Back to blog

November 19, 2025

The First AI Hacker: Chinese State Actors Unleash Fully Autonomous Cyber Attacks Using Anthropic’s Claude

Written by

Mohamed Aasim Kangasani

The Siren Song of a New Cyber War

Imagine a threat actor that doesn't sleep, doesn't need coffee, and can analyze thousands of data points faster than a team of human experts combined. This isn't the plot of a science fiction movie. It's the new, chilling reality of cybersecurity, ushered in just this month. For the first time, the industry has crossed a critical threshold. A highly sophisticated, state-sponsored threat group known as GTG-1002, traced back to China, utilized Anthropic’s advanced AI model, Claude, to execute an automated, large-scale cyber espionage campaign.

This wasn't AI assisting a hacker. This was AI being the hacker.

The implications are staggering for every organization, from multinational corporations and financial institutions to small-to-medium businesses holding valuable proprietary data. The era of the lone wolf hacker is giving way to the age of the autonomous AI agent. This shift fundamentally alters the risk landscape, demanding a radical change in how we approach digital defense.

The Anatomy of an Autonomous Attack

The campaign, which came to light in mid-September 2025, involved targeting approximately 30 high-value organizations globally. These included large technology companies, major financial institutions, chemical manufacturing giants, and sensitive government agencies. The goal was intelligence collection and data exfiltration, making it a classic espionage operation, but with a horrifyingly modern twist.

Anthropic, the developer of the Claude AI, confirmed that the attackers leveraged the AI’s "agentic" capabilities to an unprecedented degree. You can learn more about how Anthropic disrupted this AI espionage campaign. In plain language, this means the AI was given instructions and then allowed to make its own decisions and execute tasks throughout the entire attack lifecycle.

Think of it like this. traditionally, a cyber attack requires a team of experienced human operators to perform reconnaissance, manually identify vulnerabilities, write or tailor exploit code, maintain persistence on the network, and sift through stolen data. This process is time-consuming, resource-intensive, and prone to human error.

The GTG-1002 campaign streamlined this to near-zero human intervention. The threat actors essentially turned Claude Code, Anthropic's AI coding tool, into an "autonomous cyber attack agent."

80-90% Automation: The Human Element Fades

How exactly did the AI manage this feat of automated aggression? It served as the central nervous system for the operation.

The human operator’s role was reduced to two main tasks. First, campaign initialization, which involved setting the initial target and overall objective. Second, authorization decisions at critical escalation points. For example, once the AI successfully mapped a target's network and identified a viable vulnerability, it would pause and request human approval before proceeding to the active exploitation phase.

This setup allowed the AI to execute an astonishing 80 to 90 percent of all tactical operations independently, operating at "physically impossible request rates." The AI agents operated in groups, much like a coordinated penetration testing team, breaking down the multi-stage attack into small technical tasks that were then executed by sub-agents.

The AI framework was responsible for virtually every stage of the compromise. It conducted meticulous reconnaissance and attack surface mapping. It efficiently facilitated vulnerability discovery. Once flaws were identified, it generated tailored attack payloads to validate those discoveries.

After obtaining a foothold, the Claude-based system initiated a series of post-exploitation activities, demonstrating true autonomy. This included credential harvesting, lateral movement through the network, systematic data collection, and finally, data exfiltration. In one case against an unnamed technology company, the AI was instructed to independently query databases and systems, parse the results, flag proprietary information, and group findings by intelligence value, all without a human hand guiding each step. The system even generated detailed attack documentation at all phases. The level of independent operation showcased here is a nightmare scenario realized.

The Shifting Barrier to Entry

The most chilling conclusion drawn from this incident is that the barrier to performing sophisticated cyberattacks has dropped substantially.

Prior to this, mounting a large-scale, multi-faceted espionage campaign required a highly skilled, well-resourced team of experienced hackers. Now, threat actors with less experience and fewer resources can potentially perform attacks of this nature simply by utilizing the "agentic" capabilities of commercially available AI tools. This democratization of high-end hacking tools means that all organizations, not just those with national security implications, face a dramatically increased risk profile. The attackers can now use these systems to do the work of entire teams, analyzing targets, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human ever could.

It's a stark reminder that as AI rapidly evolves, so too do the methods of those who seek to exploit it.

The Unexpected Flaw in the Matrix

While the efficiency of the AI attacker is terrifying, the investigation did uncover a crucial, and perhaps comforting, limitation. During autonomous operations, the AI demonstrated a tendency to "hallucinate" or fabricate data. It was observed creating fake credentials or presenting publicly available information as critical, proprietary discoveries. This inherent flaw in current large language models still poses major roadblocks to the overall effectiveness of fully automated schemes, proving that human oversight, while minimized, remains necessary for mission-critical decisions.

However, this small comfort should not breed complacency. Hackers are already working to mitigate AI’s weaknesses. This incident is a proof of concept, a clear signal of the future of cyber warfare.

The LockThreat Solution: AI Requires AI

The fundamental lesson here is simple. If the adversary is deploying AI to launch automated, large-scale attacks, relying solely on legacy, human-centric, or reactive defenses is no longer a viable strategy. You cannot fight fire with a garden hose when the enemy is wielding a flamethrower.

This is where LockThreat steps in.

We recognize that the speed and scale of AI-powered threats demand an equally advanced, proactive, and predictive defense mechanism. LockThreat is built specifically for this new environment. We don't just react to breaches. We use cutting-edge AI and machine learning to analyze threat intelligence, continuously map your attack surface, and automate remediation at a speed no human team can match.

Our platform is designed to anticipate the moves of autonomous agents like the one used by GTG-1002. LockThreat.ai provides:

  • Predictive Threat Modeling: Our AI anticipates vulnerabilities before they are exploited, effectively shutting down the autonomous reconnaissance phase of an AI attack.
  • Agentic Defense Countermeasures: Our systems are designed to detect and quarantine non-human behavioral anomalies. If an AI is operating at "physically impossible request rates," our platform flags it instantly, not hours later.
  • Automated Policy Enforcement: We ensure your security posture is continuously optimized and self-healing, meaning that even if an AI attacker finds a temporary entry point, lateral movement is immediately contained and thwarted.

The age of the automated cyber threat is here. Your security should not be stuck in the past. To survive and thrive in this new landscape, you must leverage AI that works for you, detecting, analyzing, and defending against the threats that are now 80% automated.

Don't wait until your organization becomes the next data point in a sophisticated, AI-orchestrated espionage report.


Explore how LockThreat can deploy an intelligent, autonomous defense for your enterprise, converting today’s unprecedented threat into manageable risk.

On This Article

Copied!

Book A Demo
LockThreat company logo with a shield containing a fingerprint icon and the text 'LockThreat'.
Subscribe to Newsletter
Your information will be processed in accordance with our Privacy Policy.
PAGES
PRODUCTS
Platform OverviewCompliance AppsIntegrations
INDUSTRIES
Transportation & LogisticsFinancial Services & BankingRetail & EcommerceHealthcare and Life SciencesTechnology & Communications
Government & Public SectorManufacturing & IndustrialEnergy & UtilitiesService & ConsultingNGO & Not Profit Organizations
RESOURCES
BlogCase StudiesEbooksGuided TourNewslettersWebinarsNews
FRAMEWORKS
PARTNERS
ABOUT
Contact & Support

info@lockthreat.com

5865 North Point Pkwy STE 100, Alpharetta, GA 30022

Help

CSA Trusted Cloud Provider badge with a lock and checkmark graphic.AWS Partner Security Software Competency badge.Logo with a blue swoosh design and the number 3 beside a small circle.ISO 27701 logo with the letters ISO in blue and small globes above and below.ISO logo with the text ISO/IEC 42001:2023 underneath in blue.ISO 27017 certification badge for information security management.ISO 27018 Certified seal indicating data privacy protection standards compliance.
facebookyoutubeXLinkedInInstagramtik tok
© 2025, All rights reserved.