{"id":4566,"date":"2025-08-28T00:38:22","date_gmt":"2025-08-28T00:38:22","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4566"},"modified":"2025-08-28T00:38:22","modified_gmt":"2025-08-28T00:38:22","slug":"anthropic-detects-the-inevitable-genai-only-attacks-no-humans-involved","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4566","title":{"rendered":"Anthropic detects the inevitable: genAI-only attacks, no humans involved"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>When Anthropic published a report Wednesday detailing genAI attacks that entirely bypassed humans, as opposed to human attackers using AI tools as aids, it was the realization of what many CISOs have long anticipated.\u00a0<\/p>\n<p>But it shows that preparations for AI-only attacks need to be accelerated as the detectable patterns from human attacks become irrelevant.\u00a0<\/p>\n<p>When attack groups consist of \u201csolopreneurs or an extremely small numbers of employees executing at this level,\u201d said <a href=\"https:\/\/www.sans.org\/profiles\/rob-lee\" target=\"_blank\" rel=\"noopener\">Rob Lee<\/a>, chief of research at the SANS Institute, \u201cit represents a complete shift in that [attackers] who are not restrained by nation-state politics or potential attribution will feel more emboldened to do scalable damage and can logarithmically increase the number of ransomware attacks at levels we have not seen before.\u201d<\/p>\n<p>Another cybersecurity consultant, <a href=\"https:\/\/formergov.com\/directory\/brianlevine\" target=\"_blank\" rel=\"noopener\">Brian Levine<\/a>, a former federal prosecutor who today serves as the executive director of a directory of former government and military specialists called FormerGov, observed that there\u2019s a window of opportunity in which defenders can head off this kind of attack.\u00a0<\/p>\n<p>\u201cI think there\u2019s going to be a time period \u2014 it may be short \u2014 where the AI might be effective at facilitating cyber attacks, but not so focused on concealing its tracks or the identity of the person behind the keyboard,\u201d Levine said. \u201cThat may be an opportunity to use that fact to apprehend all of these amateurs who are relying entirely on the AI to get it right.\u201d<\/p>\n<p>Levine also sees a mainstream workforce phenomenon hitting attackers. \u201cWe are seeing the criminal world continue to mirror the legitimate business world. Criminals are going to get laid off from their criminal jobs,\u201d he said. \u201cThere has been a lot of specialization in these attack groups: Someone to write the code, someone in charge of encryption, defeating the antivirus, making sure that the cards are legitimate numbers, money launderers. There have been a lot of specialized roles. What will happen with those people?\u201d<\/p>\n<h2 class=\"wp-block-heading\">AI is replacing attackers<\/h2>\n<p>The <a href=\"https:\/\/www-cdn.anthropic.com\/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf\" target=\"_blank\" rel=\"noopener\">Anthropic report<\/a> said that the company is finding more evidence that genAI tools are no longer helping cyberattackers so much as they are replacing them.<\/p>\n<p>\u201cA cybercriminal used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe. This threat actor leveraged Claude\u2019s code execution environment to automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month, across government, healthcare, emergency services, and religious institutions, \u201c the report said. <\/p>\n<p>It added, \u201cthe operation demonstrates a concerning evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually. This approach, which security researchers have termed vibe hacking, represents a fundamental shift in how cybercriminals can scale their operations. The actor demonstrated unprecedented integration of artificial intelligence throughout their attack lifecycle, with Claude Code supporting reconnaissance, exploitation, lateral movement, and data exfiltration.\u201d<\/p>\n<p>Anthropic is far from alone in these discoveries; <a href=\"https:\/\/www.welivesecurity.com\/en\/ransomware\/first-known-ai-powered-ransomware-uncovered-eset-research\/\" target=\"_blank\" rel=\"noopener\">security firm ESET reported a similar development <\/a>\u00a0in an analysis of some ransomware the day before Anthropic released its findings.<\/p>\n<p><a href=\"https:\/\/www.infotech.com\/profiles\/phil-brunkard\" target=\"_blank\" rel=\"noopener\">Phil Brunkard<\/a>, an executive counselor at Info-Tech Research Group UK, agrees with the Anthropic report, but said that he is far more worried about what the report did <em>not <\/em>find.<\/p>\n<p>\u201cThere is potentially a lot of this activity we\u2019re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?\u201d Brunkard asked. \u201cOr maybe they haven\u2019t shared because they don\u2019t yet have effective controls in place? We need to know the answer to \u2018What are the big AI vendors doing to prevent their code from being weaponized for targeted cybercrime?\u2019 And are open-source models creating even more exposure?\u201d<\/p>\n<h2 class=\"wp-block-heading\">Much more to worry about<\/h2>\n<p>As encouraging as these reports are, Brunkard said, there is far more to worry about.\u00a0<\/p>\n<p>\u201cYes, OpenAI and Anthropic have both confirmed that their platforms were misused and that they\u2019re taking steps to detect and ban bad actors. But that\u2019s still reactive,\u201d he said. \u201cThe real challenge is moving upstream. If the tools are powerful enough to run an attack from start to finish, you need to know who is using them and why.\u201d\u00a0<\/p>\n<p>Asked what CISOs should do differently to defend against these AI-only attacks, few experts had anything concrete to suggest.<\/p>\n<p>\u201cRuntime AI defense will need to keep pace with the evolution of attacker infrastructure created with modern AI tools,\u201d said <a href=\"https:\/\/moorinsightsstrategy.com\/author\/will-townsend\/\" target=\"_blank\" rel=\"noopener\">Will Townsend<\/a>, VP\/principal analyst for Moor Insights &amp; Strategy. \u201cThe good news is that many cybersecurity solution providers are embracing things like automated red teaming, prompt injection prevention, input validation, threat intelligence integration and other techniques to bolster defense. DNS security controls can also proactively identify suspect domains and others that can be weaponized in the future to deliver AI infused malware payloads.\u201d<\/p>\n<p>Another Moor analyst added that it is critical for enterprise CISOs to keep their focus on the newest threats.\u00a0<\/p>\n<p>\u201cAI enables criminals to move beyond script kiddies to a much more scalable business model with agentic thugware. Enterprises worried about quantum security should not ignore the more urgent threat of AI-assisted hacks,\u201d said <a href=\"https:\/\/moorinsightsstrategy.com\/team\/bill-curtis\/\" target=\"_blank\" rel=\"noopener\">Bill Curtis<\/a>, analyst in residence. \u201cOne tactic for escaping the mean streets of black hat versus white hat AI gang warfare is to disconnect mission-critical systems from the internet. Hence, the importance of air-gapped datacenters. It\u2019s not a big deal yet, but watch this space.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>When Anthropic published a report Wednesday detailing genAI attacks that entirely bypassed humans, as opposed to human attackers using AI tools as aids, it was the realization of what many CISOs have long anticipated.\u00a0 But it shows that preparations for AI-only attacks need to be accelerated as the detectable patterns from human attacks become irrelevant.\u00a0 [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4566"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4566"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4566\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4567"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}