Anthropic said the incident was the first documented cyberattack carried out largely without human involvement.
Artificial intelligence (AI) startup Anthropic claimed that state-sponsored hackers from China used its AI tools to carry out automated cyberattacks on major companies and governments.
The US-based Anthropic said it believes “with high confidence” that the hackers, who carried out about 30 attacks, belong to “a Chinese state-sponsored group”.
The hackers used Anthropic’s Claude Code tool in an attempt to breach targets around the world – including government agencies and financial and tech firms – and “succeeded in a small number of cases,” the company said.
Anthropic did not name the affected groups, but said the operation was the “first reported AI-orchestrated cyber espionage campaign”.
The hackers wanted to use Claude Code to extract sensitive data from their targets and organise it to identify valuable information, Anthropic said.
While Claude is trained to avoid harmful behaviour, Anthropic said the hackers tricked the tool into performing malicious automated tasks by pretending they were for cybersecurity testing.
According to the company, the hackers used AI to conduct 80 per cent to 90 per cent of the campaign, with human involvement required “only sporadically”.
If Anthropic’s claims are proven, it would mean “hostile groups are not experimenting [with AI] any more. They are operational,” said Graeme Stewart, head of public sector at the cybersecurity firm Check Point Software Technologies.
Anthropic said it detected the attack in mid-September and launched an investigation immediately afterward. Over the following 10 days, it shut down the group’s access to Claude and contacted the affected organisations and law enforcement.
The company said such attacks are likely to become more effective over time, and that it has expanded its detection capabilities to flag potentially malicious activity.
It said it is working on additional methods to investigate and detect large-scale, distributed attacks like this one.
Stewart said other AI models could also likely be exploited for criminal attacks online.
“Any widely adopted AI assistant can be pulled into a crime kit if someone with enough intent leans on it in the right way,” he said.
