New Delhi: Something unusual showed up on the radar in mid-September. It wasn’t the usual data leak, ransomware dump or phishing scam. It was bigger, stranger, and honestly, a little scary. Anthropic, the AI company behind the Claude models, says it discovered what might be the first large-scale cyber-espionage campaign led not by hackers, but by AI itself.
Yes, you read that right. AI wasn’t just helping cybercriminals like a sidekick. It was doing most of the work. Planning attacks, writing code, stealing data, even documenting everything neatly for future use. The group behind it? A China-linked state-sponsored group, according to Anthropic’s internal assessment. They published the details in a blog post.
AI executed the hack, not just advised it
Anthropic says this wasn’t some sloppy, one-off test. It was a full-scale operation using Claude Code, the AI tool designed to assist with programming. Around 30 targets were selected. Some got hit, including major tech firms, financial players, chemical companies, and even government agencies.
What made this attack different was the role AI played. It wasn’t just suggesting things to humans. It was doing them. Anthropic described it as the first known case of an AI-led cyberattack that didn’t rely heavily on constant human input.
Here’s what the attack flow looked like, broken down into phases:
| Phase | What happened |
|---|---|
| Phase 1 | Human hackers picked targets and set up a framework. Claude Code was tricked into thinking it was working for a legit security firm. |
| Phase 2 | Claude scanned the target’s infrastructure, found databases, and flagged weak spots. |
| Phase 3 | It wrote its own exploit code, harvested credentials, set up backdoors, and began pulling sensitive data. |
| Phase 4 | Claude organised stolen files, sorted them based on intelligence value, and documented the whole thing in neat reports. |
According to the blog, “the threat actor was able to use AI to perform 80 to 90 percent of the campaign” with very little human intervention. The attackers only stepped in around 4 to 6 times per campaign to make big decisions. Most of the grunt work was handled by Claude, which made thousands of requests every second.
Jailbreak tactics fooled the AI’s safety guardrails
Claude wasn’t supposed to behave like this. It’s trained not to perform harmful actions. But the attackers found a clever way around that. They broke up the attack into smaller steps so Claude didn’t understand the full picture. They told it that it was part of a cybersecurity audit, working in a red team environment. This jailbroke the model’s safety system.
Once Claude was in that frame of mind, it began acting like an employee helping test defenses—except the targets weren’t aware and the goal was theft, not security.
Why this matters for India and the world
This changes the cybersecurity game. It means nation-state attackers can now launch complex cyberattacks faster, cheaper and more quietly. You don’t need a full team of skilled human hackers when an AI system can write code, scan networks, and sort through stolen data like it’s organising a spreadsheet.
Anthropic warns that the barrier to entry is now lower than ever. Groups with fewer resources or less technical skill could now pull off high-level attacks if they can manipulate agentic AI models.
Back in July, the company had flagged a wave of “vibe hacking” where AI tools were used in social engineering scams. But those still involved humans running the show. This time, the human role was minimal.
Claude also used to investigate the attack
Here’s an ironic twist. Anthropic says it used Claude’s newer tools to help investigate this very breach. The AI sifted through logs and helped its own developers track what went wrong. So even while AI is being used for attacks, it’s also a powerful tool for defense.
In their words, “our Threat Intelligence team used Claude extensively in analyzing the enormous amounts of data generated during this very investigation.”
What’s next for cybersecurity?
This story makes one thing clear: cybersecurity teams can’t ignore AI anymore. Anthropic says the industry needs to start experimenting with AI for defense, not just for research. It recommends using AI for things like:
- Security Operations Center (SOC) automation
- Threat detection
- Vulnerability scans
- Fast incident response
Also, model developers need to work harder to build in guardrails. The attackers got in by fooling the AI’s safety layers, not by hacking them directly. That’s something developers need to patch quickly.