Security leaders face a new class of autonomous threat as Anthropic details the first cyber espionage campaign orchestrated by AI.
In a report released this week, the company’s Threat Intelligence team outlined its disruption of a sophisticated operation by a Chinese state-sponsored group – an assessment made with high confidence – dubbed GTG-1002 and detected in mid-September 2025.
The operation targeted approximately 30 entities, including large tech companies, financial institutions, chemical manufacturing companies, and government agencies.
Rather than AI assisting human operators, the attackers successfully manipulated Anthropic’s Claude Code model to function as an autonomous agent to execute the vast majority of tactical operations independently.
This marks a worrying development for CISOs, moving cyber attacks from human-directed efforts to a model where AI agents perform 80-90 percent of the offensive work with humans acting only as high-level supervisors. Anthropic believes this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
AI agents: A new operational model for cyberattacks
The group used an orchestration system that tasked instances of Claude Code to function as autonomous penetration testing agents. These AI agents were directed as part of the espionage campaign to perform reconnaissance, discover vulnerabilities, develop exploits, harvest credentials, move laterally across networks, and exfiltrate data. This enabled the AI to perform reconnaissance in a fraction of the time it would have taken a team of human hackers.
Human involvement was limited to 10-20 percent of the total effort, primarily focused on campaign initiation and providing authorisation at a few key escalation points. For example, human operators would approve the transition from reconnaissance to active exploitation or authorise the final scope of data exfiltration.
The attackers bypassed the AI model’s built-in safeguards, which are trained to avoid harmful behaviours. They did this by jailbreaking the model, tricking it by breaking down attacks into seemingly innocent tasks and by adopting a “role-play” persona. Operators told Claude that it was an employee of a legitimate cybersecurity firm and was being used in defensive testing. This allowed the operation to proceed long enough to gain access to a handful of validated targets.
The technical sophistication of the attack lay not in novel malware, but in orchestration. The report notes the framework relied “overwhelmingly on open-source penetration testing tools”. The attackers used Model Context Protocol (MCP) servers as an interface between the AI and these commodity tools, enabling the AI to execute commands, analyse results, and maintain operational state across multiple targets and sessions. The AI was even directed to research and write its own exploit code for the espionage campaign.
AI hallucinations become a good thing
While the…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
