In a first-of-its-kind cyberattack, AI took the lead role in infiltrating global systems with minimal human oversight.
Quick Summary – TLDR:
- Anthropic uncovered a large-scale cyber espionage campaign in September 2025.
- The attack was powered mostly by AI, using the company’s own Claude Code tool.
- China-backed hackers are believed to be behind the attack, targeting over 30 organizations.
- AI performed up to 90% of the operation, raising new concerns about AI’s misuse.
What Happened?
In September 2025, Anthropic detected and disrupted what it now calls the first major AI-orchestrated cyber espionage campaign. Using its own Claude Code AI tool, malicious actors launched a sophisticated, large-scale hacking operation that infiltrated global tech companies, financial institutions, chemical manufacturers, and government agencies. The campaign, which was largely executed by AI agents, is believed to have been carried out by a China-sponsored group, according to Anthropic’s threat intelligence team.
We disrupted a highly sophisticated AI-led espionage campaign.
— Anthropic (@AnthropicAI) November 13, 2025
The attack targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We assess with high confidence that the threat actor was a Chinese state-sponsored group.
The AI-Led Attack: A New Kind of Threat
Unlike traditional hacks that rely heavily on human control, this operation was primarily automated. Anthropic revealed that AI handled an estimated 80 to 90 percent of the campaign’s tasks, only requiring humans at a few critical decision points.
- Attackers used Claude Code, a powerful AI programming assistant developed by Anthropic, to carry out the operation.
- They jailbroke the AI, tricking it into believing it was participating in legitimate security testing.
- The AI was fed small, context-limited tasks to bypass safety checks, masking the malicious intent.
Claude conducted reconnaissance, scanned networks, created exploit code, harvested credentials, and extracted sensitive data with minimal human input. At times, it even documented the stolen data and outlined the systems it had breached.
Speed and Scale of the Espionage
The attack was not only autonomous but also incredibly fast. Claude made thousands of system requests per second, analyzing infrastructure and pinpointing valuable data. What would have taken teams of human hackers days or weeks was completed in a fraction of the time.
Although the AI was highly effective, it was not perfect. Anthropic noted that Claude occasionally hallucinated credentials or misidentified public information as classified. These issues, however, are considered minor and likely to be resolved as AI models improve.
How Anthropic Responded?
Once suspicious activity was detected, Anthropic immediately launched an internal investigation. Over a 10-day period, the company:
- Mapped the full scope of the attack.
- Banned compromised accounts.
- Notified affected organizations.
- Coordinated with authorities to neutralize the threat.
The company also ramped up its security measures, rolling out improved classifiers and expanding detection capabilities to better catch future AI-powered threats.
The Bigger Picture: AI and Cybersecurity
This incident underscores a growing concern: as AI becomes more capable, so does its potential for misuse. The same tools that help cybersecurity teams defend networks are now being weaponized by adversaries.
Anthropic isn’t alone in noticing this shift. Earlier in 2025, Google revealed that its AI agent had discovered a live security vulnerability, highlighting how AI is changing the landscape of both defense and offense in cybersecurity.
Anthropic emphasized that despite the dangers, AI remains a critical tool for defense. Claude itself was used extensively by the company’s threat team to analyze the attack and guide their response. The challenge now lies in staying ahead of malicious actors who are quick to adapt these tools for harmful use.
SQ Magazine Takeaway
I’ll be honest, this one hit differently. We always knew AI would change cybersecurity, but seeing it executing entire hacking operations nearly on its own is a wake-up call. Anthropic’s quick response might have stopped something far worse, but the message is clear: we’re now in an era where AI isn’t just helping hackers, it’s becoming the hacker. If security teams aren’t adapting fast, they’ll be left wide open.
