Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack
Anthropic: China-Based Hackers Used Claude to Automate Global Cyberattack
Anthropic has revealed what it calls a significant turning point in cyberwarfare: a global espionage campaign that used its own AI system, Claude, to automate hacking behavior with almost no human involvement.
In a detailed disclosure, the company said suspected Chinese state-sponsored hackers, designated GTG-1002, hijacked Claude Code to infiltrate roughly 30 targets worldwide. The list included large tech firms, financial institutions, chemical manufacturers, and several government agencies.
Anthropic wrote in its report that “we believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.”
The attack, first detected in mid-September, was carried out by manipulating Claude into believing it was doing defensive cybersecurity work. By disguising their instructions as harmless tasks and posing as a legitimate security-testing firm, the attackers bypassed its protections long enough to let the AI run large parts of the operation.
How hackers pulled it off
According to Anthropic’s breakdown, the attackers heavily relied on three key capabilities: the model’s reasoning, its ability to act autonomously, and its access to a wide range of software tools.
Once jailbroken, Claude Code scanned systems, mapped out infrastructure, identified high-value databases, and even wrote its own exploit code. It harvested usernames and passwords and prepared internal summaries of everything it had done, essentially writing the hackers’ documentation for them.
“The highest-privilege accounts were identified, backdoors were created, and data were exfiltrated with minimal human supervision,” Anthropic explained in its report. The company also highlighted the unprecedented pace, stating: “The AI made thousands of requests per second — an attack speed that would have been, for human hackers, simply impossible to match.”
Anthropic believes the attackers automated 80–90% of the entire hacking lifecycle, requiring humans only for a handful of decision points.
Not a perfect soldier
The campaign, while sophisticated, wasn’t flawless. The report highlights that the AI sometimes “hallucinated,” a known issue where models generate false information.
“Claude frequently overstated findings and occasionally fabricated data during autonomous operations, claiming to have obtained credentials that didn’t work or identifying critical discoveries that proved to be publicly available information,” Anthropic found. This over-eagerness remains a significant hurdle for fully autonomous cyberattacks.
Why this matters to cybersecurity
The incident signals a moment many security researchers have warned about: AI shifting from being a tool to enhance cyberattacks into a direct operator conducting them. The speed, scale, and autonomy demonstrated in this attack illustrate how significantly the barrier to entry has dropped and how quickly threat actors can amplify their capabilities.
“The barriers to performing sophisticated cyberattacks have dropped substantially—and we can predict that they’ll continue to do so,” Anthropic warned. Less experienced, well-funded groups can now use AI to do the work of a full team of elite hackers.
In response to the incident, Anthropic says it has banned the accounts involved, improved its detection systems, and notified the affected organizations and authorities. The company is also sounding the alarm for the cybersecurity community to adapt quickly, urging defenders to start using AI just as aggressively as the attackers now are.
For more on China’s AI capabilities, don’t miss TechRepublic’s deep dive into how Chinese models are advancing in safety tests.
About Author
