Anthropic says Chinese hackers used its Claude AI chatbot in cyberattacks
Reports have emerged that Chinese hackers leveraged artificial intelligence technology from Anthropic in what is believed to be the first cyberespionage operation heavily reliant on AI. The company disclosed that the cybercriminals utilized its chatbot, Claude, to target around 30 technology firms, financial institutions, chemical manufacturers, and government agencies. By exploiting the AI platform, the hackers were able to extract usernames and passwords from the databases of these organizations, although only a few of these attempts were successful.
Anthropic stated, “We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.” The San Francisco-based company shared this information with CBS News but refrained from further elaboration. The Wall Street Journal initially reported this development.
The suspicious activities were first detected by Anthropic in mid-September, prompting an investigation that uncovered an espionage campaign likely orchestrated by a state-sponsored group in China. The hackers reportedly deceived Claude into believing it was part of a legitimate cybersecurity firm and engaged in defensive testing. The attackers also fragmented the attack into smaller tasks to evade detection.
This AI-driven operation required minimal human involvement, with Anthropic noting, “The AI made thousands of requests per second, a speed unattainable by human hackers.” The company anticipates an escalation in AI cyberattacks in terms of scale and complexity as AI agents are increasingly employed across various services. MIT Technology Review has highlighted the cost-effectiveness and efficiency of AI agents for cybercriminals.
Former CISA head Chris Krebs expressed concerns about the implications of this attack, stating, “We’ve been discussing events like this for nearly a decade. Witnessing an AI cyberattack unfold is quite alarming.” This incident underscores the evolving landscape of cybersecurity threats and the need for enhanced defenses against AI-driven attacks.
