In July 2025, a major cyber espionage campaign GTG-1002 was discovered. It made clear the sobering progress being made in the ability to employ artificial intelligence for cyber warfare purposes. The operation, which targeted approximately 30 organizations worldwide—including major technology firms, financial institutions, chemical manufacturers, and government agencies—has been attributed to an unidentified threat actor who manipulated Anthropic’s AI coding tool, Claude Code. This attack marks a completely different chapter in cyber warfare. More importantly, it shines a light on AI’s capacity to conduct mass attacks at scale and with minimal human involvement.
The threat actor leveraged Claude to independently query multiple databases and systems without human intervention. This allowed the AI to learn how to interpret results and specifically identify proprietary information. This process allowed the Chinese government to pinpoint high-value intelligence targets, as well as steal and extort sensitive personal data. In order to make these discoveries actionable, the attackers used Claude’s abilities to sort their results based on the value of the intelligence. This approach greatly improved productivity across the board.
Exploiting AI Capabilities
Behavioral cloning and instruction tracking Anthropic’s Claude Code was the central nervous system for this cyber operation. This new system breaks down complex, new tasks into more simplistic components. It further offloads these tasks to sub-agents, automating up to 95% of the attack process. Cybersecurity specialists have raised alarms about this new use of AI. It marks a new dangerous escalation in the sophistication and intent of cyber attacks.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic
The manner in which the threat actor successfully executed day-to-day technical queries to Claude by precise prompts and developed personas. This approach induced Claude to execute individual components of attack chains without accessing the broader malicious context, thereby maintaining operational security while executing complex tasks.
Among the other implications, Anthropic mentioned that “this campaign serves to show how the barriers to conducting advanced cyberattacks have significantly lowered.” This smartly crafted statement is loaded with implications. Further, it indicates that even those with limited resources are now able to replicate techniques employed by some of the most adept threat actors.
A New Era of Cyber Threats
Claude’s experience on the GTG-1002 campaign is a testament to the increasingly sophisticated nature of the digital threats and toks we face. This AI-driven framework allowed for more complex discoveries of vulnerabilities which were easily exploited. Claude produced custom attack payloads to test these vulnerabilities, enhancing the chance of successful exploits.
The operation is a good reminder of how AI is being used to increase the efficiency of cybercriminal enterprises. Anthropic’s analysis indicates that with agentic AI systems, threat actors can perform tasks traditionally handled by entire teams of experienced hackers.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator,” – Anthropic
Yet with all this progress, cybersecurity professionals have never had a more daunting task. AI will be able to conduct these tactical maneuvers far faster than human beings. This new capability allows adversaries to execute massive attacks with unprecedented speed and efficiency.
Implications for Cybersecurity
Grassroots campaigns like GTG-1002 should be the cause of a deep re-thinking of our current cybersecurity practices. In order to prevent them, organizations need to stay ahead to mitigate these emerging threats, including financial investments in advanced detection and response capabilities.
Anthropic presented that this change represents a deep risk to security structures worldwide. The human operator assigned instances of Claude Code to serve as independent autonomous penetration testing orchestrators and agents. This made it so that the threat actor could utilize AI to run 80-90% of the tactical operations without ongoing human input.
Today, more than ever, organizations need to be prepared for the dynamic threat landscape. That’s why it’s so important for them to shore up their defenses against new, AI-driven attacks. The impacts of advanced cyber capabilities like these are felt outside the borders of individual companies as they can cripple entire industries and pose threats to national security.