AI company Anthropic has halted the first large-scale, AI-orchestrated cyberattack, which the company said was initiated by a Chinese state-sponsored group. Anthropic said the bad actor manipulated Anthropic’s Claude Code tool, “attempting infiltration into roughly thirty global targets and succeeded in a small number of cases.”
AI performed most of the work in the security attack autonomously. The bad actor used AI to perform 80%-90% of the campaign — from reconnaissance to data exfiltration — and human intervention was minimal.
“The sheer amount of work performed by the AI would have taken vast amounts of time for a human team,” Anthropic said. “At the peak of its attack, the AI made thousands of requests, often multiple per second — an attack speed that would have been, for human hackers, simply impossible to match.”
Brian Greenberg, CIO of consultancy RHR International, said this threat is significant because it shows how an AI model can do most of the technical heavy lifting, lowering the barrier to entry for inexperienced, less skilled or small teams of hackers — instead of a full nation-state offensive unit — to launch an AI-based cyberattack.
Anthropic identified suspicious activity in mid-September, which the company determined was a result of a “highly sophisticated espionage campaign.”
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree — using AI not just as an advisor, but to execute the cyberattacks themselves,” according to Anthropic.
The AI company explained that the cyberattack targeted a number of organizations, including “large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.”
In response to the threat, Anthropic launched an investigation, mapped the severity of the threat, banned identified accounts, notified affected organizations and worked with authorities as they gathered actionable intelligence.
AI and cybersecurity reach ‘inflection point’
Anthropic said an inflection point in cybersecurity has been reached where AI models are now “genuinely useful” in cybersecurity — both in the prevention and deployment of threats. Rik Turner, a chief analyst at Omdia, said companies should expect AI model-based threats to increase moving forward.
“We should see an increasing wave of such attacks, particularly from state-sponsored groups. It remains to be seen how well prepared the average organization is or will be,” he said.
RHR’s Greenberg echoed that sentiment, describing AI-based cyberattacks as a “major threat.”
“AI moves at speeds we’ve been only able to imagine until now. AIs can target dozens of organizations at the same time, and autonomously discover vulnerabilities, harvest credentials and analyze the stolen data,” he said. “Humans simply can’t keep up with that pace without AI cyber assistance.”
CIOs can leverage AI to strengthen security posture
CIOs should assume that attackers already have AI in their toolkit, Greenberg said. In response, CIOs need to tighten up attack surfaces, apply continuous monitoring, automate their defensive workflow as much as possible and continually train end users to identify AI-assisted phishing and deep fakes.
“Manual security efforts just won’t cut it,” Greenberg said.
Organizations can improve their approach to cybersecurity either with or by AI, Turner explained. Security with AI occurs when a cybersecurity vendor uses machine learning to detect a threat or GenAI to provide more context or remediation suggestions, for example. Security by AI is when a “security tool uses AI agents to perform low-level security tasks autonomously, freeing scarce human resources to devote themselves to more complex issues,” Turner explained.
By applying an AI-driven approach to cybersecurity to combat AI-based threats, CIOs can address threats in a more proactive manner, Greenberg said.
“The only effective way to counter AI-enabled attacks is to use AI just as aggressively on the defensive side for faster detection, automated analysis and rapid incident response,” Greenberg said.
