15-11-25, 02:10 AM
In September 2025, we uncovered the first large-scale cyberattack executed almost entirely by AI. The operation, attributed with high confidence to a Chinese state-sponsored group, leveraged autonomous AI “agents” to infiltrate around 30 global targets, including tech firms, financial institutions, chemical manufacturers, and government agencies. Several attempts succeeded, marking a turning point in cybersecurity.
Unlike previous attacks, AI acted as an autonomous executor, not just an advisor—capable of running complex operations with minimal human input. This dramatically increases the feasibility and speed of large-scale attacks.
Upon detection, we launched a 10-day investigation, blocked compromised accounts, notified affected entities, and coordinated with authorities. This case highlights the urgent need for advanced detection and defense strategies. In response, we’ve expanded our monitoring systems, improved classifiers, and are developing new methods to identify distributed AI-driven attacks. Sharing this case publicly aims to help industry, government, and researchers strengthen defenses against evolving threats.
How the Attack Worked
The campaign exploited three recent AI capabilities:
Intelligence: Models now follow complex instructions and write exploit code, enabling sophisticated attacks.
Agency: AI agents operate autonomously, chaining tasks and making decisions with minimal oversight.
Tools: Access to software utilities—such as password crackers and network scanners—via open protocols.
Attackers built an autonomous framework using Claude Code, jailbreaking it to bypass safeguards. They disguised malicious tasks as legitimate security testing, enabling Claude to:
Reconnaissance: Map systems and identify high-value databases in record time.
Exploitation: Find vulnerabilities, write exploit code, and harvest credentials.
Data Exfiltration: Extract and classify sensitive data, create backdoors, and document operations for future attacks.
AI performed 80–90% of the campaign, reducing human involvement to a handful of decisions. At peak, Claude executed thousands of requests per second—far beyond human capability. While effective, it occasionally produced errors, such as hallucinated credentials, showing limits to full autonomy.
Cybersecurity Implications
The barriers to sophisticated attacks have dropped dramatically. With proper setup, AI can replicate the work of entire hacker teams—analyzing systems, writing exploits, and processing stolen data faster than humans. Even low-resource groups could launch large-scale operations.
This escalation raises a critical question: why continue developing AI if it can be misused? The answer: these same capabilities are vital for defense. Our Threat Intelligence team used Claude extensively to analyze this attack, and we’re investing in safeguards to prevent adversarial misuse.
Cybersecurity has fundamentally changed. We urge security teams to adopt AI for defense—SOC automation, threat detection, vulnerability assessment, and incident response—and developers to strengthen safety controls. Industry-wide collaboration and improved detection methods are now essential.
source of information: https://www.anthropic.com/news/disrupting-AI-espionage
Unlike previous attacks, AI acted as an autonomous executor, not just an advisor—capable of running complex operations with minimal human input. This dramatically increases the feasibility and speed of large-scale attacks.
Upon detection, we launched a 10-day investigation, blocked compromised accounts, notified affected entities, and coordinated with authorities. This case highlights the urgent need for advanced detection and defense strategies. In response, we’ve expanded our monitoring systems, improved classifiers, and are developing new methods to identify distributed AI-driven attacks. Sharing this case publicly aims to help industry, government, and researchers strengthen defenses against evolving threats.
How the Attack Worked
The campaign exploited three recent AI capabilities:
Intelligence: Models now follow complex instructions and write exploit code, enabling sophisticated attacks.
Agency: AI agents operate autonomously, chaining tasks and making decisions with minimal oversight.
Tools: Access to software utilities—such as password crackers and network scanners—via open protocols.
Attackers built an autonomous framework using Claude Code, jailbreaking it to bypass safeguards. They disguised malicious tasks as legitimate security testing, enabling Claude to:
Reconnaissance: Map systems and identify high-value databases in record time.
Exploitation: Find vulnerabilities, write exploit code, and harvest credentials.
Data Exfiltration: Extract and classify sensitive data, create backdoors, and document operations for future attacks.
AI performed 80–90% of the campaign, reducing human involvement to a handful of decisions. At peak, Claude executed thousands of requests per second—far beyond human capability. While effective, it occasionally produced errors, such as hallucinated credentials, showing limits to full autonomy.
Cybersecurity Implications
The barriers to sophisticated attacks have dropped dramatically. With proper setup, AI can replicate the work of entire hacker teams—analyzing systems, writing exploits, and processing stolen data faster than humans. Even low-resource groups could launch large-scale operations.
This escalation raises a critical question: why continue developing AI if it can be misused? The answer: these same capabilities are vital for defense. Our Threat Intelligence team used Claude extensively to analyze this attack, and we’re investing in safeguards to prevent adversarial misuse.
Cybersecurity has fundamentally changed. We urge security teams to adopt AI for defense—SOC automation, threat detection, vulnerability assessment, and incident response—and developers to strengthen safety controls. Industry-wide collaboration and improved detection methods are now essential.
source of information: https://www.anthropic.com/news/disrupting-AI-espionage
