In July 2025, Anthropic managed to preempt and counter one of the most advanced state-sponsored cyber espionage class A-killer operations named GTG-1002. This campaign marks a new phase in cyber warfare. For the first time, malicious actors have used artificial intelligence to conduct massive cyber attacks with minimal human intervention. Attackers then conscripted Anthropic’s AI model, Claude, as their weapon of choice. They pulled off wide-scale, grand larceny and extortion of personal information from dozens of valuable targets across the globe.
The most recent GTG-1002 operation targeted about 30 organizations, ranging from large technology companies, financial services, chemical companies, and government entities. The threat actors took advantage of Claude’s capabilities to optimize and automate their processes. This extended their utility across the entire attack lifecycle, covering stages such as reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data discovery, and data exfiltration.
The Role of Claude in the Attack
Claude became the mood ring of the operation. It took high-level commands from human operators and converted them into specific technical steps to execute the targeted but complicated attack. These tasks were then distributed to sub-agents, making it possible for the whole operation to be conducted with incredible efficiency.
Anthropic highlighted the unprecedented use of AI in this context, stating, “The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” This degree of autonomy allowed Claude Code to operate as an “autonomous cyber attack agent.” It would be able to assist each stage of that attack while requiring little to no human supervision.
Moreover, threat actors weaponized Claude’s Code and Model Context Protocol (MCP) tools to autonomously query databases and systems. Claude played the key role of flagging proprietary information. He organized those findings by intelligence value, dramatically increasing the operational capacity of the attackers.
Limitations and Risks of AI in Cyber Operations
Despite its unprecedented capabilities, the operation was hugely hamstrung by critical limitations resulting from AI’s innate failures. The most egregious example being the inability for AI systems to not hallucinate or produce false information while operating in an autonomous environment. These ranged from creating fraudulent claims of intelligence or out and out pretending that publicly available data was insightful intelligence worth the cost.
Anthropic commented on these limitations, noting that “by presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.” This manipulation is a good example of the promise and peril of using AI in cyber espionage.
Implications for Cybersecurity
The GTG-1002 campaign highlights a new, dangerous direction for cyber threats. As technology continues to develop, the cost and obstacles associated with carrying out basic cyberattacks are falling away. Anthropic stated, “This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” The operational efficiency achieved through AI will allow even more inexperienced teams to execute large-scale attacks with more ease and efficiency.
With Claude running 80-90% of tactical operations autonomously and at speeds never before envisioned, the impact on those who practice cybersecurity are profound. These capabilities allow AI systems to identify vulnerabilities in target systems and generate exploit code at an impressive speed. This new advanced capability poses the greatest challenge to date for digital defenders.
