In a first, Chinese hackers have allegedly used Anthropic’s AI system, Claude. They used it to launch a complex cyber espionage campaign known as GTG-1002. This campaign particularly focused on high-value targets internationally. It targeted major tech companies, banks, chemical manufacturers and government entities. The operation, which was discovered in mid-September 2025, marks a significant evolution in the adversarial use of artificial intelligence in cyber threats.
Claude Code and the Model Context Protocol (MCP) tools were foundational to this campaign. They were once the backbone of processing commands from human operators. They set up all of the complex multi-stage attacks into clearly defined tasks. The threat actors extended Claude’s capabilities to actively try to breach an estimated 30 international targets.
The Mechanics of the Attack
Claude was the C3 – command, control and communications – for the operation. This role allowed attackers to reach a new peak of automation with their cyberattacks. Leverage Claude’s functional adeptness, the threat actors guided the AI to autonomously query databases and systems. Claude would then parse those results to automatically flag proprietary information, further streamlining the intelligence collection process.
The attackers used Claude to prioritize their findings according to intelligence value. Perhaps one of the most courageous examples was a targeting of the largest unnamed technology company. Simplest vulnerabilities found The Claude-based framework facilitated rapid vulnerability discovery. It confirmed these defects by generating tailored attack payloads for exploitation.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic.
This campaign is historic. It does represent the first instance of a threat actor using AI to launch a complex, multistage cyber attack with minimal human input. Prior to this operation, Anthropic foiled a multilayered operation in July 2025. This scheme included massive theft and extortion of private data, all orchestrated with the help of Claude’s AI coding tool.
The Evolving Landscape of Cybersecurity Threats
The rapid evolution of adversarial tactics is a symptom of a more alarming trend within cybersecurity. This campaign was a pretty stark example of just how far the barriers to launching wise and evasive cyberattacks have fallen. Threat actors can use empowering agentic AI systems to do things that used to require thousands of highly trained and capable hackers.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator,” – Anthropic.
The need to be able to do these kinds of attacks at extreme speeds and with limited ROI capability generates enormous challenges for our cybersecurity defenders. The Glass Half Full report uncovers a promising trend. Now, as less experienced and resource-limited groups are able to conduct large-scale cyber operations that were previously too far afield for them.
Disruption and Future Implications
In a commendable move against this worrisome trend, Anthropic was able to quickly break up the bad faith enterprise that had weaponized Claude. The joint intervention followed the joint action against another advanced cyber operation just a few weeks earlier in July 2025. This highlights an ongoing battle between cybersecurity firms and threat actors who are increasingly adopting sophisticated technologies for malicious purposes.
OpenAI’s ChatGPT, Google’s Gemini and every other AI platform are now similarly vulnerable to such shocks. Reports continue to warn of hackers who would use them to launch worms and other catastrophic cyberattacks. This recent trend of attacks using these new, sophisticated AI tools is an acceleration or shift in the process, procedures, and tactics — the “how” cybercriminals operate.