AI Company Halts China-backed Cyber Espionage Campaign
A leading artificial intelligence company claims to have stopped a China-backed “cyber espionage” campaign that infiltrated financial firms and government agencies with minimal human oversight.
The US-based Anthropic said its coding tool,Claude Code,was “manipulated” by a Chinese state-sponsored group to attack 30 entities globally in September,resulting in a “handful of prosperous intrusions.”
This represents a “notable escalation” from previously monitored AI-enabled attacks, according to a blogpost published on Thursday, because Claude operated largely independently: 80 to 90% of the attack’s operations occurred without human intervention.
“The actor achieved what we believe is the first documented case of a cyber-attack largely executed without human intervention at scale,” Anthropic wrote.
anthropic did not disclose the specific financial institutions and government agencies targeted, nor the extent of the data accessed by the hackers. Though, they confirmed the attackers gained access to internal data.
The company noted that Claude made numerous errors during the attacks,fabricating data about targets and falsely claiming to “discover” publicly available data.
Policymakers and experts view these findings as a concerning indication of the growing capabilities of AI systems, noting that tools like Claude can now function independently for extended periods.
“Wake the f up. This is going to destroy us – sooner than we think – if we don’t make AI regulation a national priority tomorrow,” US Senator Chris Murphy wrote on X in response to the findings.
“AI systems can now perform tasks that previously required skilled human operators,” said Fred Heiding, a computing security researcher at Harvard University. “It’s getting so easy for attackers to cause real damage. The AI companies don’t take enough obligation.”
Other cybersecurity experts remain skeptical.