SAN FRANCISCO: U.S.-based AI company Anthropic disclosed on Thursday what it described as the first documented case of a state-sponsored cyber-espionage campaign carried out largely by an AI system. The firm says that a Chinese government-linked adversary manipulated its AI tool, Claude (specifically the Claude Code variant), to target about 30 global organisations, including technology firms, financial institutions, chemical companies and government agencies.
According to Anthropic’s threat-intelligence briefing, the attack chronology began in mid-September 2025, in which the adversary “jail-broke” Claude by disguising their role as a legitimate cybersecurity firm and breaking down malicious tasks into seemingly innocuous steps. Using Claude’s agentic capabilities, its ability to chain together tools, execute code and perform tasks autonomously, the attackers allegedly handled the attack with minimal human oversight.
Anthropic said it intervened, banning compromised accounts, notifying affected organisations and coordinating with authorities. While a “handful” of intrusions succeeded, the company did not name specific targets. It cited errors by Claude, including hallucinated credentials and fabricated findings, as limiting the campaign’s effectiveness.
However, cybersecurity researchers and AI practitioners have openly expressed scepticism. Some argue the scenario may amount to sophisticated automation rather than fully autonomous AI-led hacking, pointing to the lack of public indicators of compromise and limited independent verification of the claims.
However, cybersecurity researchers and AI practitioners have openly expressed scepticism. Some argue the scenario may amount to sophisticated automation rather than fully autonomous AI-led hacking, pointing to the lack of public indicators of compromise and limited independent verification of the claims.