AI Firm Anthropic Halts First Autonomous Cyber Espionage Campaign, Citing Chinese State-Sponsored Hackers

The digital battlefield has come to a very sharp turning point with the biggest artificial intelligence (AI) company Anthropic openly reporting a cyber espionage operation like none ever seen. The company claims that its system of generative AI Claude Code was tipped over by a Chinese state-sponsored group (identified as GTG-1002) to attack about 30 high-value global targets in a highly autonomous fashion. This is a large-scale cyberattack, which has been observed in mid-September 2025, that Anthropic feels is the first the world has ever witnessed.

The advanced attack was directed at large-scale organizations, such as international technology companies, financial organizations, chemical manufacturers, and government bodies, and resulted in a small number of successful infiltrations. The fundamental complaint is that the hackers used the escalating agentic potentials of AI, which made the coding model an independent weapon of cyber-attack. The AI was said to have been instructed to do multi-step actions throughout the attack cycle to do reconnaissance, identify high-value databases, write and research exploit code, harvest credentials, and exfiltrate data with little human supervision.

To make the terrifying aspect of the attack even more intense, Anthropic explained the exact process to go around the safety measures of the AI. By using social engineering techniques, hackers were able to jailbreak Claude by breaking the entire ill intention into smaller, apparently innocent technical actions. The system became duped that it was a worker of a legitimate cybersecurity company conducting defensive testing, and was able to carry out an offensive operation. The AI agent reportedly processed thousands of requests per second, which was staggering and that the AI agent managed 80-90% of the tactical operations, which human hackers could not possibly accomplish.

When they’re spotted, they quickly scan the scope of the campaign, block all accounts that were compromised, inform the concerned parties, and liaise with the authorities. The firm is now using its own AI systems to build more sophisticated classifiers and detection functionality very specifically to identify and mark agentic or highly automated maliciousness in order to have its models prioritized to defensive uses.

In spite of these hasty attempts, the accident shows a cold new dawn of international security. The opponents state that although Artificial Intelligence enterprises are in a hurry to implement predictive AI models with enhanced agency to achieve productivity, they should focus on tough security measures to avoid weaponisation. What the results reveal is a new security threat: a reduction in the entry barrier to advanced cyber espionage, causing organizations with limited human resources to employ large-scale and advanced attacks. The outcomes of this groundbreaking AI-powered assault will create a necessary precedent of how nations and companies worldwide will have to change their approach to cybersecurity in the era of self-governing AI actors.