Anthropic says it uncovered an operation in which hackers linked to the Chinese government used its Claude chatbot to automate cyber attacks against roughly 30 global organisations, marking what the company described as the “first reported AI-orchestrated cyber espionage campaign.” The announcement, published in a company blog post, has prompted both concern and scepticism across the cybersecurity sector.
Anthropic said it identified the activity in mid-September. According to its researchers, hackers posed as legitimate cybersecurity professionals and asked Claude to perform small automated tasks which, when combined, formed a sophisticated attack chain. The company said it had “high confidence” the operators were a Chinese state-sponsored group, although it provided no further detail about how it reached that conclusion. The Chinese embassy in the U.S. denied involvement.
Anthropic stated that humans selected the targets — which included major technology firms, financial institutions, chemical manufacturers and government agencies. Hackers then used Claude’s coding assistance to build an unspecified program intended to autonomously compromise chosen targets. The company claimed the chatbot helped breach unnamed organisations, extract sensitive information and sort it for relevance.
Following the discovery, Anthropic said it banned the attackers from accessing Claude and informed affected companies as well as law enforcement. The firm’s researchers argued that the case illustrates how AI capabilities can be misused and said the same abilities could be central to future cyber-defence tools.
Reactions from the cybersecurity community have been mixed. Martin Zugec of Bitdefender said Anthropic’s “bold, speculative claims” lacked verifiable threat-intelligence evidence, adding that detailed transparency is necessary to “assess and define the true danger of AI attacks.” Some analysts questioned whether the report overstates current AI capabilities, noting that fully autonomous cyberattacks remain limited by model inaccuracies. Anthropic acknowledged that Claude generated fabricated usernames and passwords during the process and incorrectly identified publicly available information as sensitive, calling such errors a barrier to complete automation.
Other AI firms have previously reported state-aligned misuse of their tools. In February 2024, OpenAI and Microsoft disclosed that actors from several countries, including China, had used AI systems for tasks such as gathering open-source information, translation and basic coding work. Cybersecurity experts have warned about potential misuse of AI to produce new malware variants, although a Google research paper published in November found current tools to be largely experimental and often ineffective.
Industry critics have argued that both AI and cybersecurity vendors may be incentivised to amplify fears about AI-enabled hacking to boost interest in their own products. Anthropic, in its post, said AI systems may ultimately be necessary to defend against increasingly complex threats, even as it acknowledged Claude’s inaccuracies during the alleged operation.
Featured image credits: Freepik
For more stories like it, click the +Follow button at the top of this page to follow us.