Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign - Cybersecurity Dive

Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign Researchers said a China-backed adversary conducted powerful attacks with almost no human intervention. Published Nov. 14, 2025 David Jones Reporter Share License Add us on Google Anthropic said state-linked hackers backed by China launched attacks against about 30 entities back in September by manipulating its Claude tool so it would engage in malicious behavior. Permission granted by Anthropic Anthropic said a suspected state-linked hacker manipulated one of its agentic AI-based coding tools to conduct a sophisticated espionage campaign in September against about 30 major organizations across the globe, according to a blog post published Thursday. The hackers used the company’s Claude Code to target a range of organizations, including chemical manufacturing, large technology firms, financial institutions and government agencies. The threat actor, which the company has designated GTG-1002, successfully breached a small number of the targets, according to Anthropic.  The company claims the attack may be one of the first large-scale cyberattacks committed without significant human involvement. Between 80% and 90% of the attack was conducted using AI, according to Anthropic, with human intervention required at between four to six key decision points.  Anthropic said it banned a number of accounts linked to the attack, notified affected organizations and reported the attacks to authorities.  It added that the human operators chose the targets of the attack and then developed a framework to launch the hacks. The Claude Code tool was set up to automatically conduct the attacks.  Because the tool is trained to avoid being used for harmful purposes, the attackers jailbroke Claude Code, which allowed them to bypass its built-in guardrails.  Various steps in the attack were broken down into simple tasks, which the tool interpreted as innocent, incremental steps without fully understanding the context of what it was being asked to do, according to the blog post. As part of the deception, the hackers convinced Claude they were employees of a cybersecurity firm and that the actions were part of defensive tests.  The tool was used to conduct reconnaissance and find high-value databases. Claude identified and tested security vulnerabilities inside these targeted systems – and then wrote its own exploit code. After the tool harvested usernames and passwords, Claude was then used to search for privileged accounts, create malicious backdoors and conduct large scale attacks. This is the first time that analysts have seen an AI agent being used to automate such a large percentage of a multistage attack by a real threat actor in the wild.  “This is a critical moment in terms of turning AI agents into tools to be used for offensive cyber operations,” Allie Mellen, principal analyst, security and risk at Forrester.  The Anthropic disclosure comes more than a week after Google Threat Intelligence Group issued a report showing hackers using AI-enabled malware in active attacks.  Researchers identified malware families, including Prompflux and Promptsteal, that utilized large language models.  State-linked actors from North Korea, Iran and China have also used Gemini, which is Google’s AI technology, to enhance their operations. Google researchers said these attacks are likely not isolated incidents, but evidence of a growing attack trend. “Many others will be doing the same soon or already have,” John Hultquist, chief analyst, GTIG, told Cybersecurity Dive. “The real question is whether we can adapt as rapidly as the adversary.”   Editor’s note: Adds comment from Forrester. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Threats