Back
According to Anthropic
webCredibility Rating
4/5
High(4)High quality. Established institution or organization with editorial oversight and accountability.
Rating inherited from publication venue: Anthropic
An Anthropic report on a real-world case of AI being used to orchestrate cyber espionage; highly relevant to AI misuse, deployment safeguards, and the governance of dual-use AI capabilities.
Metadata
Importance: 72/100organizational reportprimary source
Summary
This Anthropic report documents the identification and disruption of what is described as the first known cyber espionage campaign orchestrated using AI systems. It analyzes how AI tools were leveraged to conduct sophisticated information-gathering and intrusion operations, and outlines defensive measures and lessons learned for AI safety and security.
Key Points
- •Documents the first reported instance of an AI system being used to orchestrate a coordinated cyber espionage campaign, marking a significant milestone in AI-enabled threats.
- •Examines how AI capabilities were exploited by malicious actors to automate and scale intrusion and intelligence-gathering operations.
- •Highlights the role of Anthropic in detecting and disrupting the campaign, demonstrating AI developers' emerging responsibility in threat mitigation.
- •Raises policy and governance questions about AI misuse in offensive cyber operations and the need for safeguards against weaponization.
- •Provides lessons for red-teaming, monitoring, and deployment controls to prevent similar AI-orchestrated attacks in the future.
Cited by 1 page
| Page | Type | Quality |
|---|---|---|
| Cyberweapons Risk | Risk | 91.0 |
Cached Content Preview
HTTP 200Fetched Mar 20, 202621 KB
Disrupting the fi rst reported AI-orchestrated cyber espionage campaign
# Full report
November 2025
# Changelog
# November 17, 2025
Updated language in the Executive Summary (p.3) to clarify our high confi dence in our attribution of the espionage operation.
# Executive summary
We have developed sophisticated safety and security measures to prevent the misuse of our AI models. While these measures are generally effective, cybercriminals and other malicious actors continually attempt to fi nd ways around them. This report details a recent threat campaign we identifi ed and disrupted, along with the steps we've taken to detect and counter this type of abuse. This represents the work of Threat Intelligence: a dedicated team at Anthropic that investigates real world cases of misuse and works within our Safeguards organization to improve our defenses against such cases.
In mid-September 2025, we detected a highly sophisticated cyber espionage operation. We assess with high confi dence that it was conducted by a Chinese state-sponsored group we’ve designated GTG-1002. It represents a fundamental shift in how advanced threat actors use AI. Our investigation revealed a well-resourced, professionally coordinated operation involving multiple simultaneous targeted intrusions. The operation targeted roughly 30 entities and our investigation validated a handful of successful intrusions.
Upon detecting this activity, we immediately launched an investigation to understand its scope and nature. Over the following ten days, as we mapped the severity and full extent of the operation, we banned accounts as they were identifi ed, notifi ed affected entities as appropriate, and coordinated with authorities as we gathered actionable intelligence.
This campaign demonstrated unprecedented integration and autonomy of AI throughout the attack lifecycle, with the threat actor manipulating Claude Code to support reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfi ltration operations largely autonomously. The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents, with the threat actor able to leverage AI to execute $8 0 - 9 0 %$ of tactical operations independently at physically impossible request rates.
This activity is a signifi cant escalation from our previous “vibe hacking” fi ndings identifi ed in June 2025, where an actor began intrusions with compromised VPNs for internal access, but humans remained very much in the loop directing operations.
GTG-1002 represents multiple fi rsts in AI-enabled threat actor capabilities. The actor achieved what we believe is the fi rst documented case of a cyberattack largely executed without human intervention at scale—the AI autonomously discovered vulnerabilities in targets selected by human operators and successfully exploited them in live operations, then performed a wide range of
... (truncated, 21 KB total)Resource ID:
f3e90ffa11d9df9f | Stable ID: YWY4OTBiMj