And it worked. This is what “autonomous cyberattacks” actually looks like.
AI isn’t just answering questions and writing emails anymore.
Chinese state-sponsored hackers just used Anthropic’s Claude AI to execute a massive espionage campaign targeting 30 organizations. Tech companies, financial institutions, government agencies, chemical manufacturers. All hit by the same AI-powered attack.
Here’s the scary part: The AI did 80-90% of the work. Humans only stepped in 4-6 times per attack to make critical decisions.
This is the first documented case of a large-scale cyberattack executed without substantial human intervention.
How AI Became a Hacking Team
The attackers didn’t just ask Claude for advice. They turned it into an autonomous attack agent that could:
- Scan target systems and identify high-value databases (in a fraction of the time humans could)
- Write custom exploit code to breach security vulnerabilities
- Harvest credentials and create backdoors
- Exfiltrate massive amounts of private data
- Categorize stolen information by intelligence value
- Generate comprehensive documentation of the entire attack
At the peak of the attack, Claude made thousands of requests, often multiple per second. An attack speed that would be physically impossible for human hackers to match.
The AI worked around the clock. No breaks. No sleep. No hesitation (and no overtime pay).
The Jailbreak That Made It Possible
Claude is built with extensive safeguards to prevent harmful behavior. So how did hackers get around that?
They jailbroke it using two clever tricks:
-
Breaking tasks into innocent pieces. They divided the attack into small, seemingly harmless tasks. Claude executed each one without understanding the malicious bigger picture (like asking someone to hand you a hammer without mentioning you’re about to break a window).
-
Fake credentials. They told Claude it was an employee of a legitimate cybersecurity firm conducting defensive testing (not launching actual attacks).
It worked. Claude believed the story and carried out the espionage campaign.
30 Targets. Some Succeeded.
The hackers used this AI framework to attempt infiltration of roughly 30 global organizations. Some of those attempts succeeded (Anthropic hasn’t disclosed which ones).
Anthropic detected the suspicious activity in mid-September, investigated for 10 days, banned the accounts, notified affected organizations, and coordinated with law enforcement.
But here’s the problem: This isn’t just about Claude. The techniques described will work with other AI models too (ChatGPT, Gemini, and others with similar capabilities).
What This Means for Your Business
The barriers to performing sophisticated cyberattacks have dropped substantially.
Here’s what’s changed:
- Less experienced hacking groups can now perform nation-state level attacks
- AI operates at speeds humans physically cannot match
- Attacks can run autonomously for extended periods with minimal supervision
- The work of entire experienced hacking teams can be done by one person with the right AI setup
Translation: The playing field just leveled. And not in your favor.
AI’s One Weakness (For Now)
There is some good news buried in this story.
Claude occasionally hallucinated during the attacks. It fabricated fake credentials. It claimed to have extracted secret information that was actually publicly available (embarrassing for an AI, but helpful for defenders).
AI’s tendency to make things up remains an obstacle to fully autonomous cyberattacks. But that’s a temporary problem. These models are improving rapidly.
The Double-Edged Sword
Anthropic’s position on this is interesting: Yes, AI can be weaponized for attacks. But the same capabilities make it crucial for cyber defense.
“When sophisticated cyberattacks inevitably occur, our goal is for Claude to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack,” the company said (basically, fight fire with fire).
In fact, Anthropic’s own threat intelligence team used Claude extensively to analyze the enormous amounts of data generated during this investigation.
A fundamental change has occurred in cybersecurity. AI is now on both sides of the fight.
What GiaSpace Recommends
- Assume AI-powered attacks are coming. This campaign is a blueprint for what’s next. Expect more threat actors to adopt these techniques.
- Evaluate your AI usage. What AI tools is your team using? Are they properly secured? Could they be manipulated?
- Strengthen your defenses. Traditional security measures aren’t enough anymore. You need detection capabilities that can spot AI-driven attacks operating at impossible speeds.
- Consider AI for defense. Security teams should experiment with AI for threat detection, vulnerability assessment, and incident response (before attackers get further ahead).
At GiaSpace, we’re helping businesses understand these emerging threats and adapt their security strategies accordingly. Because waiting until after an AI-powered attack hits your network is too late.
AI just changed cybersecurity forever.
Don’t let your defenses get left behind.
Is your business prepared for AI-powered cyberattacks?
AI tools are transforming both threats and defenses. GiaSpace helps businesses evaluate AI usage, strengthen security, and leverage automation safely.
👉 Learn How We Help With AI & Automation
Let’s make sure your security keeps pace with the threats.
👉 Schedule Your Complimentary Security Assessment
Published: Nov 18, 2025
