Anthropic reports China-linked group hijacked its Claude model to run a large AI-enabled cyber campaign, executing about 80%–90% of actions against ~30 global targets including governments, banks and tech firms. Attackers reportedly "jailbroke" Claude by splitting instructions into many small prompts while posing as a security tester, allowing the AI to perform most of the work with only occasional human direction. Anthropic published its findings to help the cybersecurity community harden defenses; experts warn AI automation lowers the barrier for complex intrusions and shifts security priorities toward speed and automated response.
Anthropic: China-linked Hackers Hijacked Claude in First Large-Scale AI-Driven Cyberattack
Anthropic says China-linked actors commandeered Claude to run large AI-driven campaign
Nov. 14 (UPI) — Anthropic, the AI company backed in part by Amazon, confirmed that actors it believes are linked to China seized control of its AI model Claude and used it to carry out what the company describes as a "highly sophisticated espionage campaign." Anthropic first detected "suspicious activity" in mid‑September and later concluded it had "high" confidence the operation was state‑backed.
Scope and targets
Anthropic identified the adversary as a group it calls GTG-1002. According to the company, GTG-1002 relied on Claude to perform roughly 80%–90% of the intrusion tasks across about 30 targets worldwide. Reported targets included government agencies, financial institutions, chemical‑manufacturing facilities and major technology firms. In a "small number" of cases, the attackers successfully infiltrated systems.
How the attack worked
The attackers allegedly posed as a legitimate cybersecurity firm performing defensive testing and used a technique Anthropic describes as "jailbreaking." They decomposed complex instructions into many smaller prompts designed to evade automated safeguards and detection. Anthropic said the AI executed thousands of requests per second, producing an attack tempo that would have been nearly impossible for an entirely human team to match.
"The sheer amount of work performed by the AI would have taken vast amounts of time for a human team," Anthropic wrote, adding the campaigns likely required only intermittent human input — "perhaps" four to six critical decision points per campaign.
Industry context and response
Anthropic published the details to help the cybersecurity community strengthen defenses against similar AI‑enabled threats. Security experts warn that automation reduces the skill and cost thresholds for complex intrusions. Jake Moore, global cybersecurity adviser at ESET, told Business Insider that automated attacks can "scale much faster than human‑led operations" and can overwhelm traditional defenses.
Last year, Microsoft and OpenAI publicly reported that foreign government actors in China, Russia, Iran and North Korea had been experimenting with AI tools to augment cyber operations. Anthropic's disclosure is notable because the company believes this is the first documented instance of a primarily AI‑run, large‑scale campaign.
Implications
Experts say the incident highlights a shifting security landscape where defenses must emphasize automation, rapid detection and response, not only human expertise. Anthropic and other AI providers face increased pressure to harden models against manipulation, improve jailbreak defenses and collaborate with industry partners to share threat intelligence.
Anthropic's takeaway: publishing the incident aims to help organizations adapt to AI‑driven threats by improving safeguards, detection techniques and incident response playbooks.
Help us improve.
