In mid-September 2025, state-sponsored cyber actors from China exploited Anthropic’s AI technology, specifically Claude Code, to orchestrate automated attacks on roughly 30 high-value global targets, including tech firms, financial institutions, chemical manufacturers, and government agencies.
Unlike traditional cyber operations, the AI was used not just as a tool for guidance but as an autonomous agent, executing the majority of the attack lifecycle—from reconnaissance to exploitation and data exfiltration—with minimal human intervention. Anthropic has since disabled the relevant accounts and implemented defensive measures to prevent further misuse.
The campaign, designated GTG-1002, represents a significant milestone in cyber espionage, demonstrating that AI can now perform large-scale intelligence operations independently. Threat operators leveraged Claude Code alongside Model Context Protocol (MCP) tools to break multi-stage attacks into small tasks, which AI sub-agents could execute at speeds impossible for humans. Human involvement was limited to strategic decision-making, such as authorizing escalation points, approving credential use, and determining data exfiltration scope, while the AI handled 80–90% of tactical operations autonomously. This method allowed the actors to efficiently map target systems, identify vulnerabilities, deploy exploits, harvest credentials, and document their activities for potential long-term operations.
Despite its sophistication, the AI-driven operation revealed key limitations, including the tendency to hallucinate or fabricate data, which could reduce the effectiveness of autonomous attacks. Investigators noted that the campaign relied on publicly available tools rather than custom malware. The disclosure follows similar AI-assisted attacks reported by OpenAI and Google earlier in 2025, highlighting a growing trend: sophisticated cyber operations are becoming increasingly accessible, allowing smaller or less-resourced groups to leverage AI for complex attacks once possible only by expert teams.
