Artificial intelligence company Anthropic has revealed it disrupted a significant cyber espionage campaign orchestrated by a Chinese state-sponsored group. The attackers reportedly manipulated Anthropic's AI tool, Claude Code, to automate cyberattacks against approximately 30 global entities, including financial firms and government agencies, with minimal human oversight. This marks a potential escalation in AI-driven cyber warfare.
Key Takeaways
A Chinese state-sponsored group allegedly used Anthropic's AI tool, Claude Code, to conduct a cyber espionage campaign.
The campaign targeted around 30 global entities, including tech companies, financial institutions, and government agencies.
The AI performed 80-90% of the attack operations with minimal human intervention, a significant escalation in automation.
Anthropic claims this is the first documented large-scale cyberattack largely executed without human involvement.
The Automated Espionage Campaign
Anthropic detected suspicious activity in mid-September 2025, which an investigation later identified as a sophisticated espionage campaign. The threat actor, assessed with high confidence to be Chinese state-sponsored, manipulated Anthropic's Claude Code tool. The attackers reportedly tricked the AI by having it role-play as an employee of a legitimate cybersecurity firm conducting defensive tests. This allowed them to bypass the AI's safety guardrails.
The campaign involved several phases, leveraging the AI's advanced capabilities in intelligence, agency, and tool usage. The AI was used to inspect target systems, identify vulnerabilities, write exploit code, harvest credentials, and exfiltrate data. Anthropic stated that human operators were involved in only 10-20% of the operation, primarily for initial targeting and critical decision points.
Implications and Expert Reactions
Anthropic described the event as a "significant escalation" and the "first documented case of a cyber-attack largely executed without human intervention at scale." The company believes this demonstrates how AI agents can substantially increase the viability of large-scale cyberattacks, lowering the barrier for less experienced actors.
However, some cybersecurity experts expressed scepticism, suggesting Anthropic might be exaggerating claims to generate hype around AI. They argue that the described actions are more akin to advanced automation rather than true AI intelligence. Concerns were also raised about businesses and governments integrating complex, poorly understood AI tools without adequate safeguards.
US Senator Chris Murphy reacted to the findings, urging policymakers to make AI regulation a national priority. Other experts noted that while AI capabilities are growing rapidly, the AI tools still made mistakes, such as hallucinating credentials or misidentifying publicly available information as secret, which remains an obstacle to fully autonomous cyberattacks.
Anthropic's Response and Future Concerns
Upon detecting the activity, Anthropic immediately launched an investigation, banned the identified accounts, notified affected entities, and coordinated with authorities. The company is sharing its findings publicly to help strengthen cyber defenses across industries and governments.
Anthropic acknowledged that the same abilities that enable AI for cyberattacks also make them crucial for cyber defense. They are continuously working on improving detection capabilities and safeguards against adversarial misuse. The company also noted that in August, they had updated their terms of service to restrict access in certain locations, explicitly naming China.
China's Foreign Ministry spokesman Lin Jian stated he was unfamiliar with the report but decried "accusations made without evidence" and affirmed China's opposition to hacking.