Anthropic researchers say they have disrupted what they described as the first reported use of artificial intelligence to direct a hacking campaign in a largely automated fashion, marking what they called a troubling development in cybersecurity.
According to a threat report released this week, the operation was linked by Anthropic to the Chinese government and showed how AI-enabled tools can scale cyberattacks far beyond what human hackers can achieve manually. Researchers said the degree of automation distinguished the incident from previous cyber operations.
“While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale,” the researchers wrote.
Anthropic said the attackers targeted “roughly thirty global targets,” including technology companies, financial institutions, chemical companies, and government agencies. The hackers “succeeded in a small number of cases,” according to the report. Anthropic detected the activity in September, took steps to shut it down, and notified affected parties.
The San Francisco-based company, the developer of the Claude AI system, warned that AI “agents” can autonomously perform actions on a user’s behalf — a feature that can be exploited by malicious actors.
“Agents are valuable for everyday work and productivity — but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks,” the report stated. “These attacks are likely to only grow in their effectiveness.”
China’s embassy in Washington did not immediately respond to a request for comment.
Microsoft has previously warned that foreign adversaries, including China and Russia, are experimenting with AI to enhance their cyber operations. Experts say criminal groups and state-backed hackers increasingly use AI to automate attacks, craft more convincing phishing lures, and mimic digital identities of government officials.
Anthropic reported that the attackers manipulated Claude using “jailbreaking” methods that tricked the AI into bypassing safety guardrails.
“This points to a big challenge with AI models, and it’s not limited to Claude,” said John Scott-Railton, a researcher at Citizen Lab. “The models have to be able to distinguish between what’s actually going on with the ethics of a situation and the kinds of role-play scenarios that hackers and others may want to cook up.”
Some analysts warned that the disclosure could also spark debates about regulating AI.
“This is going to destroy us — sooner than we think — if we don’t make AI regulation a national priority tomorrow,” Sen. Chris Murphy (D–CT) wrote on X.
Yann LeCun, Meta’s chief AI scientist, pushed back, accusing critics of amplifying fear to push for regulatory advantages.
“You’re being played by people who want regulatory capture,” LeCun wrote.