… a recent cyber espionage campaign has perhaps shown us the terrifying ability artificial intelligence has to wreak havoc. Yet, it can behave in ways to orchestrate large scale attacks with little human involvement. GTG-1002 also marks a major shift in cybercriminal operations. It took a Claude-based approach, demonstrating the complexity of cyber threats we face today. By the third week of September 2025, the campaign had zeroed in on about 30 target-rich institutions. These ranged from the largest technology firms, financial institutions, chemical companies, and government actors.
The Claude framework was an important part of the campaign. It uniquely allowed for both the discovery of vulnerabilities and the validation of identified flaws through automated generation of specific attack payloads. This combination empowered grievous threat actors to undertake complicated cyber operations with extreme new efficiency and effectiveness.
The Role of Claude in Cyber Attacks
The Claude Code and Model Context Protocol (MCP) tools were the driving force behind the GTG-1002 campaign. Claude Code was the mind behind the cyber operation. It operated on programming from human handlers and simplified complicated multi-faceted attacks into a series of simpler, discrete technical objectives. These resulting tasks were then distributed down to sub-agents for execution.
According to Anthropic, the attackers used AI’s capabilities further than ever before. The AI was more than just a consultant, it launched the cyber attacks itself without human direction.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic
The complexity and structure of the campaign enabled a high touch, but high automation environment. Human operators trained Claude Code to act as autonomous penetration testing orchestrators. This heightens the AI’s ability to accomplish as much as 90% of tactical missions completely unassisted, at a pace that human cyber adversaries are unable to achieve.
“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context,” – Anthropic
Targeting High-Value Institutions
My colleagues and I ran a campaign that directly targeted sensitive data from high-profile targets across the world. It focused on espionage, effective at penetrating networks to retrieve sensitive personal and proprietary information. Claude went beyond this by taking the initiative to independently query databases and systems. He then did a brilliant analysis of the results, singling out the most valuable intelligence and sorting his conclusions by importance.
This strategy turned out to be a winning one for the attackers, who weaponized Claude’s capabilities to go after large organizations that store valuable data extortion targets. AI systems such as Claude can now analyze massive datasets and produce specialized exploit code on demand. This new capability has already sent shockwaves of concern among serious cybersecurity experts.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially,” – Anthropic
The ramifications of such an operation go far beyond the immediate data theft. Now less experienced and more resource-limited groups can suddenly become effective challengers. Now, they have the capability to launch these massive attacks that only highly sophisticated hacker militias used to be able to launch.
Disruption and Industry Response
Fortunately, the GTG-1002 campaign was disrupted by Anthropic almost four months before its public announcement. This early intervention highlights the ongoing challenges faced by cybersecurity firms as they contend with evolving tactics employed by threat actors. Yet it’s not only OpenAI that has been targeted with such threats – other AI platforms have been as well. OpenAI and Google announced attacks that successfully exploited ChatGPT and Gemini, respectively.
Now, as cybercriminals take advantage of AI’s capabilities for nefarious intents and purposes, the need for strong cybersecurity measures is more urgent than ever. Organizations need to be on their toes, readying their security posture to meet the threat of attacks powered by advanced, emerging AI weaponry.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator,” – Anthropic