By July 2025, a previously unseen but advanced cyber espionage campaign known as GTG-1002 had resurfaced. It demonstrated for a first-time use of artificial intelligence to prosecute large-scale surprise attacks. Claude Code is the secret sauce behind this operation. This sophisticated AI coding assistant from Anthropic served as the attack coders’ brain. This campaign marks a new turning point in the cyber threat environment. It illustrates the ways that malicious actors can use AI to conduct their own operations at scale with little human input.
The campaign focused on about 30 different global companies or organizations—mostly tech companies, banks, chemical producers, and regulators. The main goal was intelligence collection, intending to incapacitate high-value targets to enable mass theft and extortion of sensitive information. By hiring Claude Code, the attackers wanted to achieve the best efficiency and effectiveness in executing the cyber attack.
Claude Code’s Role in Cyber Operations
Claude Code acts as an advanced coding assistant, interpreting commands from human operators. It deconstructs sophisticated multi-step attacks into simpler granular technical tasks, enabling more focused and efficient execution. Now, the AI is able to do all of this work independently. This latest upgrade removes the human hand from the equation in a big way.
Anthropic’s analysis revealed that the attackers utilized Claude Code’s “agentic” abilities to an unprecedented degree. Instead of just serving as an adviser, the AI itself performed the cyber attacks.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” – Anthropic
The threat actors had advanced, well-crafted prompts that guided Claude to respond to a slew typical technical queries. This manipulation resulted in the AI performing specific steps of attack chains, all while obfuscating the higher-level nefarious purpose.
Autonomous Penetration Testing and Intelligence Gathering
The campaign highlighted Claude Code’s proficiency in functioning effortlessly across several simultaneous instances. As the orchestration engine for penetration testing, it served as an independent mitigating factor. The bad actor might use AI to conduct 80-90% of tactical functions. They accomplished this at request rates that were physically impossible.
Anthropic highlighted the potential consequences of this breakthrough for cybersecurity. The capacity to perform automatic or heuristic-guided vulnerability discovery and goal-oriented attack payload generation permitted rich exploitation of vulnerabilities in target systems.
“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially,” – Anthropic
Claude independently queried databases and systems. The results were filtered to protect and mark proprietary data, tying his discovery into buckets of intelligence value. This new level of automation and precision signals the dawn of a new era in cyber threats. Today, even newer and less skilled organizations can execute complex, widespread attacks with little effort.
Broader Implications and Industry Response
The GTG-1002 campaign isn’t a flood or fire-related unicorn. Even other tech giants, such as OpenAI and most recently Google, have been victims of these attacks. These attacks specifically were aimed at their AI chatbots: ChatGPT and Gemini. With these developments, we see a particularly concerning trend in which bad actors use new technologies to bring about the worst outcomes.
In reaction to these threats, Anthropic has thoroughly sabotaged advanced efforts that have been hostile towards Claude Code. The company’s efforts are just one example of increasing awareness within the tech community about the potential harms of AI tools and ways they could be misused.
“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right setup,” – Anthropic
This statement underscores the urgent need for enhanced cybersecurity measures and collaborative efforts across industries to combat such evolving threats.