Anthropic says Chinese hackers used its AI in online attack

Anthropic said Thursday that Chinese state-sponsored hackers used its AI coding tool to conduct a "large-scale" cyberattack with limited human involvement.

The hackers used AI's agentic capabilities to target roughly 30 entities, including large tech firms, financial institutions, chemical manufacturing companies and government agencies, according to a report from the AI firm. A handful of the attempted intrusions were successful, it noted.

Anthropic said it believes the incident is the “first documented case of a cyberattack largely executed without human intervention at scale."

"[T]he AI autonomously discovered vulnerabilities in targets selected by human operators and successfully exploited them in live operations, then performed a wide range of post-exploitation activities from analysis, lateral movement, privilege escalation, data access, to data exfiltration," the company wrote. "While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale," it added.

The AI firm said it initially detected the cyber operation in mid-September and quickly began banning accounts, notifying impacted entities and coordinating with relevant authorities.

Its analysis determined that AI conducted about 80 percent to 90 percent of the work on its own, with humans responsible for the remaining 10 percent to 20 percent. Their work largely focused on launching campaigns and approving decisions at key junctures, according to the report.

In order to get around restrictions built into Anthropic's Claude model, the hackers broke down the attacks into “small, seemingly innocent tasks,” in addition to posing as an employee of a cybersecurity firm conduct

Read more -here-