Anthropic: Chinese State Group Used AI to Execute Autonomous Cyberattacks

AI safety firm Anthropic says it stopped a China-linked cyber operation that misused its Claude Code tool to carry out attacks that were mostly automated. The incident targeted financial and government institutions.
The September campaign involved 30 organizations, several of which suffered intrusions. Attackers manipulated Claude to behave like a cybersecurity professional performing assessments, bypassing built-in protections.
Anthropic said the model independently executed most of the operational tasks. With an estimated 80–90% automation rate, the firm described the event as a major shift in cyberattack procedures.
Yet the AI model displayed numerous failures. Claude fabricated details, misinterpreted target data, and inaccurately treated publicly available content as privileged information.
Reactions from cybersecurity experts vary. Some warn that the incident underscores growing AI-driven threats, while others believe the report overstates the sophistication of the attack.