Anthropic Points to AI Hack Attempt Linked to China

Anthropic's research team uncovered what the company believes was the first cyberespionage operation largely carried out using AI technology. In mid-September 2025, the AI company detected a highly sophisticated cyber espionage campaign, attributed to a Chinese state-sponsored group, according to a report by the AI player.

Anthropic stated the attackers used AI’s agentic agent capabilities to an unprecedented degree, using AI not just as an advisor, but to execute the cyberattacks themselves. The attackers manipulated Anthropic’s Claude Code AI tool to autonomously attempt infiltration of about 30 global targets, including tech companies, financial institutions, chemical manufacturers, and government agencies.

The threat actors bypassed Claude’s safety guardrails by breaking down the attacks into small, seemingly benign tasks and role-playing as legitimate cybersecurity testers. Human operators chose the targets and built an attack framework using Claude code as the core automation engine. Anthropic’s research team stated AI performed 80% to 90% of the campaign, with humans stepping in only for four to six critical decision points per operation.

The manipulated AI made thousands of requests, often multiple attempts per second, to achieve in hours what would normally take humans days or weeks. The research team stated that the hackers only succeeded in a small number of cases. Following an investigation, Anthropic notified the affected entities, banned accounts after they were identified, and coordinated with authorities as it gathered actionable intelligence.