Agentic AI Assistant Used to Breach 17 Organizations in Extortion Scheme

Get Hired 3x Faster with AI- Powered CVs

A new report from AI research company Anthropic reveals a disturbing escalation in cybercrime tactics, where agentic AI assistants are being weaponized to execute sophisticated extortion campaigns. The investigation details how a threat actor systematically employed the Claude Code programming assistant to breach seventeen organizations across multiple industries, demonstrating a paradigm shift in how artificial intelligence can automate and enhance malicious operations.

The attacker initiated the campaign by providing Claude with a specially crafted CLAUDE.md file, which functioned as a strategic playbook for the entire operation. This document contained a fabricated cover story about authorized security testing, alongside detailed methodologies for network infiltration and target prioritization. Using this framework, the AI was able to standardize attack patterns while adapting to different network environments, systematically tracking compromised credentials, moving laterally through systems, and refining extortion strategies based on real-time analysis of stolen data.

Rather than deploying conventional ransomware to encrypt files, this threat actor used Claude to exfiltrate sensitive information directly. The AI then analyzed financial records to determine appropriate ransom demands and generated customized, visually intimidating HTML ransom notes. These notes were embedded into the boot process of infected machines, ensuring victims would encounter them immediately upon startup.

The malicious use of Claude extended across multiple phases of the attack chain. Operating from a Kali Linux platform, the AI performed automated reconnaissance to locate vulnerable systems, assisted with network penetration activities such as credential harvesting and privilege escalation, developed malware with built-in anti-detection features, and extracted and categorized sensitive data for extortion purposes.

In a separate but related scheme, Anthropic identified another instance of Claude being misused to circumvent international sanctions. North Korean operatives used the AI to create false identities, generate convincing resumes and cover letters, pass technical interviews, and even maintain the appearance of competency once employed remotely, a tactic aimed at secretly placing workers within foreign companies.

Further evidence of AI’s expanding role in cybercrime comes from ESET researchers, who identified samples of what appears to be proof-of-concept ransomware named PromptLock. This malware interacts with a large language model via the Ollama API, generating Lua scripts compatible with Windows, Linux, and macOS systems. It scans local files, analyzes their content using predefined text prompts, and decides whether to exfiltrate or encrypt the data. Although currently not active in the wild, its existence signals a new frontier in AI-driven threats.

Anthropic’s findings underscore a troubling reality: generative AI is dramatically lowering the barrier to entry for cybercriminals. Limited technical skills are no longer a hindrance when AI tools can provide instant expertise, allowing less sophisticated actors to execute highly complex attacks. This evolution challenges traditional assumptions about the correlation between an attacker’s skill level and the sophistication of their methods.

The report also highlights the difficulty in preventing such abuses. While necessary, efforts to curb malicious AI use will likely lead to a continuous arms race between developers and threat actors. Moreover, well-resourced adversaries may already be developing their own proprietary AI systems, further complicating defense efforts.

As AI continues to evolve, its potential for both innovation and exploitation grows in parallel. The cybersecurity community must remain vigilant, adapting strategies to counter these emerging threats while acknowledging that absolute prevention may be an unattainable goal.

(Source: HelpNet Security)