A leading AI company claims to have stopped a China-backed “cyber espionage” campaign that was able to infiltrate financial firms and government agencies with almost no human oversight.
US-based Anthropic, said its coding tool, Claude Code, was “manipulated” by a Chinese state-sponsored group to attack 30 different entities around the world in September, achieving a “handful of successful intrusions”.
This was a “significant escalation” from previous AI-enabled attacks it monitored, it wrote in a blog post on Thursday, because Claude acted largely independently: 80 to 90% of the operations involved in the attack were performed without a human in the loop.
“The actor achieved what we believe is the first documented case of a cyber-attack largely executed without human intervention at scale,” it wrote.
Anthropic did not clarify which financial institutions and government agencies had been targeted, or what exactly the hackers had achieved – although it did say they were able to access their targets’ internal data.
It also said that Claude had made numerous mistakes in executing the attacks, at times making up facts about its targets, or claiming to have “discovered” information that was actually public access.
Policymakers and some experts said the findings were an unsettling sign of how capable certain AI systems have grown – with tools such as Claude now able to work independently over longer periods of time.
“Wake the f up. This is going to destroy us – sooner than we think – if we don’t make AI regulation a national priority tomorrow,” the US senator Chris Murphy wrote on X in response to the findings.
“AI systems can now perform tasks that previously required skilled human operators,” said Fred Heiding, a researcher at Harvard’s defense, emerging technology and strategy program.
“Much of my research has focused on how AI systems can automate more parts of the cyber kill chain every year … It’s getting so easy for attackers to cause real damage. The AI companies don’t take enough responsibility.”
Other cybersecurity experts were more sceptical, pointing at several inflated claims about AI-fuelled cyber-attacks in recent years – such as an AI-powered “password cracker” from 2023 that performed no better than conventional methods – and suggesting Anthropic was trying to create hype around AI.
“To me, Anthropic is describing fancy automation, nothing else,” said Michal “rysiek” Wozniak, an independent cybersecurity expert. “Code generation is involved, but that’s not ‘intelligence,’ that’s just spicy copy-paste.”
Wozniak said Anthropic’s release was a distraction from a bigger cybersecurity concern: businesses and governments integrating “complex, poorly understood” AI tools into their operations without understanding them, exposing them to vulnerabilities. The real threat, he said, were cybercriminals themselves – and lax cybersecurity practices.
Anthropic, like…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
