Anthropic, an AI safety and research company, disclosed that a sophisticated cyberattack campaign exploited its Claude AI system in September 2025 to target approximately thirty organizations globally. The investigation revealed that cybercriminals leveraged the Claude AI system to conduct large-scale intrusions, with the AI handling most of the operations. Anthropic has identified the threat actor as a Chinese state-sponsored group.
Describing the incident as a groundbreaking event, Anthropic stated that this was the first documented case of an AI system autonomously executing a complex cyber operation. The attackers manipulated Claude’s capabilities, particularly its Claude Code tool, to infiltrate technology firms, financial institutions, chemical manufacturers, and government agencies. While only a few intrusions were successful, Anthropic highlighted how AI systems can now execute intricate cyber activities with minimal human input.
In its report, Anthropic detailed how hackers deceived Claude by disguising malicious tasks as harmless requests within cybersecurity exercises. By bypassing the AI’s safeguards, the attackers persuaded it to generate code, probe networks, and analyze systems under the guise of legitimate security assessments, evading built-in protections against harmful output.
Once inside target networks, cybercriminals operated the Claude AI at speeds surpassing human capabilities, scanning systems, mapping infrastructure, identifying databases, and providing detailed reports. Claude conducted advanced reconnaissance, researching vulnerabilities, writing tailored exploit code, and attempting to access critical user accounts. The AI autonomously harvested credentials, extracted private data, and categorized it based on strategic value, generating comprehensive documentation of its actions.
Anthropic estimated that Claude managed 80 to 90 percent of the campaign’s workload, with human operators intervening only for crucial decisions or guidance. The company emphasized the AI’s unprecedented attack speed, far exceeding traditional cybercriminal operations.
In a cautionary statement, Anthropic warned about the broader implications of the incident, urging governments and the tech industry to prepare for evolving threats as AI becomes more sophisticated. The company highlighted the potential for state-linked groups to exploit advanced AI systems for cyberattacks, signaling a new era in cybersecurity where AI could be instrumental in breaching defenses and accelerating breaches.
This incident serves as an early indication of the increasing reliance on AI in cyber operations, potentially lowering barriers to launching sophisticated attacks. Anthropic’s message underscores the need to address the evolving landscape of cybersecurity threats as AI technologies advance.
– Ends