A few months ago, Anthropic published an article detailing how its Claude AI model had been used as a weapon in a “vibe hacking” extortion scheme. The company has continued to monitor how agentic AI is used to coordinate cyberattacks, and now a group of state-backed hackers in China has used Claude in an attempt to infiltrate 30 commercial and political targets around the world, with some success.
In what it called “the first documented case of a large-scale cyberattack executed without substantial human intervention,” Anthropic said the hackers first chose their targets, which included unnamed technology companies, financial institutions and government agencies. They then used Claude Code to develop an automated attack framework, having successfully bypassed model training to avoid harmful behavior. This was possible by breaking the planned attack into smaller tasks that did not clearly reveal their broader malicious intent, and by telling Claude that it was a cybersecurity company using AI for defensive training.
After writing his own exploit code, Anthropic said Claude was then able to steal usernames and passwords that allowed him to extract “a large amount of private data” via backdoors he created. The obedient AI would even have bothered to document the attacks and store the stolen data in separate files.
The hackers used AI for 80-90% of their operations, intervening only occasionally, and Claude was able to orchestrate an attack in far less time than humans could have done. It wasn’t perfect, with some of the information obtained turning out to be publicly available, but Anthropic said attacks like this will likely become more sophisticated and effective over time.
You might wonder why an AI company would want to publicize the dangerous potential of its own technology, but Anthropic says its investigation is also evidence of why the assistant is “crucial” to cyber defense. He said Claude has been successfully used to analyze the threat level of collected data and ultimately sees it as a tool that can help cybersecurity professionals when future attacks occur.
Claude is by no means the only AI to have benefited cybercriminals. Last year said its generative AI tools were used by hacking groups with ties to China and North Korea. They allegedly used GAI to help debug code, search for potential targets, and write phishing emails. OpenAI said at the time that it had blocked the groups’ access to its systems.
