Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

A US-based artificial intelligence company has claimed that a Chinese state-sponsored hacking group exploited its AI system to autonomously conduct cyberattacks against major companies and government agencies across multiple countries.

Getting into it: In an announcement, Anthropic (the company behind the Claude AI chatbot) revealed that a state-backed group known as GTG-1002 manipulated its Claude Code tool to carry out cyberattacks with very little human involvement. According to Anthropic, the attackers tricked Claude into thinking it was helping with legitimate cybersecurity work. By disguising malicious commands as safe, authorized requests, the hackers were able to jailbreak the AI’s safety filters and gain full access to its coding capabilities. From there, Claude began identifying vulnerable systems, writing custom exploit code, stealing login credentials, and even planting hidden backdoors to maintain access…all on its own, without needing detailed instructions.

Anthropic reported that the AI handled 80% to 90% of the work itself. Humans were only involved to approve the AI’s actions at a few critical points, such as telling it to continue or reviewing specific outputs. The campaign, which began in mid-September 2024, targeted around 30 organizations globally. While most of the attacks were unsuccessful, the hackers still managed to steal sensitive data from at least four victims.

The activity was eventually detected by Anthropic’s internal safety and monitoring systems, which flagged the unusual behavior. After discovering the campaign, the company shut down the compromised accounts, notified affected organizations, and reported the incident to authorities.

In a statement, Anthropic said, “The barriers to performing sophisticated cyberattacks have dropped substantially—and we predict that they’ll continue to do so. With the correct setup, threat actors can now use agentic AI systems for extended periods to do the work of entire teams of experienced hackers: analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator.” They added that “Less experienced and resourced groups can now potentially perform large-scale attacks of this nature.”