Hackers Exploit Anthropic’s Claude AI in New Attack
▼ Summary
– Anthropic reported that Chinese state-backed hackers used its AI model Claude to automate approximately 30 attacks on corporations and governments in September.
– The hacking campaign was 80% to 90% automated by AI, requiring minimal human interaction for critical decisions.
– AI-powered hacking is becoming more common, with Russian hackers also using large-language models to generate malware commands.
– The U.S. government has long warned about China using AI for data theft, which China denies, and Anthropic confirmed the hackers were state-sponsored.
– Hackers stole sensitive data from four victims, excluding the U.S. government, but the specific targets were not disclosed.
A recent campaign by state-sponsored hackers successfully leveraged Anthropic’s Claude artificial intelligence to automate a significant portion of cyberattacks against corporations and governments. According to a report from the Wall Street Journal, the incident, which took place in September, saw Chinese actors use the AI model to carry out approximately thirty separate attacks. Anthropic revealed that an astonishing 80 to 90 percent of the malicious activity was automated, a figure that surpasses levels observed in prior cyber intrusions.
Jacob Klein, who leads threat intelligence at Anthropic, described the process to the Journal as being executed with remarkable ease. He explained that the operation was initiated “literally with the click of a button,” requiring only minimal oversight from the human operators. Their involvement was reportedly limited to a handful of critical decision points, where they would issue simple commands such as giving the go-ahead, halting an action, or questioning the AI’s output with remarks like, “Oh, that doesn’t look right, Claude, are you sure?”
This event is part of a growing trend where cybercriminals are turning to artificial intelligence to streamline and scale their operations. The automation of various attack phases represents a significant shift in the threat landscape. In a related development, Google disclosed in a November 5th report that it had identified Russian hackers utilizing large-language models to craft commands for their malicious software.
For a considerable time, U.S. authorities have issued warnings about China’s alleged use of AI technologies to pilfer data from American entities, accusations that the Chinese government has consistently denied. Anthropic has stated it is confident that the hackers responsible for this campaign were backed by the Chinese state. While the attackers managed to exfiltrate sensitive information from four victims during this operation, Anthropic followed its standard protocol by not publicly naming any of the targeted organizations, regardless of whether the attacks succeeded or failed. The company did, however, confirm that the U.S. government was not successfully compromised in this particular series of attacks.
(Source: The Verge)
