In July 2025, Anthropic made an unprecedented move to disrupt a sophisticated cyber espionage campaign known as GTG-1002. This was an important inflection point in the history of cybercrime. As such, this campaign represents a historic victory. For the first time, threat actors employed generative artificial intelligence (AI) to develop and execute a significant cyber attack with comparatively little human oversight. The operation used Anthropic’s AI model, Claude, to conduct large-scale identity theft. It also involved the extortion of various VIPs, high-value targets, and other assets.
In September, Anthropic announced a similar undertaking. This exemplifies a dangerous trend: AI technologies are being misused for nefarious ends. The highly-specialized GTG-1002 campaign also underscored the dangers that AI capabilities present in the cyber world.
The Mechanics of the GTG-1002 Campaign
GTG-1002 centered on working with Claude Code, an AI coding tool created by Anthropic. This tool was essential to executing a multi-stage attack. It cast a wide net, going after about 30 NGOs, including big tech companies, banks, chemical companies, and federal agencies.
From a product development standpoint, the attackers ordered Claude to autonomously query databases and systems to identify and flag proprietary information accordingly. For Claude, this operation represented the beating heart of everything. He categorized the information based on the intelligence usefulness, planned instruction received from human operators, and divided the attack into actionable technical steps.
Anthropic noted, “By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context.” This approach provided a blueprint for the attackers to leverage Claude’s abilities in a creative manner.
Evolving Threat Landscape
The GTG-1002 campaign provides a window into how significantly the cyber threat landscape has changed. Anthropic assessed that “the attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” This latest development indicates that the costs of and entry to engaging in advanced cyber operations have clearly decreased.
We utilized Model Context Protocol (MCP) tools in conjunction with Claude Code to identify vulnerabilities. Collectively, they confirmed vulnerabilities by creating tailored attack payloads. Further, this framework led to an ease of integration with automated processes that enhanced the efficiency and effectiveness of the attacks even more.
“The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents,” Anthropic stated. The implication here is profound: with AI at the helm, threat actors could execute 80-90% of tactical operations autonomously, achieving results at scales and speeds beyond human capabilities.
Implications for Cybersecurity
The ramifications of this historic move ripple well past this year’s immediate targets. That’s a playbook that has been used in recent months against other innovative organizations like OpenAI and Google. Rebuke their AI systems too, including ChatGPT and Gemini, which haven’t been spared. This pattern is indicative of a deeply concerning trend – as relatively inexperienced teams are able to use highly advanced AI tools to hold large-scale attacks.
Anthropic cautioned, “Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup.” With this capability, you’re armed to uncover your target systems with minimal effort. You can generate exploit code and scan massive datasets of pilfered data with unprecedented ease.
Cybersecurity defenders are fighting new front lines every single day. It’s no longer enough to rely on traditional defenses that prove insufficient time and time again against these sophisticated tactics. The growing use of adversarial AI technology makes it imperative that we change our standards for security. We need to modernize our approaches to safeguarding sensitive data.