The company estimates that AI carried out 80 percent to 90 percent of the work during the cyberattacks.
Researchers at artificial intelligence (AI) company Anthropic said on Nov. 13 that they uncovered the first use of AI in a cyberattack by a foreign government.
Anthropic, the San Francisco-based developer of AI chatbot Claude, said in a blog post that it was highly confident that state-sponsored Chinese threat actors used the company’s Claude Code tool to create an attack framework that, once put in play, required minimal human involvement.
Attackers manipulated Anthropic’s AI software to attack 30 global targets, including government agencies, technology and financial services companies, and chemical manufacturers, Anthropic said in a post on X. A small number of attacks were successful.
The multipronged attacks were first spotted in mid-September, and over the course of 10 days, Anthropic researchers mapped out the scope of the operation, notifying affected organizations and working in conjunction with regional authorities. The attacks were made possible due to rapid advancements in AI that didn’t exist just 12 months ago, the company noted.
In the first phase of the cyberattacks, threat actors identified targets and used Claude Code as an automated tool for execution. They bypassed Claude Code’s internal safeguards by positioning themselves as a cybersecurity defense employee and got the AI chatbot to execute the attacks by parsing them down into minor, seemingly innocuous tasks that didn’t raise any red flags.
Once it gained access, Claude Code began looking for high-value databases, as well as vulnerabilities in organizations’ cybersecurity systems. The AI chatbot wrote its own exploitation code, harvested usernames and passwords to access databases, and exfiltrated data with little human interaction. Lastly, Claude presented detailed summaries of its actions, including which systems were breached, the credentials it used, and back doors that were created.
Anthropic estimates that AI carried out between 80 percent and 90 percent of the work during the cyberattacks.
“The sheer amount of work performed by the AI would have taken vast amounts of time for a human team,” Anthropic said in the blog post. “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”
By Rob Sabo
