Anthropic has reported what it calls the first documented large-scale cyberattack executed primarily by an AI system. The company said the incident occurred in mid-September 2025 and involved its Claude Code tool being misused to carry out a sophisticated, multi-stage intrusion campaign.

According to Anthropic, the attackers used agent-like AI capabilities to perform up to 90 percent of the work. Human involvement was minimal, limited to a few key decisions during each cycle. The company stated that hackers posed as cybersecurity researchers and used jailbreak techniques to bypass safeguards. They instructed Claude to complete a series of small tasks that, together, formed an automated cyber-espionage operation.

Anthropic said the attackers targeted nearly 30 organizations, including tech companies, financial institutions, chemical manufacturers, and government agencies. The AI system handled reconnaissance, wrote exploit code, extracted credentials, identified vulnerabilities, and exfiltrated sensitive data. It also compiled detailed reports that helped the attackers plan future operations.

The company said its investigation linked the attack to a Chinese state-sponsored group, although it did not disclose the specific evidence. The Chinese embassy denied involvement. Anthropic has banned the attackers from using Claude and notified affected organizations and law enforcement agencies.

Cybersecurity researchers have expressed skepticism. Martin Zugec from Bitdefender said the report lacked verifiable threat intelligence and called the claims speculative. He acknowledged the growing risk of AI-driven threats but stressed the need for transparency.

Anthropic argued that AI tools are essential for both attack and defense. It used Claude to help analyze the breach and called for stronger AI safeguards and better coordination among industry and government.

The report suggests that AI systems can now perform tasks that once required entire teams of expert hackers. Anthropic warned that the barrier to advanced cyberattacks has dropped and urged organizations to adopt AI-powered security tools to counter emerging threats.

In related news, reports suggest AI search engines increasingly surface low-traffic websites over major sources, and LSE predicts Gen Alpha could rely on voice rather than keyboards at work by 2028.

For daily updates, please visit ourNews Section.

Stay ahead in tech!Join ourTelegram communityand sign up for our daily newsletter oftop stories!💡

(Source, Via)