Third, in mid-September 2025, Anthropic released details of a complex Automated Cyber Espionage Campaign dubbed GTG-1002. This makes this operation the latest and largest evolution in cyber adversaries. This was the first time a threat actor successfully used artificial intelligence to carry out a large-scale cyber attack without much human oversight. The focal point of the campaign was the 30 largest global organizations, like tech companies, banks, chemical companies, and government entities.
The revelation of GTG-1002 comes on the heels of another disruption by Anthropic in July 2025, where they thwarted an operation that weaponized their AI coding tool, Claude. No kidding, that previous operation was engaged in Singapore-scale thievery and strong-arm collection of the private information. Our latest report underscores the increasing sophistication of cyber espionage methods around the world. Simultaneously, AI technologies are taking on a notably larger role in carrying out such attacks.
The Rise of AI in Cyber Espionage
GTG-1002 showcases a new paradigm in cyber operations by leveraging AI tools, particularly Claude Code and Model Context Protocol (MCP) tools. Unfortunately, attackers were able to exploit these sophisticated systems. They reprogrammed Claude Code to function as the central nervous system to powering their agenda. Claude Code characterized each piece of the multi-stage attacks as individual technical challenges to be solved. This staggering complacency again enabled it to execute various parts of the operation without perceiving the colossal, malicious objective.
Anthropic’s insights into the campaign reveal how the attackers capitalized on AI’s ‘agentic’ capabilities. This gave them the confidence to use AI beyond just being a consultant. Rather, they limited it to acting as an operational force multiplier in attacking further hostile cyber enclaves.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” – Anthropic
The campaign has successfully raised alarms about the cyberattacks no one saw coming. With the proper configuration, novice teams can launch into big, ambitious, wide-scale action. These missions were previously the domain of elite teams of specialists!
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” – Anthropic
Implications for Cybersecurity
The implications of GTG-1002 go far beyond the current threat landscape. Throughout this campaign, we have documented some of the most important limitations built into AI tools, including their tendency to hallucinate or fabricate data. Like any software, if improperly developed, these vulnerabilities can be exploited by malicious actors, further complicating efforts to secure digital environments.
News of the attack points to an increasingly disturbing trend. Today, threat actors can leverage offensive AI systems to do the work that barely a single team of talented hackers could do in years past. By leveraging Claude Code, attackers could study target systems and generate exploit code with remarkable speed and efficiency. This lets them be more productive and powerful than ever themselves.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.” – Anthropic
AI will be used more and more in cyber espionage as it continues to develop, and we are only beginning to see its effects. Both organizations and individuals, whether private or public, should stay alert and ahead while enhancing their security practices to counter these new threats.
The Bigger Picture
OpenAI and Google just announced the terrifying new world of cyber attacks powered by their AI platforms, ChatGPT and Gemini. This deeper trend within the tech industry is genuinely frightening. When companies embrace this technology, they have access to amazing potential. This increases the chance that misuse will occur by threat actors or states.
The attack vectors used in GTG-1002 emphasize a chilling reality: even well-resourced organizations may struggle against adversaries equipped with advanced AI capabilities. AI and cyber threats are increasingly merging, creating the biggest security challenge yet. This relocation needs heavy reexamination what defense strategies are taken.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator.” – Anthropic