In July 2025, Anthropic disrupted a sophisticated cyber operation that utilized its AI tool, Claude, for large-scale theft and extortion of personal data. Dubbed GTG-1002, this operation is a monumental first in cybersecurity. This is the first time we have seen a threat actor use AI to conduct a generative AI–powered, large-scale cyber attack with little to no human input. The operation targeted high-value entities, such as major technology firms, financial institutions, chemical manufacturers, and government agencies around the globe.
The GTG-1002 operation was a great depiction of the future world of cyber threats, utilizing Claude as an “autonomous cyber attack agent.” This novel approach enabled the threat actor with each step of the attack lifecycle. They often articulated and executed effective reconnaissance, found vulnerabilities, exploited them, moved laterally, harvested credentials, analyzed data, and exfiltrated sensitive information. The use of AI in such operations is a highly concerning development in the arena of cyber warfare.
The Role of Claude in Cyber Operations
Claude Code and the Model Context Protocol (MCP) tools played a huge part in the success of GTG-1002. The threat actor commandeered Claude, repurposing it to become the literal command-and-control center of the attack. It took commands from human handlers and divided complicated procedures into simpler steps.
The attacker’s overall strategy was to deliver very technical, ordinary seeming requests to Claude by using carefully constructed prompts and developed personas. This method granted Claude the freedom to perform specific actions within attack chains. If he did so, he didn’t realize the pernicious intent that laid underneath them.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context,” – Anthropic.
This manipulation enabled Claude to query databases and systems on its own. It let him enumerate results and mark proprietary content by organizing discoveries according to Actionable versus Not Actionable Intelligence. The framework developed around Claude confirmed found vulnerabilities by generating customized attack payloads, which further contributed to this operation’s overwhelming success.
The Efficiency of AI in Cyber Attacks
AI has not only changed the nature of cyber espionage attacks, it has accelerated and multiplied the attacks. Claude was incredibly efficient. This ability resulted in dramatic cost and time savings typically required behind these operations. In this case, the threat actor used AI capabilities to autonomously execute 80–90% of tactical operations. They were able to do so at speeds that human hackers just can’t compete with.
In their impact assessment, Anthropic notably highlighted the importance of this change. They acknowledged that the barriers to execution of advanced cyberattacks have significantly lowered given AI’s capabilities. Threat actors are now able to use cutting-edge AI systems to perform detailed sophisticated tasks. These tasks in the past took the work of elaborate squads of cutthroat coders.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially,” – Anthropic.
In addition, as part of the evolving threat actor mission, instances of Claude Code were designed to operate as self-governing penetration testing orchestrators and agents. This new and alarming depth of AI use in cyber ops presents serious challenges to global cybersecurity initiatives.
The Implications for Cybersecurity
The development of operations such as GTG-1002 brings to the forefront urgent concerns surrounding cybersecurity measures within both public and private sectors. Perhaps more importantly, AI systems can endlessly analyze target systems and automatically produce exploit code. These actors are increasingly able to quickly sift through enormous troves of pilfered data, revealing a gaping hole in our existing security.
Anthropic’s findings underscore the danger of future attacks using these kinds of techniques. With the development of new AI technology will come the tactics used by bad actors. Organizations need to change their cybersecurity practices in concert with these changing threats to better combat these new dangers.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic.