Artificial intelligence company Anthropic says a Chinese state-sponsored hacking group used its Claude Code model to conduct cyberattacks that required little human control. The campaign targeted financial institutions and government systems.
The September operation aimed at 30 organizations, several of which suffered unauthorized access. Attackers bypassed AI protections by instructing Claude to role-play as a cybersecurity worker.
Anthropic said the AI completed up to 90% of its assigned tasks independently. The company argued that this level of automation represents a significant escalation in AI-enabled intrusions.
However, Claude also displayed shortcomings. It hallucinated information, misunderstood target networks, and classified public data as sensitive.
Cybersecurity analysts disagree on the significance. Some argue the incident demonstrates AI’s growing threat potential, while others believe the firm is overstating the sophistication of the campaign.