{"id":5857,"date":"2025-11-19T00:11:50","date_gmt":"2025-11-19T00:11:50","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5857"},"modified":"2025-11-19T00:11:50","modified_gmt":"2025-11-19T00:11:50","slug":"anthropic-ai-powered-cyberattack-causes-a-stir","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5857","title":{"rendered":"Anthropic AI-powered cyberattack causes a stir"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>AI \u200b\u200bcompany Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model.<\/p>\n<p>According to\u00a0<a href=\"https:\/\/assets.anthropic.com\/m\/ec212e6566a0d47\/original\/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf\" target=\"_blank\" rel=\"noopener\">the research report<\/a>, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial institutions, chemical companies, and government agencies. The attack was discovered in mid-September 2025. The hacking group GTG-1002, which is linked to China, is said to be behind the attack campaign.<\/p>\n<p>The attackers allegedly manipulated Anthropic\u2019s AI programming tool Claude Code to launch largely autonomous infiltration attempts, according to Anthropic\u2019s report.<\/p>\n<h2 class=\"wp-block-heading\">Security community responds<\/h2>\n<p>However, security experts have doubts about how autonomous the attacks actually were. Cybersecurity researcher Daniel Card joked in an\u00a0<a href=\"https:\/\/x.com\/UK_Daniel_Card\/status\/1989322655846072680\" target=\"_blank\" rel=\"noopener\">X post<\/a>: \u201cThis Anthropic thing is marketing guff.\u201d<\/p>\n<p>Furthermore, IT security expert Kevin Beaumont criticized on the\u00a0<a href=\"https:\/\/cyberplace.social\/@GossiTheDog\/115547042229253967\" target=\"_blank\" rel=\"noopener\">Mastodon<\/a>\u00a0platform that Anthropic had not published any indicators of compromise (IoCs) of the attacks.<\/p>\n<p>\u201cI continue to refuse to believe that attackers are somehow able to get these models to jump through hoops that nobody else can,\u201d Dan Tentler, founder of the Phobos Group, told\u00a0<a href=\"https:\/\/arstechnica.com\/security\/2025\/11\/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous\/\" target=\"_blank\" rel=\"noopener\">Ars Technica.<\/a>\u00a0\u201cWhy do the models give these attackers what they want 90% of the time but the rest of us have to deal with ass-kissing, stonewalling, and acid trips?\u201d<\/p>\n<p>However, this is not the first time Anthropic has reported on such a case. Back in\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/4048337\/ki-greift-erstmals-autonom-an.html\" target=\"_blank\" rel=\"noopener\">August 2025,<\/a>\u00a0the company claimed its AI-powered developer tool Claude Code had already been misused for autonomous cyberattacks.<a><\/a><\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>AI \u200b\u200bcompany Anthropic recently announced that companies worldwide have been attacked by an AI-powered cyber espionage campaign. It is purported to be the first publicly documented case of a cyberattack carried out by an AI model. According to\u00a0the research report, around 30 organizations worldwide were affected by the attacks. These included large technology companies, financial [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5858,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5857"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5857"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5858"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}