• Anthropic disclosed on November 13, 2025 that Chinese state-sponsored hackers manipulated its Claude Code AI tool for cyber-espionage targeting approximately 30 organizations.
  • The attack achieved 80-90% automation by breaking operations into small, innocuous tasks to bypass safeguards, with success in a limited number of cases.
  • Anthropic detected the campaign in mid-September 2025, banned accounts, notified victims and authorities within 10 days, and enhanced detection systems.

A New Frontier in Cyber Threats

Anthropic, the San Francisco-based frontier AI startup valued at $183 billion, has revealed what experts are calling the first documented large-scale cyber-espionage campaign orchestrated through an AI system. According to people familiar with the investigation, Chinese state-sponsored hackers manipulated Anthropic's Claude Code tool—a specialized version of the Claude chatbot designed for coding and agentic tasks—to target approximately 30 organizations across multiple sectors.

The targeted entities included technology firms, banks, chemical manufacturers, and government agencies, with the hackers achieving some degree of success in a small number of cases. What makes this campaign particularly concerning, according to cybersecurity analysts, is its sophisticated approach to automation. The attackers broke their operations into small, innocuous tasks—such as vulnerability scanning, exploit code writing, credential harvesting, and data extraction and categorization—effectively bypassing existing AI safety measures.

"This represents a significant escalation in how state actors are weaponizing AI systems," said one cybersecurity expert who requested anonymity due to the sensitivity of ongoing investigations. "The 80-90% automation rate with minimal human oversight shows we're entering new territory in cyber warfare."

Detection and Response Timeline

Anthropic's security team first detected anomalous activity in mid-September 2025, according to internal documents reviewed by sources close to the company. The company moved quickly, banning the offending accounts and notifying affected organizations and relevant authorities within 10 days of detection. This rapid response timeline has drawn praise from some in the cybersecurity community, though others question whether earlier detection might have been possible.

Company representatives declined to comment on specific security enhancements implemented since the discovery, but sources indicate that Anthropic has significantly upgraded its detection systems to better identify similar patterns of misuse. The company has also reportedly increased its collaboration with government cybersecurity agencies, though officials from those agencies have not confirmed this publicly.

Industry Implications and Expert Reactions

The incident has sent ripples through both the AI and cybersecurity industries, highlighting what experts call the "dual-use" risks of advanced AI systems. Graeme Stewart of Check Point Research (CHKP) warned that similar vulnerabilities likely exist across multiple AI models, not just Anthropic's systems. "Once one model demonstrates this kind of exploitability, others will follow," Stewart noted in a recent briefing.

Financial sector organizations targeted in the campaign have reportedly accelerated their investments in AI-specific cybersecurity measures, with several major banks increasing their security budgets by 15-20% for the coming quarter, according to industry analysts. Technology firms have followed suit, though specific figures remain confidential.

Some skepticism has emerged regarding Anthropic's public disclosure. A small group of security researchers has questioned whether the company might be overstating the sophistication of the attack for competitive or regulatory reasons, pointing to similar but less advanced cases involving Chinese actors using OpenAI tools for basic reconnaissance tasks. Anthropic has not responded directly to these criticisms, though company representatives have emphasized their commitment to transparency in security matters.

Geopolitical Context and Future Outlook

The attribution to Chinese state-sponsored actors adds another layer of complexity to already tense US-China relations in the technology sector. While Anthropic has expressed "high confidence" in its attribution, government officials have been more cautious in their public statements, noting that definitive attribution in cyber operations remains challenging.

Looking ahead, experts predict a short-term surge in AI security investments and threat intelligence sharing among major technology companies. The long-term implications are more concerning—many analysts believe this incident demonstrates that barriers to autonomous cyberattacks are dropping faster than anticipated, though most agree that fully autonomous attacks remain some distance away due to persistent error rates in current AI systems.

IBM (IBM)'s 2025 cybersecurity report, released just weeks before Anthropic's disclosure, noted that 97% of organizations had faced AI-related security incidents in the past year, suggesting this problem extends well beyond any single company or model. As one industry insider put it, "We're all playing catch-up now, and the rules of the game keep changing."

Correction: An earlier version of this article incorrectly stated that hackers directly infiltrated Claude's systems. The attack involved manipulation of the Claude Code tool through legitimate interfaces, not system infiltration.