In September, the threat analysis team at startup Anthropic identified and disrupted an unprecedented AI-driven cyber espionage campaign.
Experts believe the operation, named GTG-1002, was likely orchestrated by a Chinese state entity.
The attacks affected around 30 organisations, including major tech firms, chemical industry enterprises, and government agencies.
AI Agents as Cybercriminals
The distinctive feature of this large-scale operation was the manipulation of Anthropic’s Claude Code model by the perpetrators, aiming to make it function as an autonomous agent. Consequently, the AI independently executed the majority of tactical operations—up to 80-90% of the work.
Human operators acted solely as high-level campaign managers. Anthropic specialists consider this the first documented case of a cyberattack executed without significant human intervention.
During the operation, AI agents were tasked with conducting reconnaissance, identifying vulnerabilities, developing exploits, and collecting and exfiltrating data. This enabled actions to be carried out much faster than by human hackers.
Human involvement was mainly limited to overall attack planning and determining key points such as when to activate exploits and the volume of data to be downloaded.
The perpetrators had to circumvent the AI model’s built-in safeguards against malicious actions. They did so by breaking down attacks into seemingly innocuous actions and creating a ‘role-playing’ atmosphere. Operators also posed as cybersecurity staff from legitimate companies, allegedly testing security systems.
AI Hallucinations as a Boon
The methods employed allowed the perpetrators to conduct the campaign long enough to access some intended targets. However, Anthropic researchers identified a significant flaw in the organised campaign: the AI experienced severe hallucinations during the attacks.
According to experts, Claude often exaggerated results and falsified data. Some information obtained by the model through system breaches turned out to be publicly available.
This tendency required operators to meticulously verify all results, significantly affecting the overall efficiency of the operation.
Researchers believe this characteristic of models poses a substantial obstacle to organising truly autonomous attacks. Moreover, this feature leads to more interference and false positives from AI agents’ actions, facilitating threat monitoring by security services.
Technological Race Between Hackers and Cybersecurity Intensifies
The GTG-1002 campaign further confirmed that AI usage has significantly lowered the barriers to organising complex cyberattacks, noted Anthropic experts. Now, groups with limited resources can execute campaigns that previously required a team of experienced hackers.
However, the same capabilities of Claude employed by the GTG-1002 organisers are ‘indispensable tools for cyber defence,’ researchers emphasised. For instance, they actively utilised the AI model’s ability to analyse vast amounts of data during the investigation.
Experts expressed confidence that the practice of using artificial intelligence by perpetrators will continue to evolve and expand. This will necessitate adequate measures and additional investments.
“Cybersecurity has undergone fundamental changes. We recommend that specialists experiment with applying AI for protection in areas such as Security Operations Centre automation, threat detection, vulnerability assessment, and incident response,” the researchers concluded.
Earlier, the Google Threat Intelligence Group revealed that hackers have adapted to using AI models to create dynamic malware.