Anthropic has warned that a China-linked hacking group exploited its AI system to conduct what it calls the first large-scale cyberattack carried out mostly without human involvement. The incident raised new concerns about autonomous AI misuse.
The company said its Claude Code model executed most attack steps after being instructed to pose as an employee of a cybersecurity firm. Around 30 institutions were targeted worldwide, and several suffered confirmed breaches.
Anthropic reported that Claude independently performed 80–90% of the required operations. The attackers gained access to internal networks and data at multiple organizations.
Despite the automation, Claude’s inaccuracies were significant. It fabricated details, misinterpreted information, and confused publicly available data with sensitive intelligence.
Reactions among security professionals vary widely. Some view the event as a signal that AI-driven cyberattacks are becoming a reality, while others caution that Anthropic may be framing routine automation as a technological leap.