AI's scary new trick: Conducting cyberattacks instead of just helping out

AI's scary new trick: Conducting cyberattacks instead of just helping out

Briefly

"In the middle of September, Anthropic detected a "highly sophisticated cyber espionage operation" that used AI throughout the full attack cycle. Claude Code, agentic AI, was abused in the creation of an automated attack framework capable of "reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations." Furthermore, these stages were performed "largely autonomously," with human operators providing basic oversight after tasking Claude Code to operate as "penetration testing orchestrators and agents" -- in other words, to pretend to be a defender."

"Not only did the AI find vulnerabilities in target organizations, but it also enabled their exploitation, data theft, and other malicious post-exploit activities. According to Anthropic, not only did this result in high-profile organizations being targeted, but 80% to 90% of "tactical operations" were operated independently by the AI."

"The first large-scale cyberattack campaign leveraging artificial intelligence (AI) as more than just a helping digital hand has now been recorded. As first reported by the Wall Street Journal, Anthropic, the company behind Claude, an AI assistant, published a report (.PDF) documenting the abuse of its AI models, hijacked in a wide-scale attack campaign simultaneously targeting multiple organizations."