Chinese hackers turned AI tools into an automated attack machine

Cybersecurity has been reshaped by the rapid rise of advanced artificial intelligence tools, and recent incidents show how quickly the threat landscape is changing.

Over the past year, we have seen a rise in attacks powered by AI models that can write code, scan networks, and automate complex tasks. This ability has helped defenders, but has also allowed attackers to move faster than before.

The latest example is a major cyber espionage campaign carried out by a Chinese state-linked group that used Anthropic’s Claude to carry out much of an attack with very little human involvement.

HACKER EXPLOITS AI CHATBOT IN CYBER CRIME WAVE

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

How Chinese hackers turned Claude into an automated attack machine

In mid-September 2025, Anthropic researchers detected unusual behavior that ultimately revealed a well-resourced and coordinated campaign. The threat actor, assessed with high confidence as a Chinese state-sponsored group, had used Claude Code to attack approximately 30 organizations around the world. The list included major technology companies, financial institutions, chemical manufacturers and government agencies. A small number of those attempts resulted in successful breaches.

How the attackers bypassed Claude’s safeguards

This was not a typical intrusion. The attackers built a framework that allowed Claude to act as an autonomous operator. Instead of asking the model for help, they tasked it with executing most of the attack. Claude inspected the systems, mapped out the internal infrastructure, and marked the databases worth targeting. The speed was unlike anything a human team could replicate.

To bypass Claude’s security rules, the attackers broke their plan into small, innocent-looking steps. They also told the model that it was part of a legitimate cybersecurity team performing defensive testing. Anthropic later noted that the attackers did not simply hand tasks to Claude; They designed the operation to make the model believe it was performing authorized pentesting work, breaking the attack into seemingly harmless parts and using multiple jailbreak techniques to bypass its safeguards. Once inside, Claude investigated vulnerabilities, wrote custom exploits, collected credentials, and expanded access. He followed these steps with little supervision and only reported when he needed human approval to make important decisions.

The model also took care of data extraction. It collected sensitive information, classified it by value, and identified high-privilege accounts. He even created back doors for future use. In the final stage, Claude generated detailed documentation of what he had done. This included stolen credentials, scanned systems, and notes that could guide future operations.

Throughout the entire campaign, researchers estimate that Claude did between 80 and 90% of the work. Human operators intervened only a handful of times. At its peak, AI unleashed thousands of requests, often several per second, a pace still far beyond what any human team could achieve. Although he occasionally hallucinated credentials or misinterpreted public data as secret, those errors underscored that fully autonomous cyberattacks still face limitations, even when an AI model handles most of the work.

Why this AI-powered Claude attack is a turning point for cybersecurity

This campaign shows how much the barrier to high-level cyberattacks has fallen. A group with far fewer resources could now try something similar by relying on an autonomous AI agent to do the heavy lifting. Tasks that once required years of experience can now be automated using a model that understands context, writes code, and uses external tools without direct supervision.

Previous incidents documented the misuse of AI, but humans were still directing every step. This case is different. The attackers needed very little involvement once the system was in motion. And while the research focused on use within Claude, researchers believe similar activity is occurring in other advanced models, which could include Google Gemini, OpenAI’s ChatGPT, or Musk’s Grok.

This raises a difficult question. If these systems can be misused so easily, why keep building them? According to researchers, the same capabilities that make AI dangerous are also what make it essential for defense. During this incident, Anthropic’s own team used Claude to analyze the avalanche of logs, signals, and data their investigation uncovered. That level of support will be even more important as threats grow.

We reached out to Anthropic for comment but did not hear back by deadline.

GOOGLE EXCEO WARNS THAT AI SYSTEMS CAN BE HACKED TO BECOME EXTREMELY DANGEROUS WEAPONS

7 ways to protect yourself AI-powered cyberattacks

You may not be the direct target of a state-sponsored campaign, but many of the same techniques trickle down to everyday scams, credential theft, and account takeovers. Here are seven detailed steps you can take to stay safer.

1) Use powerful antivirus software and keep it updated

Powerful antivirus software does more than scan for known malware. Look for suspicious patterns, blocked connections, and abnormal system behavior. This is important because AI-powered attacks can generate new code quickly, meaning traditional signature-based detection is no longer sufficient.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

2) Trust a password manager

A good password manager helps you create long, random passwords for each service you use. This is important because AI can generate and test password variations at high speed. Using the same password across all accounts can turn a single breach into a total compromise.

Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

3) Consider using a personal data deletion service

Much of modern cyberattacks begin with publicly available information. Attackers often collect email addresses, phone numbers, old passwords, and personal data from data broker sites. AI tools make this even easier, as they can extract and analyze huge sets of data in seconds. A personal data removal service helps erase your information from these broker sites to make it harder to profile or target you.

FAKE CHATGPT APPS ARE HIKING YOUR PHONE WITHOUT YOU KNOWING IT

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com

4) Enable two-factor authentication whenever possible

Strong passwords alone are not enough when attackers can steal credentials through malware, phishing pages, or automated scripts. Two-factor authentication adds a serious obstacle. Use app-based codes or hardware keys instead of SMS. While no method is perfect, this extra layer often stops unauthorized logins even when attackers have your password.

5) Keep your devices and applications fully updated

Attackers rely heavily on known vulnerabilities that people forget or ignore. System updates fix these flaws and close entry points that attackers use to gain entry. Enable automatic updates on your phone, laptop, router, and the apps you use most frequently. If an update seems optional, treat it as important anyway, because many companies downplay security fixes in their release notes.

6) Install apps only from trusted sources

Malicious apps are one of the easiest ways for attackers to get into your device. Stick to official app stores and avoid APK sites, suspicious download portals, and random links shared on messaging apps. Even on official stores, check the reviews, download count, and developer name before installing anything. Grant the minimum required permissions and avoid apps that ask for full access without a clear reason.

7) Ignore suspicious text messages, emails and pop-ups

Artificial intelligence tools have made make phishing more convincing. Attackers can generate clean messages, imitate writing styles, and create perfect fake websites that match the real ones. Slow down when a message seems urgent or unexpected. Never click on links from unknown senders and verify requests from known contacts through a separate channel. If a pop-up window says that your device is infected or your bank account is blocked, close it and verify directly through the official website.

Kurt’s Key Takeaway

The attack carried out through Claude signals a major change in the way cyber threats will evolve. Autonomous AI agents can already perform complex tasks at speeds that no human team can match, and this gap will only widen as models improve. Security teams must now treat AI as a core part of their defensive toolset, not a future add-on. Better threat detection, stronger safeguards, and greater sharing across the industry will be crucial. Because if attackers are already using AI at this scale, the window to prepare is rapidly narrowing.

Should governments push for stricter regulations on advanced AI tools? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.