MAIM (Mutually Assured AI Malfunction)

Approach

MAIM (Mutually Assured AI Malfunction)

Comprehensive reference on the MAIM deterrence framework proposed by Hendrycks, Schmidt, and Wang, covering the core theory, escalation ladder, major critiques from MIRI/RAND/IAPS, and developments through early 2026; IAPS estimates only ~25% probability that all MAIM conditions are met. The page synthesizes primary sources and adversarial analyses with unusual rigor for wiki content, though it is ultimately a well-organized compilation of others' arguments rather than original analysis.

People

Organizations

Risks

Concepts

Policies

3.6k words

Overview

Mutually Assured AI Malfunction (MAIM (Mutually Assured AI Malfunction)) is a proposed deterrence framework for managing great-power competition over advanced AI. Introduced by Dan Hendrycks (director of Center for AI Safety), Eric Schmidt (former Google CEO), and Alexandr Wang (Scale AI CEO) in their March 2025 paper Superintelligence Strategy (revised April 2025), MAIM proposes that any state's aggressive bid for unilateral AI dominance will be met with preventive sabotage by rivals.¹

The framework draws an analogy to nuclear Mutually Assured Destruction (MAD), but operates through preemption rather than retaliation. The authors argue that because — in their assessment — destabilizing AI projects are relatively easy to sabotage through interventions ranging from covert cyberattacks to kinetic strikes on datacenters, MAIM already describes the strategic picture AI superpowers find themselves in. The resulting stalemate could, in their view, postpone the emergence of Superintelligence, curtail loss-of-control scenarios, and undercut efforts to secure a strategic monopoly. These claims are contested by analysts who question whether sabotage would be technically effective, whether AI development is sufficiently observable, and whether the nuclear analogy holds in the AI context.

MAIM is one pillar of a broader three-part framework alongside nonproliferation (tracking AI chips and preventing rogue access) and competitiveness (guaranteeing domestic chip manufacturing capacity). The paper has generated extensive debate, with critiques from Machine Intelligence Research Institute, RAND, and the Institute for AI Policy and Strategy raising concerns about observability, escalation risks, and the limits of the nuclear analogy.

Quick Assessment

MAIM's viability depends on a set of empirical conditions that analysts continue to contest. As of early 2026, no state has formally adopted MAIM as doctrine, and the framework has received mixed assessments from security analysts, deterrence theorists, and AI policy researchers.

Dimension	Assessment	Source
Theoretical coherence	Internally consistent deterrence premise — rational states would prefer to prevent rivals from achieving decisive AI advantage	Hendrycks et al. (2025)
Observability	Assessed as insufficient for stable deterrence — AI development lacks the distinctive physical signatures (seismic, satellite) that enabled nuclear monitoring; DeepSeek-R1 demonstrated compute-light breakthroughs can evade infrastructure-based monitoring proxies	Arnold, AI Frontiers (Aug 2025); RAND (Mar 2025)
Sabotage credibility	Disputed — historical cyber sabotage precedents (Stuxnet affected ≈11% of intended centrifuges) and AI systems' recoverability from backups weaken the deterrent	MIRI Abecassis (Apr 2025)
Private-sector alignment	Structural gap — leading AI development is private-sector-led, not state-controlled as MAIM assumes	RAND (Mar 2025)
Probability of descriptive MAIM conditions being met	≈25% combined probability (IAPS estimate, December 2025)	IAPS Delaney (Dec 2025)
Policy adoption	No formal state adoption identified; US AI Action Plan (July 2025) emphasizes winning unilaterally over mutual deterrence	Perry World House (Nov 2025)

An IAPS analysis (Delaney, December 2025) assigned approximately 70% probability that China would anticipate near-total loss of great-power status if the US achieves superintelligence unilaterally, ~60% probability that China would pursue escalating sabotage actions in response, and ~60% probability the US would negotiate a mutual slowdown rather than risk nuclear confrontation — yielding approximately 25% combined probability that all descriptive MAIM conditions are met.²

Risks Addressed

MAIM is proposed as a response to several interconnected risks in the development of advanced AI:

AI Development Racing Dynamics: Competitive pressure between AI-developing states may incentivize shortcuts on safety and accelerate the timeline toward dangerous capabilities. MAIM's deterrence equilibrium is intended to slow the most destabilizing development efforts.
Unilateral AI dominance: The authors argue that a state achieving a strategic monopoly over Superintelligence poses a severe national security threat to all other states, analogous to one power gaining unchallenged control of nuclear weapons. MAIM is intended to prevent this outcome by making the attempt prohibitively costly.¹
Loss of control from unchecked development: Rapid autonomous AI research — what the paper terms "intelligence recursion" — could produce systems that neither their creators nor rival states can effectively constrain. MAIM is intended to slow development to a pace that allows alignment and oversight work to keep pace.¹
Great-power AI conflict: Unmanaged competition over AI capabilities could trigger direct conflict between major powers. The framework aims to provide a structured alternative to open conflict by channeling competition through sabotage threats rather than direct military confrontation.
Rogue state and non-state actor acquisition: The nonproliferation pillar of the framework specifically addresses the risk of weaponizable AI capabilities reaching actors outside the deterrence equilibrium — such as non-state actors or states without the capacity for deterrent reciprocity. This relies on mechanisms like US AI Chip Export Controls and chip tracking via Compute Governance frameworks.

The Three Pillars

The Superintelligence Strategy paper presents MAIM within a broader strategic framework:

Pillar	Objective	Key Mechanisms
Deterrence (MAIM)	Prevent destabilizing AI projects	Espionage, sabotage, credible threat of escalation
Nonproliferation	Keep weaponizable AI out of rogue hands	Chip tracking, export controls, supply chain security
Competitiveness	Maintain national AI advantage	Domestic chip manufacturing, talent retention, R&D investment

The deterrence pillar is most novel and controversial. The nonproliferation and competitiveness pillars build on existing policy proposals around Compute Governance, US AI Chip Export Controls, and Hardware-Enabled Governance.

How MAIM Works

Escalation Ladder

The framework outlines a graduated set of responses to a rival's destabilizing AI development:

Level	Action	Description	Reversibility
1	Intelligence gathering	Espionage on rival AI projects and capabilities	Non-destructive
2	Covert sabotage	Insider tampering with model weights, training data, or chip fabrication	Partially reversible
3	Overt cyberattacks	Visible disruption of datacenters, power grids, or cooling systems	Moderately reversible
4	Kinetic strikes	Physical destruction of AI infrastructure and datacenters	Irreversible
5	Broader hostilities	Escalation beyond AI-specific targets	Irreversible

The authors argue that states would act preemptively to disable threatening projects rather than waiting for a rival to weaponize a superintelligent system. Whether sabotage at levels 2–4 would be technically achievable is disputed: Google DeepMind argues that distributed cloud computing, decentralized training, and adversaries' hardening of AI infrastructure would make effective sabotage difficult short of actions that risk nuclear escalation.³ MIRI notes that the Stuxnet precedent — often cited in support of cyber sabotage's feasibility — affected approximately 11% of intended Iranian centrifuges, and that AI systems can be restored from prior checkpoints after sabotage attempts.⁴

Deterrence Logic

Diagram (loading…)

flowchart TD
  A[State A pursues<br/>AI dominance] --> B{Rivals detect<br/>destabilizing project?}
  B -->|Yes| C[Rivals assess threat level]
  B -->|No| D[Project proceeds<br/>undetected]
  C --> E{Credible threat<br/>to balance of power?}
  E -->|Yes| F[Escalation ladder<br/>activated]
  E -->|No| G[Monitoring<br/>continues]
  F --> H[Project sabotaged<br/>or delayed]
  H --> I[Deterrence reinforced:<br/>MAIM equilibrium]
  D --> J[Observability<br/>failure]

  style A fill:#f9d71c,stroke:#333
  style H fill:#ff6b6b,stroke:#333
  style J fill:#ff6b6b,stroke:#333
  style I fill:#90EE90,stroke:#333

The diagram illustrates two pathways from the proponents' model: successful deterrence and observability failure. Critics note that additional failure modes — including false-positive sabotage (misidentifying a non-threatening project as destabilizing) and escalation spirals (sabotage triggering countermeasures rather than renewed deterrence) — are not shown, and that these paths may be as likely as the depicted equilibrium outcome.⁵³

The stabilizing logic requires three conditions: rivals must be able to observe destabilizing projects, they must have credible means to sabotage them, and the threat of sabotage must outweigh the expected gains from pursuing dominance. All three conditions are disputed in the critical literature reviewed below.

Proposed Stabilization Policies

The paper recommends several policies to strengthen MAIM stability:

Clarify escalation ladders: Establish common knowledge about maiming readiness to prevent misinterpretation of rival actions
Prevent chip smuggling: Keep decisions about AI development with rational state actors rather than rogue regimes. CNAS (2025) reported an estimated 10,000 to several hundred thousand smuggled AI chips reaching China in 2024, with a median estimate of ~140,000 — evidence that the current nonproliferation regime is already under pressure.⁶
Remote datacenter placement: Follow the "city avoidance" principle from nuclear doctrine, placing datacenters away from urban areas to limit civilian collateral damage from potential strikes. Hendrycks elaborated in a March 2025 interview that this mirrors how Cold War nuclear doctrine sought to distinguish military targets from population centers — reducing the risk of sabotage escalating into broader civilian harm.⁷
Transparency and verification: Mutual inspection regimes to reduce false-positive sabotage attacks
AI-assisted inspections: Deploy "confidentiality-preserving AI verifiers" that can confirm compliance without revealing proprietary details

Differences from Nuclear MAD

While Superintelligence Strategy draws a pedagogical parallel between MAIM and MAD, the authors acknowledge these are structurally different frameworks:

Dimension	Nuclear MAD	AI MAIM
Mechanism	Retaliation after attack	Preemption before dominance
Observability	Relatively high (satellite imagery, seismic detection)	Low (AI development behind closed doors)
Subject behavior	Weapons are inert tools	AI systems can adapt and evolve
Attribution	Generally clear (missile launches detectable)	Difficult (cyberattacks hard to attribute)
Escalation risk	Well-understood doctrine	Novel and untested
Red lines	Clear (nuclear use)	Ambiguous (what counts as "destabilizing"?)

Hendrycks clarified in a follow-up response to critics that the analogy was pedagogical rather than structural, and that the MAIM argument is intended to stand on its own merits, independent of how closely it mirrors MAD.⁸

Major Critiques

Observability Problem

A critique published on AI Frontiers (Arnold, Virginia Commonwealth University, August 2025) highlights that MAIM hinges on nations observing one another's progress toward superintelligence.⁵ AI development happens behind closed doors with breakthroughs often concealed as proprietary secrets. This creates two dangerous failure modes: missing important signs of advancement, or misinterpreting normal activity as a threat and triggering unnecessary sabotage.

Arnold further notes that DeepSeek-R1 demonstrated that algorithmic innovations can drive significant capability gains with a fraction of the compute that infrastructure-monitoring approaches would flag — undermining monitoring frameworks based on compute proxies. Chinese government oversight also provides asymmetric counterintelligence advantages over decentralized Western labs: centralized state control makes it comparatively easier to conceal domestic AI progress from foreign intelligence services.⁵

MIRI's Formal Analysis

Machine Intelligence Research Institute published a detailed analysis applying formal deterrence theory to MAIM (Abecassis, April 2025), finding:⁴

Unclear red lines: What constitutes a "destabilizing AI project" is ambiguous and difficult to monitor; the paper's proposed red line of "fully automated AI research" arrives too late, with minimal response time before a potentially decisive capability gain
Questionable credibility: Sabotage likely only delays rather than denies rival capabilities — AI systems can be restored from prior checkpoints, weakening the deterrent
Timing problems: Intelligence recursion might proceed too quickly to be identified and responded to before a decisive advantage is achieved
Volatile calculus: Immense stakes and uncertainty make deterrence calculations unpredictable

MIRI proposed an alternative regime centered on earlier, more monitorable red lines — such as controls at the advanced chip fabrication stage rather than during active AI development.

RAND Assessment

RAND noted (Rehman, Mueller, Mazarr, March 2025) that the paper makes a contribution to the AI policy debate, but raised concerns that the MAIM world described is "entirely inconsistent with the current reality of private sector-driven AI development."³ The gap between the state-centric deterrence model and the actual landscape of private AI labs raises implementation questions. RAND also argued that MAIM would exacerbate rather than dampen instability by creating potent first-strike incentives — rational actors might calculate it is better to act first rather than wait for a rival to achieve dominance.

RAND additionally noted that China finds current US chip restrictions more deeply threatening than American policymakers may recognize — a perception asymmetry that could accelerate the dynamic MAIM is meant to stabilize.³

Escalation and Moral Hazard Concerns

Additional critiques include:

Escalation risk: Strikes on AI infrastructure could be perceived as acts of war, since AI infrastructure is deeply intertwined with economic and military power
Moral hazard: Accepting AI malfunction as a strategic tool could lower ethical standards and reduce investment in proactive safety measures
Asymmetric perceptions: China may view US chip restrictions as more threatening than American policymakers realize, undermining stable deterrence
Attribution challenges: Difficulty attributing cyberattacks creates risk of miscalculation and overreaction
Competing unilateralist approaches: AEI and others argue the US should pursue AI dominance rather than mutual deterrence — that a world where the US reaches superintelligence first is preferable to a MAIM equilibrium⁹

IAPS Stability Analysis

The Institute for AI Policy and Strategy published a detailed analysis (Delaney, December 2025) assessing whether a MAIM regime could remain stable long enough for superintelligence to be developed safely.² Delaney used probabilistic reasoning to estimate conditions for "descriptive MAIM":

~70% probability China would anticipate near-total loss of great-power status if the US achieves superintelligence unilaterally
~60% probability China would pursue escalating sabotage actions (from cyberattacks to conventional strikes) in response
~60% probability the US would negotiate a mutual slowdown rather than risk nuclear confrontation

These estimates yield approximately 25% combined probability that all descriptive MAIM conditions are met. Delaney recommended that actors develop verification technologies, advance alignment research, and elevate AI risk awareness in government regardless of which strategic framework ultimately proves correct.²

Limitations

In addition to the external critiques above, MAIM faces structural limitations that constrain what the framework can achieve even if its core deterrence logic holds:

Private-sector AI development: Leading AI labs (including OpenAI, Anthropic, and Google DeepMind) are private companies, not state agencies. MAIM assumes governments can control the pace and character of their domestic AI development and commit credibly to restraint. Without mechanisms to bind private actors to state deterrence commitments, the framework may stabilize state-to-state relations while leaving private-sector development dynamics unaddressed. RAND described this as the framework being "entirely inconsistent with the current reality of private sector-driven AI development."³

Attribution asymmetry: Even if a sabotage event occurs, definitively attributing it to a specific state actor is difficult in the cyber and covert operations domain. False attribution creates miscalculation risk; correct attribution creates escalation pressure regardless. The problem is compounded by the possibility that non-state actors could conduct sabotage operations mimicking state-level capabilities.

Window of vulnerability during rapid capability gains: If an AI system undergoes intelligence recursion — rapidly accelerating self-improvement — the window for detection and response may be shorter than any deterrence mechanism can accommodate. Fast-takeoff scenarios could occur in timelines incompatible with the espionage-verify-respond cycle MAIM relies on.⁵

Verification bootstrapping problem: The stable verification regimes MAIM requires depend on prior bilateral cooperation to establish. Verification infrastructure requires both parties to agree on inspection protocols, share sufficient technical information, and trust the process — a level of cooperation that deterrence frameworks are generally proposed as an alternative to. As of early 2026, US-China intergovernmental AI safety dialogue has not met since May 2024.¹⁰

Compute-light capability pathways: The DeepSeek-R1 model demonstrated that algorithmic innovations can drive substantial capability gains with a fraction of the compute that infrastructure-monitoring approaches would flag. If the threshold for a destabilizing AI capability can be crossed without building large, detectable datacenters, then monitoring proxies based on compute alone may be insufficient to trigger deterrence responses.⁵

Cooperative Pathways and Skeptical Views

Proponent Arguments for MAIM as Cooperation Scaffolding

Proponents argue MAIM is not merely a framework for mutual threat but a potential pathway toward structured cooperation:

States may prefer mutual visibility and leverage over an unregulated race, making verification agreements self-interested rather than altruistic
MAIM's proposed tools — escalation ladders, transparency mechanisms, and verification regimes — could provide scaffolding for legitimately enforceable international agreements over time
Deterrence could begin with unilateral capabilities and mature into systems of international verification analogous to nuclear arms control treaties
The framework could eventually evolve into something resembling International Compute Regimes for AI governance

Skeptical Perspectives on the Cooperative Pathway

Critics challenge the assumption that MAIM can serve as scaffolding for cooperation:

Adversarial entrenchment: Some analysts argue that framing AI governance through deterrence logic entrenches adversarial dynamics, making the trust-building necessary for cooperative governance harder to achieve. Signaling willingness to sabotage rivals may harden strategic calculations rather than opening space for negotiation.
US policy posture: The Trump administration's AI Action Plan (July 2025) framed US AI strategy as "winning the race" and characterized international governance efforts by international bodies as advocating "burdensome regulations" subject to CCP influence — a posture that treats international agreements as competitive liabilities rather than stability tools.¹⁰
Dialogue gap: US-China intergovernmental AI safety dialogue has not met since the Geneva meeting in May 2024, even as the Trump-Xi APEC meeting (October 2025) produced an agreement to "consider cooperation on AI" in 2026. The gap between diplomatic signals and operational cooperation frameworks remains substantial.¹⁰
Private-sector exclusion: If key AI developers are private firms, interstate verification regimes may not bind the actors most likely to trigger a destabilizing breakthrough.

Relationship to Other Frameworks

MAIM intersects with several existing governance proposals:

Compute Governance: The nonproliferation pillar relies on controlling access to AI-relevant compute
US AI Chip Export Controls: Current US chip restrictions to China are a precursor to MAIM-style nonproliferation
International Coordination Mechanisms: MAIM's escalation ladders and verification proposals complement international coordination efforts
AI Development Racing Dynamics: MAIM attempts to address the same competitive pressures that drive AI Development Racing Dynamics
Pause Advocacy: Some critics argue that advocating for compute pauses or development moratoria would be more effective than deterrence

Developments Since Publication

Since the initial release of Superintelligence Strategy (March 2025), the MAIM framework has generated significant academic and policy engagement:

Follow-up analyses: MIRI (Abecassis, April 2025) and AI Frontiers (Arnold, August 2025) published formal critiques focusing on deterrence theory and observability respectively; IAPS (Delaney, December 2025) conducted the most comprehensive probabilistic assessment, estimating ~25% probability that MAIM conditions are met.⁴⁵² Hendrycks published a defense of the framework on AI Frontiers in 2025, responding to critics including Wildeford and Delaney.⁸

AI-enabled cyber operations: In November 2025, Anthropic disclosed what it assessed with high confidence as a Chinese state-sponsored group (designated GTG-1002) that used Claude Code to execute a large-scale cyber espionage campaign against approximately 30 global targets — operating with AI autonomy at 80–90% of decision points and at speeds "impossible for human hackers."¹¹ The disclosure provided concrete data for the escalation ladder's lower rungs: AI-enabled cyber operations against technology infrastructure are already occurring, though the documented campaign was espionage-oriented (data exfiltration) rather than capability-denial oriented (sabotage of AI development).

AI chip smuggling: CNAS (2025) documented an estimated 10,000 to several hundred thousand AI chips smuggled to China in 2024, with a median estimate of ~140,000 — suggesting the nonproliferation pillar's compute-monitoring assumptions face significant practical challenges.⁶ Of 22 notable PRC-developed AI models identified by 2025, only 2 were trained with Chinese chips, indicating continued reliance on restricted hardware.

US policy trajectory: The Trump administration's AI Action Plan (July 2025) explicitly framed US AI strategy as "winning the race" rather than mutual deterrence, diverging from the MAIM framework's prescriptive recommendations. The paper was released as Trump dropped Biden-era AI safety guidelines.¹²

US-China dialogue: Trump and Xi agreed at the October 2025 APEC summit to consider AI cooperation in 2026, and Trump at the 2025 UN General Assembly called for international verification of AI applications to bioweapons. Some analysts read this as consistent with MAIM-style verification concepts, though no formal verification framework has been proposed and the bilateral AI safety dialogue has not resumed since May 2024.¹⁰

Authors' position: As of early 2026, Hendrycks, Schmidt, and Wang have not retracted or substantially revised the MAIM framework. The revised "Expert Version" (arXiv v2, April 14, 2025) represents the last tracked update to the paper.¹⁸

Key Uncertainties

Uncertainty	Impact on MAIM Viability	Current Assessment
Observability of AI progress	Foundational — deterrence requires detection of destabilizing projects	Multiple analysts assess current monitoring as insufficient
Speed of intelligence recursion	Determines whether any response window exists	Highly contested; fast-takeoff scenarios would shrink response windows dramatically
Private sector vs. state control	Affects whether state deterrence commitments can bind key actors	Leading AI development is currently private-sector-led
Attribution capability	Required for proportionate, targeted response	Assessed as insufficient for the cyber domain as of early 2026
Stability of equilibrium	Determines long-term viability	No historical precedent; IAPS estimates ≈25% probability conditions are met

External Links

Hendrycks, Schmidt, Wang. Superintelligence Strategy (arXiv:2503.05628, March–April 2025)
Hendrycks. "AI Deterrence Is Our Best Option" (AI Frontiers, 2025) — proponent response to critics
nationalsecurity.ai — official paper website

Dan Hendrycks, Eric Schmidt, Alexandr Wang. "Superintelligence Strategy", arXiv:2503.05628, March 7, 2025 (v2: April 14, 2025). ↩ ↩² ↩³ ↩⁴
Oscar Delaney (IAPS). "Crucial Considerations in ASI Deterrence", Institute for AI Policy and Strategy, December 12, 2025. ↩ ↩² ↩³ ↩⁴
Iskander Rehman, Karl P. Mueller, Michael J. Mazarr (RAND). "Seeking Stability in the Competition for AI Advantage", RAND, March 2025. ↩ ↩² ↩³ ↩⁴ ↩⁵
David Abecassis (MIRI). "Refining MAIM: Identifying Changes Required to Meet Conditions for Deterrence", Machine Intelligence Research Institute, April 11, 2025. ↩ ↩² ↩³
Jason Ross Arnold (Virginia Commonwealth University). "Superintelligence Deterrence Has an Observability Problem", AI Frontiers, August 14, 2025 (modified March 20, 2026). ↩ ↩² ↩³ ↩⁴ ↩⁵ ↩⁶
CNAS. "Countering AI Chip Smuggling Has Become a National Security Priority", 2025. ↩ ↩²
Dan Hendrycks, interviewed by Kevin Frazier. "Lawfare Daily: Dan Hendrycks on National Security in the Age of Superintelligent AI", Lawfare, March 20, 2025. ↩
Dan Hendrycks. "AI Deterrence Is Our Best Option", AI Frontiers, 2025. ↩ ↩² ↩³
James Pethokoukis (AEI). "If the Race to Superintelligence Can Be Won, America Should Win It", American Enterprise Institute, April 24, 2025. ↩
Kevin Werbach (Perry World House). "U.S.-China AI Cooperation Under Trump 2.0", November 24, 2025; "How China and the US Can Make AI Safer for Everyone", The Diplomat, January 2026. ↩ ↩² ↩³ ↩⁴
Anthropic. "Disrupting the first reported AI-orchestrated cyber espionage campaign", November 2025. ↩
TechCrunch. "Eric Schmidt argues against a 'Manhattan Project for AGI'", March 5, 2025. ↩

References

1Hendrycks, D., Schmidt, E., & Wang, A.arXiv·Dan Hendrycks, Eric Schmidt & Alexandr Wang·2025·Paper▸

This paper by Hendrycks, Schmidt, and Wang proposes a comprehensive national security strategy for superintelligence—AI systems vastly superior to humans across cognitive tasks. The authors argue that rapid AI advances pose destabilizing geopolitical risks, including lowered barriers for catastrophic misuse by rogue actors and potential great-power conflict over AI dominance. They introduce Mutual Assured AI Malfunction (MAIM), a deterrence framework analogous to nuclear MAD where states prevent rivals' unilateral AI dominance through preventive sabotage. The paper outlines a three-part strategy combining deterrence, nonproliferation to hostile actors, and competitive strengthening through AI development.

★★★☆☆

arxiv.org

2Perry World House analysisperryworldhouse.upenn.edu▸

Kevin Werbach analyzes the prospects for U.S.-China AI cooperation under the second Trump administration, arguing that neither country can address AI risks alone and that Trump's dismissal of global AI governance will increase China's influence in international organizations while reducing their overall effectiveness. The piece compares how both nations frame the AI competition and identifies areas where direct bilateral engagement remains necessary.

perryworldhouse.upenn.edu

3first documented AI-orchestrated cyberattackAnthropic▸

Anthropic reports detecting a sophisticated September 2025 espionage campaign in which a suspected Chinese state-sponsored group weaponized Claude Code as an autonomous agent to attack roughly thirty global targets including tech companies, financial institutions, and government agencies. This is described as the first documented large-scale cyberattack executed without substantial human intervention, leveraging AI capabilities in intelligence, agency, and tool use. Anthropic responded by banning accounts, notifying victims, coordinating with authorities, and expanding detection capabilities.

★★★★☆

anthropic.com

4Countering AI Chip Smuggling Has Become a National Security Priority | CNASCNAS▸

This CNAS report examines the growing threat of AI chip smuggling as a national security concern, analyzing how illicit networks circumvent U.S. export controls to acquire advanced semiconductors. It explores enforcement gaps, smuggling methods, and policy recommendations to strengthen controls on advanced AI hardware reaching adversarial actors.

★★★★☆

cnas.org

MAIM (Mutually Assured AI Malfunction)