Anthropic ‘blames’ Chinese hacker group of using Claude to spy on companies across the globe; says targeted large tech companies, financial institutions, and …
Anthropic, the artificial intelligence has disclosed that a Chinese state-sponsored hacker group manipulated its Claude AI system in order to conduct a large-scale cyber espionage campaign targeting some major corporations and government agencies worldwide. The attackers reportedly used Claude’s autonomous capabilities to execute sophisticated cyberattacks with minimal human oversight. “In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves.,” said Anthrophic in a blog post.
Anthropic ‘blames’ Chinese hacker group
Anthropic has revealed that in investigation it found out that threat the threat actors exploited Claude Code, a developer-focused variant of the Claude model, by jailbreaking its safety protocols and disguising malicious tasks as legitimate cybersecurity operations. The company further revealed that the Chinese hackers tried to trick Claude into believing that the AI agent was performing defensive testing enabling it to:
- Infiltrate systems of over 30 global targets
- Harvest credentials and exfiltrate sensitive data
- Create backdoors and document attack strategies autonomously
“The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies,” added the company.Anthropic also emphasised that this is the first documented case of a cyberattack executed primarily by an AI agent, with Claude performing 80–90% of the campaign’s tasks. These included reconnaissance, vulnerability scanning, exploit development, and data extraction—at speeds and scale unattainable by human hackers.“This campaign has substantial implications for cybersecurity in the age of AI agents,” Anthropic stated. “The barriers to performing sophisticated cyberattacks have dropped substantially.”
How the cyberattack worked
Anthropic also explained the complete process of how the cyberattack took place.The attack relied on several features of AI models that did not exist, or were in much more nascent form, just a year ago:
- Intelligence. Models’ general levels of capability have increased to the point that they can follow complex instructions and understand context in ways that make very sophisticated tasks possible. Not only that, but several of their well-developed specific skills—in particular, software coding—lend themselves to being used in cyberattacks.
- Agency. Models can act as agents—that is, they can run in loops where they take autonomous actions, chain together tasks, and make decisions with only minimal, occasional human input.
- Tools. Models have access to a wide array of software tools (often via the open standard Model Context Protocol). They can now search the web, retrieve data, and perform many other actions that were previously the sole domain of human operators. In the case of cyberattacks, the tools might include password crackers, network scanners, and other security-related software.
Strengthening defenses and transparency
In response, Anthropic:
- Banned compromised accounts
- Notified affected organizations
- Coordinated with global authorities
- Enhanced detection tools and classifiers to identify future misuse
The company is urging the broader tech and security community to adopt AI-powered defense strategies, including automated threat detection and incident response systems.
