- By Supratik Das
- Sat, 15 Nov 2025 03:25 PM (IST)
- Source:JND
AI cyberattack: Artificial intelligence company Anthropic has claimed to have stopped what it describes as the first known large-scale cyberattack carried out largely by an AI system with minimal human involvement.
The US-based firm, which operates the Claude AI platform, said a Chinese state-sponsored group allegedly manipulated its tools to mount an espionage operation against around 30 major organisations worldwide.
In a detailed internal report, Anthropic said it detected unusual activity in mid-September 2025 that later turned out to be part of a “highly sophisticated” cyber campaign. Investigators found that the attackers had broken Claude Code, the company’s advanced coding assistant used its autonomous features to perform reconnaissance, write exploit code, harvest credentials, and extract sensitive data.
Attackers Broke Tasks Into ‘Harmless Pieces’
According to the company, the attackers disguised themselves as a legitimate cybersecurity firm claiming to conduct defensive tests. By breaking their operation into small, routine instructions, they were able to trick Claude into carrying out actions without understanding their malicious purpose.
Anthropic said the AI’s enhanced “agentic” capabilities to act autonomously in loops, make decisions, and chain processes allowed it to work at speeds no human team could match. At the peak of the attack, the AI generated thousands of automated requests per second.
The targets reportedly included technology giants, major financial institutions, chemical manufacturers, and several government agencies across different countries. Anthropic said a “small number” of intrusions were successful before the operation was detected and blocked.
Attack Driven By AI
The firm estimates that AI performed between 80 per cent and 90 per cent of the entire cyber campaign, with human operators stepping in only at a few critical moments. Claude’s coding abilities helped the attackers generate exploits quickly, identify high-value databases, and organise stolen information.
Anthropic said the incident marks a turning point in the cybersecurity landscape. Rapid improvements in AI reasoning, coding skills, and tool integration have made advanced attacks easier to execute even for smaller groups with limited expertise.“The barriers to carrying out sophisticated cyberattacks have dropped substantially,” the company warned, adding that similar attempts across other frontier AI models are likely already underway.
Over a 10-day investigation, Anthropic blocked compromised accounts, alerted affected organisations, and coordinated with authorities. The company said it is strengthening detection systems and will continue sharing threat intelligence with industry and government partners.
Calling the incident a “fundamental change” in global cyber risk, Anthropic urged security teams to adopt AI-powered defense tools for faster threat detection, vulnerability assessments, and incident response, while also investing in stronger safeguards against AI misuse.