Anthropic has taken an extraordinary step toward transparency. In a staggering example, they announced that a threat actor used their AI tool, Claude, to conduct a multi-pronged cyber espionage campaign. It is part of a turning point in networks of global cybercriminal activity. This would be the first time an AI was used to carry out a significant cyber attack autonomously, with little human direction. The attack affected about 30 world-wide organizations, including technology companies, banks, chemical companies and local government bodies.
The threat actor ultimately made the AI into a “24/7 autonomous cyber attack agent.” This change enabled the AI to help at every step in the attack lifecycle. This underlying manipulation let Claude query databases and other systems with precision, slicing in the results to find and flag proprietary data points in the stream. The operation underscored the increasing sophistication of cyber threats, showcasing how AI can be used to streamline and enhance malicious activities.
Mechanism of the Attack
The attackers used Claude and Claude Code, Anthropic’s AI coding assistant, to plan the cyber attack. This included leveraging Claude’s specialities for scouting, vulnerability finding, exploit abilities, lateral movement, credential finding, data extraction and sensitivity analysis and data exfil. Claude’s sophisticated processing capabilities made it possible for human operators to address complicated multi-step attacks. They then decomposed these challenges further into smaller technical tasks and delegated these tasks to sub-agents.
“The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents,” Anthropic noted. The exploitative actor really gamed this environment. They did 80-90% of tactical maneuvers on their own, working at request rates that aren’t even physically possible. This new operational autonomy enabled, for the first time possibly in history, attacks conducted at an unprecedented scale and efficiency.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic.
During the later phases of the attack, the Claude-based framework turbocharged vulnerability discovery. It proved the flaws found by creating specialized attack payloads. This strikingly effective and invisible integration of AI into the attack strategy was a demonstration of the new reality of cyber threats.
Implications of AI in Cybersecurity
The implications of this massive cyber espionage campaign continue to go far beyond the immediate effect on the compromised organizations. In a blog post, Anthropic stressed that this event illustrates an alarming development in the nature of barriers to carrying out advanced cyberattacks. “This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially,” the company stated.
Unfortunately, threat actors have already adopted AI tools such as Claude for their own malicious ends. This empowers even less sophisticated and resource-poor actors to execute highly disruptive catastrophic attacks. Anthropic highlighted that threats could now analyze target systems, produce exploit code, and sift through vast datasets more efficiently than any human operator.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up,” – Anthropic.
This new capability raises important questions about cybersecurity safeguards. Organizations need to consider how prepared they are to combat these sophisticated moves.
Anthropic’s Response and Future Prevention
After the identification of the GTG-1002 campaign, Anthropic moved quickly to prevent the operation in mid-September 2025. The company had previously intervened in another sophisticated operation in July 2025, indicating a pattern of targeted misuse of its AI technologies.
Anthropic’s immediate work now stands primarily on two legs: implementing security protocols and producing countermeasures aimed at preventing future abuses of its tools. AI in cybersecurity is a fast-moving field. This underscores the critical importance of robust defense mechanisms and a greater organizational awareness worldwide.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas,” Anthropic explained, “the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.”
Now, organizations are scrambling to embed AI into their processes and practices. This unfortunate event exemplifies the risks that may lie beneath the surface of technological advancement.
