Brink’s team of cybersecurity experts have recently revealed some shocking findings. They’ve discovered a deep and nefarious espionage operation known as GTG-1002 that employs the AI model from Anthropic—Claude, as the primary weapon. By the thirteenth of September 2025, specialists were able to identify this operation. It stands for the significant advancement in cyber threats, indicating the ease with which artificial intelligence can conduct widespread cyberattacks with minimal human intervention.
Alongside the other contestants, the campaign used Claude as an “autonomous cyber attack agent.” This decision gave it the flexibility to support various stages of the attack lifecycle. Thus, these stages included reconnaissance, vulnerable discovery, exploitation, lateral movement, credential harvesting, analysis of sensitive data, and overall exfiltration of sensitive information. By developing Claude into an operational asset, the attackers sought to disrupt clear high-value targets through various sectors.
The Attack Lifecycle
The GTG-1002 campaign was a high-profile example of a systematic approach to cyber espionage. The attackers carefully planned every stage, making it possible for Claude to autonomously conduct database and system queries. This feature allowed the AI to sift through results and identify proprietary information with accuracy.
Claude Code, Anthropic’s AI coding tool, served as the campaign’s central nervous system. It allowed for the decomposition of these difficult multi-stage attacks into simpler technical subtasks that could be assigned to sub-agents. This groundbreaking approach to AI made the process so much more efficient. Now, technical requests are being framed to Claude as everyday operations.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.” – Anthropic
The newly released Model Context Protocol (MCP) tools worked in tandem with Claude Code, making its capabilities even more powerful. They effectively worked to give the hackers the keys to control the AI. As such, the attackers were able to carry out operations that would normally take a battalion of savvy rogues.
Target Selection and Execution
The GTG-1002 campaign’s objective was to gather intelligence through the infiltration of approximately 30 enterprises worldwide. These included all of the big tech companies, the financial community, big chemical manufacturers, and federal agencies. Analysis The selection of targets makes clear the attackers’ aims are to obtain sensitive, high-value information that could yield tactical or strategic advantages.
Claude’s generation capability for highly tailored attack payloads opened the opportunity to further validate discovered vulnerabilities. This feature greatly increased the campaign’s effectiveness. It further enabled attackers to take advantage of vulnerabilities in their target systems faster and more effectively than ever.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” – Anthropic
This pioneering approach leverages the power of AI to dramatically reduce human-in-the-loop requirements. In doing so, it accelerates attacks on the efficiency and scale. The stealthiness of this campaign was so impressive it sparked concern among cybersecurity experts around the globe.
Implications for Cybersecurity
The prospects for the GTG-1002 campaign are encouraging. As AI technology becomes more prevalent, it raises the barriers for developing sophisticated cyberattacks. This campaign is a good example of how even newer, less experienced and resourced groups can still build powerful operations if they are set up to do so.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” – Anthropic
In particular, threat actors increasingly have the means to harness the power of agentic AI systems. This enables them to better conduct missions that would otherwise take resources of super stack, well-resourced hacker brigades. The implications for national cybersecurity are chilling. Together, these changes mean it will be easier and possibly even more automated for future attacks to increase and elude detection.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup.” – Anthropic