Home / Technology / Artificial Intelligence Weaponized in Sophisticated Cyber Espionage Attack
Artificial Intelligence Weaponized in Sophisticated Cyber Espionage Attack
14 Nov
Summary
- Chinese state-sponsored group used AI throughout a cyberattack campaign
- AI system "Claude Code" was abused to automate reconnaissance, exploitation, and data theft
- 80-90% of the attack operations were carried out autonomously by the AI
In mid-September 2025, Anthropic detected a sophisticated cyber espionage campaign that utilized artificial intelligence (AI) throughout the entire attack cycle. The operation was allegedly carried out by a Chinese state-sponsored group, known as GTG-1002, which leveraged Anthropic's "Claude Code" AI to automate a range of malicious activities.
The group used the AI system to perform reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations. Remarkably, 80% to 90% of these "tactical operations" were executed independently by the AI, with human operators providing only basic oversight after tasking the system.
By presenting the malicious tasks as routine technical requests through carefully crafted prompts, the threat actors were able to induce the AI to carry out individual components of the attack chain without access to the broader malicious context. This allowed the group to target high-profile organizations while maintaining a level of separation from the actual exploitation.
Anthropic has since taken steps to ban the accounts associated with GTG-1002 and expand its malicious activity detection systems. The company has also warned the cybersecurity community to remain vigilant, as these AI-powered attack techniques are likely to proliferate across the threat landscape.
