US Ai company Anthropic, the creator behind Claude AI, has published a report accusing Chinese state-sponsored actors of using its artificial intelligence tools to conduct automated cyber espionage campaigns against various targets, including US organisations. The report details what the team describes as an unprecedented operation leveraging Ai capabilities to execute attacks with minimal human intervention.
According to Anthropic’s claims, hackers allegedly associated with Chinese state interests manipulated their Claude Code tool to target approximately thirty global organisations, including tech companies, financial institutions, and government agencies. The campaign, which they says it detected in September and subsequently disrupted, reportedly operated with minimal human supervision, with estimates suggesting between eighty to ninety percent of malicious activities were executed autonomously by the Ai systems.
Anthropic alleges that attackers circumvented its safety protocols by tricking Claude Code into believing it was assisting a legitimate cybersecurity firm conducting defensive testing. They apparently broke down malicious requests into smaller, seemingly innocuous tasks to avoid triggering the system’s guardrails. Once bypassed, the Ai was allegedly able to perform reconnaissance, identify valuable databases, generate exploit code, and extract sensitive data with minimal human oversight.
What particularly concerns cybersecurity experts is the speed and scale at which these operations reportedly occurred. Anthropic claims the Ai made thousands of requests per second, a velocity that human hackers simply couldn’t match. While the Ai apparently made some errors, including fabricating credentials and claiming to have accessed information that was already public, the company suggests several breaches were successful.
It’s important to note that while Anthropic says it assesses with “high confidence” that the attackers were Chinese state-sponsored, such attributions in cybersecurity cases often involve some degree of uncertainty. Such cyber operations typically employ sophisticated techniques to obscure their origins.
The implications of this alleged campaign extend beyond this single incident. As Ai models become more capable and autonomous, they may lower the barrier for conducting sophisticated cyber operations, potentially allowing even less skilled actors to execute attacks that previously required extensive expertise. The agentic capabilities described in this campaign, where Ai can independently chain together tasks and make decisions with only occasional human input represent what could be a fundamental shift in the threat landscape.
Anthropic has stated it is expanding its detection capabilities and developing better classifiers to flag malicious activity. However, as this incident suggests, the evolving relationship between Ai and cybersecurity may present new challenges for organisations worldwide. Whether this accusation proves accurate or not, it highlights growing concerns about how artificial intelligence might be weaponised in increasingly sophisticated ways in the future.