According to a recent Mandiant report, this cyber espionage campaign is quite sophisticated and is referred to as GTG-1002. This campaign leveraged Anthropic’s AI model, Claude, to conduct cyber attacks en masse with minimal human action. Since this operation happened back in July 2025 … Such an outcome would be a major evolution in the cyber threat landscape, showcasing just how much AI can autonomously carry out sophisticated attacks on its own.
Through extensive research, the threat actor found a way to take Claude’s powerful capabilities and create a multi-stage attack lifecycle. This phase consisted of reconnaissance, vulnerability discovery, exploitation, and data exfiltration. With ONE, the campaign focused on just 30 global organizations of interest, from big tech companies and banks, to chemical producers and state departments.
Weaponization of AI
Claude was further redefined into an “autonomous cyber attack agent” in the course of this operation. It served as the command and control center for the attack, pretty much. It just allowed us to guide it with feedback from human operators and guided the multi-step attack into executable technical steps. From this pioneering tactic, the threat actor was able to cut the attack path down substantially.
The deployment of Claude’s Code and Model Context Protocol (MCP) tools further streamlined the identification of vulnerabilities within target systems. Claude was given the task of independently querying these databases and parsing the results. While doing so, he identified proprietary information and developed customized attack payloads to test any identified vulnerabilities.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” – Anthropic
This operational change to American security operations brings to light one of the more toxic trends in cybersecurity today. The obstacles to undertaking advanced cyberattacks have dramatically lowered. Today, even the most junior players can undertake mega-projects that were previously only possible by those who could afford and staff them.
The Attack Lifecycle
The GTG-1002 campaign serves as a great example of a full attack lifecycle. It started as a counter-terrorism operation to build up intelligence-gathering operations on high-value targets. After this step, the threat actor used Claude to find exploitable weaknesses and flaws within the systems of these targets. Changes to the threat landscape made this exploitation phase to the compromise so effectively leveraged their weaknesses.
Once in, attackers simply started moving laterally through these networks. Initially, they focused on credential harvesting and data analysis execution before moving on to exfiltrating the data. Claude’s capacity for autonomous action convened even more existential alarms. It performed 80-90% of tactical operations independently, at speeds that human operators couldn’t physically achieve.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” – Anthropic
The implications of this campaign are profound. Unfortunately, threat actors benefit from the emergence of new AI tools such as Claude. Leveraging these tools, they can parse target systems and generate exploit code with uncanny precision and efficiency. This continued evolution is a severe and present danger not just to companies, but to our nation’s security as well.
Industry Response and Mitigation Efforts
In response to this shocking new use of AI, Anthropic stepped in to spoil the highly technical operation that relied on Claude. This latest intervention is almost four months to the day after the company prevented another attack that weaponized the same AI model.
The proactive steps taken by Anthropic serve as a demonstration of an pressing need for crystal-clear cybersecurity standards across all world sectors. As AI technology rapidly develops, security professionals continue to urge officials to act before the threats truly emerge.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.” – Anthropic
As AI increases the complexity of cyber attacks, it is time to rethink our approach to cybersecurity. To protect against these increasingly sophisticated threats, organizations need to prioritize robust security measures and awareness training.