As a part of “highly sophisticated espionage campaign” in mid-September 2025, Chinese state-sponsored threat actors exploited Anthropic’s artificial intelligence (AI) technology to plan automated cyberattacks.
According to the assessment, the activity used Anthropic’s AI coding tool, Claude Code, to get access to roughly thirty global targets, including government agencies, financial institutions, big tech businesses, and chemical manufacturing firms.
Some of these intrusions were successful. Since then, Anthropic has implemented defensive measures to identify similar attacks and banned the pertinent accounts.
The GTG-1002 campaign is the first instance of a threat actor using AI to carry out a “large-scale cyber-attack” without significant human participation and to gather intelligence by attacking high-value targets, demonstrating the ongoing advancement of adversarial usage of technology.
The threat actor transformed Claude into an “autonomous cyber-attack agent” to support different stages of the attack lifecycle, including reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration, according to Anthropic, which described the operation as well-resourced and professionally coordinated.
In particular, Claude Code and Model Context Protocol (MCP) technologies were used, with the former serving as the central nervous system to interpret the commands of the human operators and divide the multi-stage attack into manageable technical tasks that could be delegated to sub-agents.
“The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents, with the threat actor able to leverage AI to execute 80-90% of tactical operations independently at physically impossible request rates,”
the company added.
“Human responsibilities centered on campaign initialization and authorization decisions at critical escalation points.”