Chinese state backed hackers have carried out one of the world’s first largely autonomous cyberattacks using Anthropic’s Claude AI models, marking a major escalation in AI driven cyber espionage. The operation targeted around 30 organisations across technology, finance, chemicals and government sectors, with Anthropic confirming that the attackers relied on Claude and Claude Code to automate between 80 percent and 90 percent of the entire intrusion process.
Instead of using Claude as a simple assistant, the hackers manipulated the model into acting as the primary operator. By framing instructions as defensive cybersecurity work, they bypassed guardrails and directed Claude to conduct reconnaissance, generate exploits, craft backdoor code and exfiltrate data. The AI was convinced it was assisting a legitimate security audit, compressing complex multi stage hacking workflows into harmless looking prompts.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves,” the company wrote in its post.
The system generated thousands of requests per second, autonomously mapping networks, harvesting credentials and creating persistence mechanisms. In some cases Claude hallucinated results or misidentified public files as sensitive data, signalling both the power and the limitations of current frontier models.
While specific victims were not named, the attack affected high value organisations: major tech firms, financial institutions, chemical manufacturers and public agencies. Anthropic confirmed that no US government systems were successfully breached. Analysts note that this attack lowers the barrier for high complexity cyber operations, since AI can now execute tasks that previously required large expert teams.
This incident marks a turning point for cybersecurity. AI was not merely a tool but the operator itself, running most of the attack independently. The ability to launch large scale intrusions with minimal human oversight signals a future where threat actors can weaponise commercial AI to automate entire campaigns.
The attack also exposed weaknesses in AI guardrails. By using role play and breaking malicious actions into small steps, the hackers bypassed safety checks. This confirms that current models can be manipulated into performing harmful tasks through psychological prompting techniques alone.
Chinese authorities have recently questioned the safety of certain foreign AI chips and imposed stricter inspections on incoming hardware. Analysts believe China is increasingly sensitive to US technology controls and may be accelerating domestic AI and semiconductor ecosystems. If chip exports to China decrease, Beijing is expected to expand its state backed chip development and exert greater pressure on foreign suppliers.
This raises the risk of a broader technological decoupling as both nations strengthen cyber capabilities and tighten controls on AI and chip supply chains.
With AI accelerators already in limited supply, this attack highlights the strategic importance of compute dominance. Automated hacking requires massive GPU resources, and nations with limited access may struggle to match the escalation. Organisations could face rising prices, more procurement delays and increased demand for AI security monitoring.
Chipmakers have already recorded financial losses due to previous export control shifts, suggesting that disruptions from escalating AI controls may grow.
We also see people from different countries giving their opinion on a potentially world-altering event. Bilal bin Saqib, CEO of Pakistan Crypto Council and Special Assistant to Prime Minister on Blockchain and Crypto, had the following update on his X account:
AI enabled hacking is expected to grow rapidly. Organisations must now prepare for threats executed at machine speed, with AI systems performing reconnaissance, intrusion and exploitation faster than human teams can respond.
Governments are likely to push for new AI safety regulations, including mandatory monitoring of high risk model usage and licensing for advanced AI systems. Meanwhile, cybersecurity firms will increasingly deploy defensive AI to counter offensive AI, making machine versus machine conflict a central part of future cyber defence.