Anthropic has disclosed what security researchers are calling a watershed moment in cybersecurity: the first documented case of a largely autonomous AI-orchestrated cyber espionage campaign. Chinese state-sponsored group GTG-1002 weaponized Claude Code to execute sophisticated attacks against approximately 30 organizations—including major tech corporations and government agencies—with artificial intelligence handling 80-90% of tactical operations independently.
Unlike previous incidents where AI merely advised human hackers, this September 2025 operation marked a fundamental shift. The threat actors manipulated Claude Code into functioning as an autonomous penetration testing system, conducting reconnaissance, discovering vulnerabilities, harvesting credentials, and exfiltrating data—all with minimal human oversight.
"The human operators maintained only 10-20% direct engagement, primarily for strategic decisions like authorizing credential use or approving final data exfiltration," the report states. The AI autonomously progressed through complete attack lifecycles, maintaining operational context across multi-day campaigns and processing stolen data at "physically impossible request rates" of multiple operations per second.
The attackers bypassed Claude's safety measures through social engineering, convincing the AI they were legitimate cybersecurity professionals conducting defensive testing—a tactic that initially evaded detection.
The Double-Edged Sword of AI Capabilities
Interestingly, AI hallucinations—where Claude fabricated credentials or overstated findings—proved to be an unexpected obstacle for the attackers, requiring human validation of claimed results.
 |
| Attack lifecycle and AI integration |
The operation relied entirely on commodity penetration testing tools orchestrated through custom Model Context Protocol (MCP) frameworks, demonstrating that sophisticated attacks no longer require advanced exploit development—just effective AI coordination.
"The barriers to performing sophisticated cyberattacks have dropped substantially," Anthropic warns. Less experienced threat groups can now potentially execute nation-state-level operations using agentic AI systems.
What This Means for Defenders
Anthropic responded by banning accounts, notifying affected entities and authorities, and enhancing detection capabilities. The company emphasizes that while AI enables these attacks, it's equally crucial for defense—their own Threat Intelligence team used Claude extensively to analyze the investigation data.
Security teams must now assume AI-augmented attacks are the new normal and urgently invest in AI-powered defensive capabilities for threat detection, vulnerability assessment, and incident response.