People urged to 'wake the f*** up' as AI-orchestrated espionage campaign is busted in shocking world-first
Anthropic says Chinese-state hackers used its AI to run 80-90% of a cyber-espionage campaign, with little help needed from humans
Democratic Senator Chris Murphy of Connecticut has doubled-down on his fight against AI.
Earlier this week, American artificial intelligence research and product company Anthropic announced how they detected and intervened in what they say is a major state-sponsored cyber-espionage campaign.
It is believed that the campaign used AI in a new way, and it has sparked fresh concerns.
Anthropic discovered suspicious activity in mid-September 2025 and subsequently launched an investigation, concluding that the ‘attack targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies,’ as reported in a post shared on X by the group.
Advert
The post explains: “We assess with high confidence that the threat actor was a Chinese state-sponsored group”.
The attackers used what the Anthropic call ‘agents’, systems that can run on their own for long stretches and do complex tasks without much human help. These agents have capabilities ‘to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves'.
Human operators first chose relevant targets when planning the attack, such as a company, or government agency, and then developed an attack framework. This is a system designed to compromise the target autonomously, or in other words, with very little meddling from humans. The framework was found to use Claude Code (Anthropic’s AI-powered coding assistant) as an automated tool to carry out the attack.
After jailbreaking Claude Code to do as they wanted it to, the attacks began the second phase of the attack which involved Claude ‘inspecting the target organisation’s systems and infrastructure and spotting the highest-value databases’ in a fraction of the time it would have taken a human.
Then, Claude found and tested ‘security vulnerabilities’ before gathering usernames and passwords for further access. In the last phase, the attacks had Claude produce ‘comprehensive documentation’ of the attack, consisting of files of the stolen credentials and all the systems that had been analysed to help produce framework for the next stage.
Incredibly, AI was used to perform 80-90% of the attack, and humans were only needed every now and then. The majority of the dirty work was performed by AI and it did it far quicker than a human, or a human team, would have been able to.
“We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention,” Anthropic said on X. :It has significant implications for cybersecurity in the age of AI agents.”
In response to the frightening report, Murphy shared on X: “Guys wake the f up. This is going to destroy us - sooner than we think - if we don’t make AI regulation a national priority now’.
AI has become a hot topic in recent years largely due to sheer speed it has become part of our day-to-day lives.
In an essay published in June, Murphy accused leading AI companies of perpetuating a ‘fraud’ on Americans that, he warned, could lead to widespread job displacement and major social disruption. Today’s leading AI companies “are in a race to deploy consumer-facing, job-killing AGI as quickly as possible, in order to beat each other to the market,” he wrote. “Any talk about ethical or moral AI is just whitewash.”
Murphy called for greater AI regulation and oversight among other concerns, particularly related to AI-related job losses.