Inside the Anthropic Cyberattack: When AI Is Used to Hack at Scale

You've seen those sci-fi movies, and I've played Overwatch 2 long enough to know the lore of the omnics. Thankfully no, what happened at Anthropic isn't that dramatic. But it's still worth knowing.

On November 14, Anthropic published a report describing what might be the first large scale cyberattack carried out mostly by AI. Read that again. Not AI writing code for humans. Not AI giving suggestions. Actual AI systems running attacks, probing networks, stealing data, planning the next steps, and making thousands of decisions with only minimal human supervision.

And it’s not a hypothetical. It’s something that already happened.

In this article, I want to break this down in a way that anyone can understand, both for non-technical and technical people, because this is one of those moments in tech where even people who do not follow cybersecurity should pay attention.

This matters for all of us.

What Happened in Summary

In September 2025, Anthropic detected suspicious activity inside their systems. It turned out to be a highly sophisticated espionage operation (aka a very advanced spying operation) run by a state sponsored group from China. What was surprising about this detected activity wasn't the country; it was the method.

The attackers discovered a way to misuse Claude Code, Anthropic’s AI coding tool, which assists developers in generating code and making development work faster. Basically, they tricked it into thinking it was doing legitimate security work. As the report states, it was used "to support reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations largely autonomously."

In plain English, they were telling the AI coding tool that they were conducting authorized security assessments. By doing this, they manipulated the AI into executing tasks that were actually part of a cyberattack. These tasks looked safe on the surface but were actually pieces of a larger hacking operation.

And once the AI was inside the system, it did almost everything on its own.

It scanned networks, identified valuable databases, wrote its own exploit scripts, stole credentials. Then it organized the stolen data, mapped out high value targets and even created documentation for the attackers.

The human attackers only stepped in a few times to make major decisions. The threat actor, known as GTG-1002, simply sat back and let the machine run.

The AI was performing work that normally requires entire teams of human hackers. And it did it at a speed that humans simply cannot touch. As the report puts it, the speed was unprecedented at “thousands of requests, often multiple per second”.

When you put all of that together, you get a cyberattack that felt less like a crime and more like industrial scale automation.

Have we crossed the lines?

Reading this report hits me not only with fear, but also recognition. Recognition that we have crossed a threshold.

For years we talked about AI as a smart tool, an assistant. When OpenAI first launched chatGPT, it was something that gives us ideas or writes your draft emails for you.

But this was the first time we saw AI acting almost as an operator. A system that could run for long periods without a person driving every decision. A system capable of turning intent into action, without much human intervention.

And here is the part most people do not realize.

The barrier to launching a sophisticated cyberattack just got dramatically lower. What used to require a nation state level budget, a team of elite hackers, and months of planning can now potentially be done by a small, poorly resourced group if they know how to weaponize the right AI tools.

That changes the landscape. Not just for tech companies or governments. For everyone.

Why should you care?

All this might seem very far from your daily life, especially if you’re not in tech and don’t keep up with tech news. But you are a user too (unless you don’t use the internet) so this is a larger part of your life, more than you realize.

Cybersecurity is not a concern for corporations to figure out. It is our identities at stake. Our bank accounts. Our photos. Our health records. Our work. Our relationships. Almost every part of our life sits inside a cloud or a database somewhere.

Reading the report by Anthropic got me thinking that if large scale, automated attacks become more common, the ripple effects will reach regular people like us first, and we will have to deal with the consequences.

Just to be clear, this is not about paranoia. This is about awareness. Because we are entering a world where AI will be used on both sides. Attackers will use it to scale theft. Defenders will use it to scale protection. And the speed of both will increase.

Understanding this shift matters because it changes what digital safety means.

It is no longer enough to say “be careful with your passwords” like our parents used to say. We need to think about how to build systems that can defend themselves at machine speed. Systems that can recognize and alert us when an AI is poking around. Systems that do not rely on humans noticing something strange after the damage is done.

Anthropic also made one point very clear. Even though they only had visibility into Claude’s behavior, this pattern probably applies to other advanced AI models too. Threat actors are learning how to manipulate these AI tools into doing the heavy lifting, performing the intrusions itself.

How Anthropic handled it

Perhaps because of the previous vibe hackings in June, the team at Anthropic were prepared and used Claude extensively to investigate the attack, like a counterattack. It combed through mountains of data and quickly banned the identified accounts while notifying the targeted entities. According to the report, the operation targeted roughly 30 entities.

But there is a revelation that’s more important that emerged during Anthropic’s investigation: The fact Claude did not perform perfectly. It would report to its human hackers that it has found credentials that doesn’t work or flagged them as top secret when it’s actually public information. These hallucinations made the attackers’ job harder, because they had to manually check whether what the AI reported was even real.

Luckily, this means that fully autonomous cyberattacks are not here yet. There are still points where human validation is required, which gives us room to build better safeguards.

Which is exactly why transparency matters.

Anthropic shared this case publicly to help the broader AI safety and security community understand what we are dealing with. They want industry, government, and researchers to strengthen their own defenses. GTG-1002 is not just the name of a threat actor. It is a sign of how quickly the landscape is shifting and why AI safeguards are not optional anymore.

What can we do?

We all have a part to play as users of these AI tools, these powerful and complex systems. Even though we cannot control what hackers or governments do, there are a few practical things we can do to stay safer in a world where attacks are moving at machine speed.

1. Your digital identity is as important to protect as your identity. Use 2FA or MFA whenever you can.

2. Be mindful of what data about you is out there. Every marketing newsletter you signed up to get a free ebook, every picture you post, is a data point of you.

3. Don’t ignore security updates on your devices. Update your phone or laptop if a new security update is out.

4. Don’t click links or download things you don’t know. A lot of breaches still begin with a fake site, a fake button or link. Always verify the legitimacy before action.

5. Stay informed. We are in an era where AI is both a spear and a shield. The more you understand what's happening, the better prepared you'll be.

Shameless plug: You can stay informed by following this blog! Because I will be covering more on such topics to break things down in plain English!

Thanks for reading this article! If you enjoyed it, do like and share it for more reach! This article is part of a new series called “AI, but make it make sense”. The aim of this series is to demystify anything AI, for non-techies and techies! So far, in the series, we’ve talked about a few topics such as:

• Understanding AI Agents

• The Truth about Vibe Coding

• Uncovering AI chatbots: When "Private" Conversations Aren’t Really Private

If these are interesting to you, do check out the series here for more! Thanks for reading! Cheers!

Let's Connect!

• Twitter

• LinkedIn

• GitHub

• ragTech

• WomenDevsSG

Sources

• https://www.anthropic.com/news/disrupting-AI-espionage

• https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf

• https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf

Image credit

Side note - favourite cover image I made ever because it’s Sombra from Overwatch 2 and she’s a cool hacker so finally I have a reason to use this image for an article

• Sombra Overwatch HD Wallpaper by Wallace Pires