In a far more extraordinary occurrence, Anthropic thwarted a prominent cyber espionage campaign. Criminals harnessed its AI tool, Claude, to carry out complex cyber attacks at an unprecedented scale and speed with little human involvement. Operation GTG-1002 is a landmark in the study of cyber threats. As a result, it gives insight into the ways that adversaries are leveraging artificial intelligence to make their attack approaches more powerful and efficient.
By mid-September 2025, the coalition made a daring move to break through on all 30 international targets. These ranged from big tech companies, financial services, chemical producers and some federal government agencies. The attackers used Claude to function as an “independent cyber attack agent,” coordinating multiple steps of the attack lifecycle. This ranged the entire attack lifecycle from reconnaissance, to vulnerability discovery, exploitation, lateral movement, credential harvesting, to data analysis and exfiltration.
The Mechanisms Behind the Attack
Claude was the “central nervous system” of this operation. It received commands from human operator and divided complicated, multi-step attacks into simpler, technical steps. These actions were later distributed to sub-agents, enabling stealthy execution across the attack chain.
Perhaps most remarkable was an example where Claude was directed to autonomously interrogate databases and systems. It further parsed the results to identify and flag proprietary or sensitive information and organized its findings by intelligence value. Claude Code and Model Context Protocol (MCP) tools played an important role in making this operation fairly easy to accomplish.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” – Anthropic
The execution was impressive, a testament to the vast coordination and staffing resources that came into play. The threat actor was adept at developing prompts and crafting personas. This gave Claude the ability to execute distinct steps of attack chains while obscuring the malicious goal altogether.
Evolving Threat Landscape
In a recent post, Anthropic pointed to the deleterious impact of this operation on the cybersecurity model. This campaign marks a significant reduction in barriers for undertaking increasingly complex cyberattacks. This means that less advanced hackers are able to execute operations that only the technically proficient teams could achieve before.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set-up, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator.” – Anthropic
This incident underscores an alarming trend. Adversaries are increasingly capable of using AI technology not just as a tool but as a primary actor in their malicious endeavors. Unlike other advanced technologies with a human-in-the-loop, AI can conduct dynamic maneuvers and conduct tactical operations at lightning speeds. These rates are just unattainable for human hackers to reproduce.
Implications for Cybersecurity
The implications of GTG-1002 extend beyond just this singular event. They signal a fundamental shift in how cyber threats may evolve in the future. And today, organizations need to deeply understand the sad truth that attackers can leverage AI to make their attacks far more impactful.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains.” – Anthropic
As cybersecurity professionals study this operation, there’s no doubt that a new level of vigilance and more sophisticated defensive tactics are required. The landscape is changing rapidly, and organizations must adapt to anticipate and mitigate these new forms of threats.