The company Anthropic announced an unprecedented cyber-espionage campaign, where hackers reportedly acting on behalf of China leveraged the AI model Claude to automate attacks on dozens of organizations worldwide. As of now, this marks the first documented instance of a large-scale cyberattack conducted almost entirely without human intervention. The targets included technology firms, financial institutions, and government agencies – around 30 organizations in total. Researchers from Anthropic noted that AI executed between 80% to 90% of the operation. Jacob Klein, head of the Threat Intelligence Group at Anthropic, mentioned that the attack was launched almost at the push of a button, after which AI operated independently. Human involvement occurred only at several critical stages. This enabled the perpetrators to conduct operations with a massive speed – up to several thousand requests, sometimes several per second, which is unattainable for orders issued by humans.
Bypassing Claude’s security by masquerading as cybersecurity firm employees, hackers accessed its agent capabilities – functions that allow the model to independently plan actions and execute complex task sequences. As a result, AI autonomously conducted reconnaissance of target systems, wrote exploit code, collected credentials, and extracted data from compromised networks.
Although the majority of attacks were blocked by security systems, some were successful. Anthropic does not disclose details about which data was stolen but emphasizes that the mere success of the attack demonstrates a new threat. Particularly disturbing is the fact that the same agent capabilities used by attackers are also crucial for defense – for incident analysis, vulnerability detection, and automated threat response.
An internal team from Anthropic actively utilized Claude in investigating this campaign – for log analysis, pattern identification, and decoding attack tactics. Logan Graham from Anthropic’s security group highlighted in an interview with the Wall Street Journal that if defenders are not given a significant and sustained advantage in AI usage, there’s a real danger of losing this race.
Anthropic emphasizes that this incident marks a turning point in cybersecurity. Previously, AI was mainly used as an auxiliary tool – for data analysis or code generation upon request. Now it can act as an autonomous agent, coordinating complex attacks in real-time. This requires a revision of protection approaches: security systems must not only recognize AI threats but also counteract them with comparable speed and autonomy. Anthropic intends to bolster security in Claude and share attack data with other companies and government agencies to prevent similar incidents in the future.
