Anthropic, the maker of the artificial intelligence (AI) chatbot Claude, said it has thwarted what can be described as “the first documented case of a large-scale AI cyberattack executed without substantial human intervention.”
The San Francisco-based company claimed that Chinese state-sponsored hackers had used the chatbot to carry out automated attacks against about 30 organisations worldwide.
We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention. It has significant implications for cybersecurity in the age of AI agents.
— Anthropic (@AnthropicAI) November 13, 2025
Read more: https://t.co/VxqERnPQRJ
In a detailed blog post, Anthropic said, “This is the first documented case of a large-scale cyberattack executed without substantial human intervention,” warning that the incident has “substantial implications for cybersecurity in the age of AI ‘agents'.”
According to the company, “In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign.” It said the attackers relied heavily on AI's agent-like capabilities, using Claude not only for guidance but also to conduct the cyber operations directly.
“The threat actor, whom we assess with high confidence was a Chinese state-sponsored group, manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases,” the firm said. The targets reportedly included major technology companies, critical financial institutions, chemical manufacturers and several government agencies.
The attackers are said to have fragmented the operation into small, harmless-looking tasks that Claude completed without being aware of their overall intent.
To evade safety systems, the hackers allegedly impersonated a legitimate cybersecurity firm performing defensive tests and “jailbreaking” the AI model so it could operate outside its usual guardrails. This enabled Claude to inspect infrastructure, identify “the highest-value databases,” generate exploit code, harvest credentials and organise stolen data “all with minimal human supervision,” the blog post stated.
Once the activity was uncovered, Anthropic launched an internal investigation to map the operation. Over a 10-day period, the company assessed its severity, blocked compromised accounts, alerted affected organisations and worked with authorities while gathering intelligence.
The company said, “Overall, the threat actor was able to use AI to perform 80-90% of the campaign, with human intervention required only sporadically.” However, it noted that fully autonomous attacks remain unlikely for now, as Claude sometimes “hallucinated credentials or claimed to have extracted secret information that was in fact publicly available.”
Even so, Anthropic cautioned that “the barriers to performing sophisticated cyberattacks have dropped substantially, and we predict that they'll continue to do so.”
With the right setup, it warned, threat actors could now rely on agentic AI systems for extended periods to carry out tasks previously requiring large teams of skilled hackers—from system analysis and exploit generation to processing stolen data at high speed. Smaller or less experienced groups could also become capable of launching large-scale operations of this nature.
Track Latest News Live on NDTV.com and get news updates from India and around the world
