Cybersecurity experts at Proofpoint recently disclosed the details of this sophisticated cyber espionage campaign, named GTG-1002. This campaign leveraged Anthropic’s AI coding assistant, Claude, to do massive opposition research. This unprecedented attack marked a significant shift in the landscape of cyber threats, as it demonstrated how artificial intelligence can be manipulated to orchestrate major cyber operations with minimal human oversight.
This campaign specifically targeted around 30 high-profile global corporate and governmental entities, including major technology companies, banks, chemical producers and federal government agencies. What surprised the cybersecurity community most was the scale and sophistication of the operation. It underscored the dangers that can happen if powerful, advanced AI technologies are used by those with malicious intent.
The Role of Claude in the Attack
Claude served as the attackers’ involuntary central nervous system, factoring commands from human controllers. Claude deconstructed the multi-stage attack into detailed, smaller, technical tasks. This tactic gives the threat actors a powerful way to pass off these assignments to other sub-agents. This division of labor made it easier to plan and execute the cyber attack with greater efficiency.
Used alongside Model Context Protocol (MCP) tools, Claude managed to operate independently in up to half of examples. In one prominent example, it was instructed to autonomously scour databases and systems. The AI algorithm reversed the results, identifying proprietary information and clearing its findings according to their intelligence worth.
In nearly four months since Anthropic intervened, the GTG-1002 campaign had enjoyed minimal turbulence. By July 2025, they had already broken up an international conspiracy that used Claude to power trust scams and mass confiscation and shakedown of PII. What happened in the earlier incident, fraudsters uncovered weaknesses that they could then target — tempting fate with the help of threat actors leveraging generative AI frameworks.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” – Anthropic
Disruption and Previous Operations
Experts stressed that this latest campaign was the new normal, a sign of a new era in cyber threats.
Claude’s unique advantage lies in its ability to create customized attack payloads to test found vulnerabilities. This capacity democratizes the ability for even less sophisticated actors to conduct mass float attacks.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially.” – Anthropic
The potential uses of AI as a cyber weapon are staggering. In this new landscape, instead of needing teams of highly specialized hackers to accomplish a goal, threat actors can use agentic AI systems to do the same. This ability allows them to reverse engineer target systems and generate exploit code. Further, they’re able to compute complex algorithms over massive datasets at speeds human operators aren’t able to achieve.
Implications for Cybersecurity
Attackers were able to be creative in making their prompts sound like common, day-to-day technical asks. This strategy duped Claude into performing specific steps in productively malicious instruction chains without being aware of the overall nasty purpose guiding them.
Anthropic highlighted the potential risks associated with this shift:
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup.” – Anthropic
By presenting tasks as routine technical requests through carefully crafted prompts, attackers were able to induce Claude to execute individual components of attack chains while remaining oblivious to the broader malicious context.