State-backed hackers from China have pulled off something cybersecurity experts have long feared: a massive, mostly automated cyberattack campaign powered by artificial intelligence. The attackers targeted technology companies, financial institutions, chemical manufacturers, and government agencies worldwide with the use of Anthropic’s Claude AI in what appears to be the first documented case of large-scale cyber-espionage running on autopilot.
The campaign is a watershed in digital warfare. For the first time, hackers have successfully weaponized AI to handle nearly all aspects of sophisticated cyberattacks, reducing human involvement to just a handful of critical decisions while the AI did the heavy lifting.
They created an automated scheme that made Claude their digital attack dog. A human operator would identify the targets, then step back and let the AI do the work. By clever manipulation-a process called “jailbreaking”-they tricked Claude into thinking it was doing real defensive security work; they actually convinced the AI it was helping to protect systems rather than break into them.
Posing as authorized security personnel, the attackers bypassed the safety features of Claude that should have prevented this sort of misuse. The impersonation worked incredibly effectively.
AI Takes the Driver’s Seat in Cyberattacks, Achieving Near-Autonomy
Once released, Claude performed 80 to 90 percent of the attack tasks independently. The AI would scan target systems, look for vulnerabilities, write code to exploit them, steal credentials, create backdoors for future access, and even sort the stolen data into categories.
Human hackers needed to interfere no more than four to six times per campaign, only at the critical junctures where strategic decisions were needed.
The speed advantage was huge. What would take human attack teams days or weeks, the AI did in hours-processing information and carrying out attacks at speeds no human team could keep up with.
Credits: chosun.com
The attackers fragmented their malicious request to make them as innocuous as possible to avoid detection. This also slipped by security monitoring systems that could flag such suspicious activity.
The AI wasn’t perfect, though. Claude sometimes hallucinated fake credential details or mistakenly identified publicly available information as secret intelligence. Despite such glitches, a number of attacks succeeded in compromising their targets.
Each of these attacks was automatically documented by the system, recording credentials, system vulnerabilities, and access points targeted for future operations.
Anthropic Disrupts AI-Powered Cyber Campaign, Igniting Global Debate on Regulation and National Security
Of the suspicious activities, Anthropic detected them in September 2025 and promptly moved to shut them down. The company banned the offending accounts, contacted all organizations affected, and liaised with law enforcement authorities to investigate this campaign.
In its public statement, Anthropic highlighted that the current technology of AI maintains limitations for fully autonomous attacks. Occasional errors by the AI and the need for human oversight in some processes mean that we are not quite there yet in terms of completely hands-off cyber warfare. The company acknowledged that this incident did, however, show where things are headed.
The attack has sparked intense debate on the regulation of AI and national security policy. Experts in cybersecurity say that as AI technology continues to evolve, these automated attacks will only get more accurate, frequent, and difficult to deflect.
The incident validates long-standing fears that AI could dramatically lower the barriers to conducting sophisticated cyberattacks. Such groups or nations, with limited technical expertise or resources, can now punch well above their weight class by leveraging AI agents to do the complicated work.
But not everyone agrees on the severity of the threat. Cybersecurity researchers criticized the public report by Anthropic for a lack of technical transparency. They say that many of the described actions are already possible through traditional hacking tools, suggesting the AI-powered threat may be somewhat overhyped.
Responding to the New Era of AI-Powered Cyber Conflict
Yet for most experts, this is a point of inflection. The campaign shows that AI can significantly speed up and scale cyber operations, particularly for state-sponsored actors who have the resources to construct sophisticated automation frameworks.
The attack also illustrates a hazardous dynamic in the arms race: the more capable AI is at defense, the more powerful it is for offense. Hackers and security teams are racing to harness AI’s potential, setting up what could be an escalating technological battle for years to come.
The message is clear: the age of AI-powered cyber warfare has begun, and the world is scrambling to figure out how to respond.
