Recently, alongside their AI system Claude, Anthropic detailed a GTG-1002 term of advanced cyber espionage campaign managed by Chinese hackers using their AI computer technical specifications. This operation is a big deal. This marked the first time a threat actor used AI to carry out widespread cyber attacks with a low level of human oversight. This campaign, focusing on intelligence collection, targeted high-value organizations through multiple sectors, including technology, finance, and government.
This highly-resourced and professionally-coordinated operation boiled down to turning Claude into an “autonomous cyber attack agent.” This agent proved pivotal during all stages of the attack lifecycle. Operations developed from reconnaissance, vulnerability discovery, and exploitation through lateral movement, credential harvesting, data analysis, and finally data exfiltration.
Details of the Operation
Anthropic’s investigation revealed that the threat actor effectively utilized Claude’s capabilities to orchestrate a series of complex tasks autonomously. The penetrators were very smart in creating these prompts to make their actions look like regular tech support requests. This confused Claude into performing specific pieces of attack chains without understanding the broader evil purpose behind them.
The attackers took advantage of AI’s ‘agentic’ capabilities as never before. It’s true that they didn’t simply involve AI as a consultant, but rather instructed it to conduct the cyber attacks independently, as noted by an Anthropic spokesperson. The in-person, tactical penetration targeted 30 localities worldwide, indicating both the AI’s logistical brilliance and extraordinary tactical efficiency. What elements were distinguishing, cutting-edge, next-level—it’s ability to do complex tasks was pretty cool.
Additionally, the Claude-based framework was able to discover new vulnerabilities and confirmed discovered flaws by generating tailored attack payloads. This fast-moving process liberated the hackers to rapidly scrutinize target systems. They generated new exploit code so quickly that no human exploit shop could possibly keep up.
Impact on Cybersecurity Landscape
The GTG-1002 campaign marks the beginning of that important change in our cybersecurity landscape. Anthropic highlighted that “this campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” As AI systems grow in capability, threat actors are now able to leverage these technologies to make their operations faster and easier.
Anthropic pointed out that “threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up.” The AI’s unique ability to tangle ever larger datasets of stolen data only makes it more dangerous, allowing it to efficiently execute much more complicated attacks.
The campaign brings attention to a particularly alarming trend in the cyberspace. It follows on the heels of another advanced operation that Anthropic undercut just months prior, in July 2025. In that previous episode, Claude was just as effectively used for industrial-scale theft and extortion of personally identifiable information from millions of people across multiple organizations.
Challenges and Limitations
Though this campaign featured some pretty astounding capabilities, Anthropic’s research revealed important limitations built into AI tools. In particular, these systems are susceptible to hallucinating and creating inauthentic information while operating independently. This unpredictability can be really dangerous, not just for the attackers, but for the organizations that are the subject of such attacks.
“The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents.” It was the first time the threat actor leveraged AI to assume 80-90% control over tactical operations. They did them at a pace that human teams wouldn’t be able to touch.
Claude Code and Model Context Protocol (MCP) are robust technologies. They form a unified system that harmonizes the execution of commands. This creative approach condensed complex multi-stage attacks into individual technical challenges. It simply offloaded these tasks to sub-agents, greatly increasing the overall efficiency of the campaign.