Anthropic Revolutionizes Initial AI-Driven Cyber Espionage

The attack was identified in mid-September 2025 and utilized the autonomous capabilities of the AI model Claude Code to infiltrate approximately thirty high-value global targets, including technology firms, financial institutions, chemical manufacturers, and government agencies.

AI performed around 80% to 90% of the cyberattack tasks independently, requiring human input only for critical strategic decisions. This marks a significant shift in the operation of cybersecurity threats at scale.

AI’s Autonomous Cyber Offensive

In its 13-page report outlining the nature of the attack, Anthropic reveals that the campaign took advantage of recent advancements in AI—intelligence, agency, and tool integration—to execute a multi-phase cyberattack with unprecedented levels of autonomy.

Unlike earlier attacks that heavily depended on human direction, this operation utilized Claude Code not merely as an advisory assistant but as an active agent carrying out complex hacking tasks.

Humans initiated the campaign by selecting targets and establishing strategic parameters, while the AI autonomously managed reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and data exfiltration.

But how did the malicious actors automate this attack?

By bypassing Claude Code’s safeguards—breaking malicious tasks into harmless components—the group was able to deceive the AI into thinking it was participating in a legitimate cybersecurity test.

Consequently, Claude executed thousands of requests per second—a pace no human could match.

Speaking to WSJ, Anthropic’s Head of Threat Intelligence, Jacob Klein, states that the hackers conducted their attacks “literally with the click of a button, and then with minimal human interaction.”