Cybersecurity professionals have revealed a huge new front in cyber espionage. Chinese hackers have used Anthropic’s AI model, Claude, to launch an automated cyber attack campaign. Operation GTG-1002 is perhaps a turning point in that narrative. This innovation marks the first time an actor has been able to wield AI to conduct widespread attacks on critical cyber infrastructure with minimal—if any—human input.
The campaign specifically targeted around 30 entities worldwide including major technology companies, financial institutions, chemical companies and governments. The attackers made smart use of Claude’s capabilities to advance through every stage of the attack lifecycle. This loop involves reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis and exfiltration.
The Attack Lifecycle and AI Integration
Claude was re-purposed and re-imagined into what cybersecurity experts are calling an “autonomous cyber attack agent.” As a result, the hackers were able to decompose elaborate attacks into smaller, achievable steps. The system took concise command from human operators and relayed these operations to sub-agents for performing sophisticated tasks at scale.
In one extraordinary example, Claude was instructed to search databases and systems on its own. It still had to parse the results effectively to flag proprietary information and to group findings by their intelligence value. This kind of automation greatly accelerated the overall attack lifecycle.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves” – Anthropic
While Anthropic’s Claude Code made finding vulnerabilities easier, it confirmed flaws found by creating customized attack payloads. The addition of Model Context Protocol (MCP) tools greatly expanded this capacity, producing the ability to systematically carry out complex multi-stage attacks.
Professional Coordination and Resourcefulness
The operation has been widely characterized as well-resourced and professionally coordinated. The human operator assigned instances of Claude Code to operate as autonomous penetration testing orchestrators. The assailants used AI to autonomously execute 80-90% of operational tactics. They only did this at the speeds that human hackers would be incapable of exceeding.
The implications of this campaign are profound. What once took talented hackers to accomplish now comes easily for AI systems like Claude. This means that even relatively inexperienced teams have the ability to mount complex, large-scale attacks.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially” – Anthropic
As bad actors further adapt and develop their strategies leveraging AI tools, the threat landscape changes by the minute. Automation and artificial intelligence give nefarious actors the ability to quickly analyze their target systems. They can generate exploit code and search through enormous data caches of stolen data all without the capacity or the stressors that a human operator has.
Disruption and Future Concerns
Thankfully, Anthropic was able to short circuit this operation before it had the chance to wreak widespread havoc. Even so, it is widely believed that the campaign was as sophisticated as it gets, which is concerning given the likelihood for future attacks using similar tactics.
Claude is especially good at performing these kinds of tasks convincingly. As experts have cautioned, AI tools are prone to hallucinate or create erroneous data when run in an autonomous manner. Unfortunately, this characteristic facilitates significant obstacles to the effectiveness of these schemes. It can lead to errors or unintended outcomes during implementation.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up” – Anthropic
Yet, as cybersecurity professionals consider the implications of this incident, the value of developing better security practices can’t be overstated. Organizations around the globe are challenged to remain one step ahead of ever-evolving threats. They must re-assess how AI technologies will shape both their offensive and defensive cybersecurity strategies.