractor Ting-Wei Willy Sun over an alleged scheme to divert $2.5 billion worth of servers containing advanced Nvidia chips to China between 2024 and 2025. Prosecutors said the defendants used fabricated documents, staged equipment and a pass-through company to conceal where the servers were really going.
That case matters because it turns export control from a policy slogan into an operational problem. If one alleged network can move billions of dollars of AI servers through false paperwork and third-country routing, then a chip ban on paper is not the same thing as a chip ban in practice. It also explains why Anthropic keeps returning to enforcement rather than simply calling for broader restrictions. The issue is no longer only what Washington prohibits. It is whether anyone can tell where the hardware ends up.
Congress is already moving in that direction. In April, House China committee chairman John Moolenaar argued that Chinese firms were using smuggled chips, overseas data centers and unauthorized distillation of U.S. models to close the gap. His committee also cited estimates that China may have obtained tens of thousands to several hundred thousand restricted chips. Those are wide ranges, but the direction is clear. Compute controls have become a live national-security fight, not a niche semiconductor rule.
Distillation changes the economics
The more uncomfortable part of Anthropic's paper is its claim that model access can substitute for some of the missing compute. Distillation is the process of using the outputs of a stronger model to train or improve another model. In ordinary machine learning, that can be a legitimate technique. At scale, through fake accounts and automated querying, Anthropic argues it becomes industrial espionage.
This is where the story becomes more complicated for frontier labs. Anthropic wants policymakers to treat large-scale distillation as a national-security threat, while its own business depends on selling access to highly capable models through APIs and enterprise products. That does not make the warning wrong. But it does mean the company is acting as both witness and interested party.
The Mozilla example shows why the stakes are real. TechRadar reported this month that Mozilla said Anthropic's Mythos Preview and other AI models helped ship more than 400 Firefox security bug fixes in April 2026. Some issues had reportedly sat in code for 15 to 20 years. That is a useful, defensive outcome. It also shows why governments worry about who gets the strongest cyber-capable systems first. A model that helps find old browser flaws can strengthen software, but similar capability in the wrong workflow can accelerate offensive discovery.
That is the central tension running through Anthropic's position. The company is arguing that frontier capability should remain concentrated inside democratic supply chains, at least long enough for governance norms to settle. Critics will see a regulatory moat. They will not be entirely wrong. Export controls, anti-distillation rules and know-your-customer obligations would all raise costs for smaller labs and make incumbents more important to national policy.
But the moat argument is not enough to dismiss the paper. China does not need to beat U.S. labs model for model to change global AI markets. It only needs models that are cheap, capable enough and bundled with state-backed infrastructure. If those systems become the default option across parts of Asia, Africa and the Middle East, then the fight is not just about benchmarks. It is about which legal, surveillance and security assumptions get baked into the next layer of digital infrastructure.
Anthropic's 2028 scenarios may be self-interested, but they are not trivial. The next phase of AI competition will be decided as much by customs paperwork, API abuse detection and allied chip coordination as by the next benchmark score. That is what investors, founders and policymakers should watch now.
Also read: Calif showed how AI can compress Apple exploit work into days • Nvidia's reported RTX 5090 price hike turns local AI into a costlier bet • VS Code makes agents central while keeping local AI tied to Copilot
