Chinese hackers use Anthropic AI agent to attack foreign entities
Embedded Files
Occurred: September 2025
Page published: November 2025
Chinese hackers reportedly leveraged an Anthropic AI agent to automate and scale cyber-intrusion attempts against foreign government and corporate networks, raising questions about the security and safety of AI-powered autonomous agentic systems.
What happened
What happened
Chinese state-sponsored hackers used Anthropic's AI agent, Claude, to automate cyber espionage attacks against about thirty targets including large tech companies, financial institutions, chemical manufacturers, and government agencies, in a number of (unnamed) different countries.
Orchestrated by a group designated as "GTG-1002", the attacks represent the first documented large-scale cyberattack conducted with minimal human intervention, where AI performed 80-90 percent of the hacking campaign tasks such as reconnaissance, vulnerability testing, exploit code generation, credential harvesting, installing backdoors, and data exfiltration.
The hackers jailbroke Claude to bypass safety measures and split the attack into small, seemingly benign tasks, misleading the AI to act as if it were performing legitimate security testing.
The AI agent operated at speeds unattainable by humans, making thousands of requests per second, and required human input only at approximately 4-6 critical decision points per campaign.
The attackers reportedly succeeded in compromising several of their targets, removing large volumes of private and sensitive data, installing backdoors to maintain persistent unauthorised access, and leaving the affected organisations more exposed to data breaches and ongoing threats.
Anthropic discovered and disrupted the operation, banned compromised accounts, notified affected organizations, and coordinated with authorities while gathering intelligence.
Why it happened
Why it happened
The attackers appear to have exploited gaps in Claude usage policies and weak monitoring of agent behaviour to prevent the repurposing of the system for offensive cyber operations.
What it means
What it means
The seemingly unprecedented use of mostly autonomous "agentic" AI for a large-scale cyberattack sparked alarm about new cybersecurity threats and the speed and scale at which cyberattacks can now be operated.
Anthropic's confident attribution of the attack to a Chinese state-sponsored group added a geopolitical dimension, escalating concerns about state use of AI capabilities for international cyber espionage and heightening tensions around AI technology control and cybersecurity norms.
However, some independent cybersecurity researchers criticised Anthropic's claims, arguing that current AI agents like Claude are not yet capable of fully executing such complex attacks autonomously.
Doubts were raised about the scale of success and the lack of detailed technical data and indicators of compromise (IOCs) provided by Anthropic, leading to debate over whether the threat has been overstated or used strategically for corporate/regulatory positioning aka "regulatory capture".
Agentic AI
Agentic AI is a class of artificial intelligence that focuses on autonomous systems that can make decisions and perform tasks without human intervention.
Source: Wikipedia🔗
System 🤖
System 🤖
Developer: Anthropic
Country:
Sector: Banking/financial services; Govt; Manufacturing/engineering; Technology
Purpose: Attack foreign entities
Technology: Agentic AI
Issue: Autonomy; Confidentiality; Dual use; Privacy; Security; Transparency
Research, advocacy 🧮
Research, advocacy 🧮
AIAAIC Repository ID: AIAAIC2125
Google Sites
Report abuse