The Chinese Communist Party hackers have “hijacked” the artificial intelligence (AI) robots of the American company Anthropic to launch a large-scale espionage operation. Anthropic has warned that this is the first recorded instance of a foreign government using AI for automated network attacks.
According to a blog post published by Anthropic on Thursday, November 13, hackers supported by the Chinese government utilized the company’s AI robot Claude’s coding tools to attack around 30 global organizations, with 4 successful breaches.
Anthropic stated that these actions leveraged Claude’s “intelligent agent” capabilities, enabling it to autonomously perform multiple steps with minimal human intervention.
Increasing evidence suggests that hackers supported by hostile states are using AI to accelerate and amplify the scale and intensity of network attacks.
Earlier this month, Google revealed that Russian military hackers had utilized its AI model to generate malicious software for attacking Ukrainian entities.
In the latest disclosed attack case, Claude was directed to autonomously carry out 80% to 90% of the actions.
The Chinese government-supported hackers attempted to crack Claude’s security defenses to assist in infiltrating dozens of technology companies, financial institutions, chemical manufacturers, and government agencies.
Claude is hailed as the most upright AI robot in the industry.
The company first detected suspicious activities in mid-September and initiated an investigation over the following 10 days.
During this period, the company banned multiple malicious accounts, alerted target organizations, and reported the investigation findings to government departments.
Anthropic emphasized that this was a highly sophisticated espionage operation, with attackers unprecedentedly exploiting the intelligence agent capabilities of AI to not only act as advisors but also directly execute network attacks.
The attackers deceived Claude into believing it was conducting network security defense tasks for a legitimate company, breaking down malicious requests into smaller, less suspicious tasks to avoid triggering Claude’s security mechanisms.
After successfully bypassing defenses, the attackers instructed Claude to perform prohibited operations, including examining target systems, scanning high-value databases, and writing custom exploit codes.
Simultaneously, the attackers instructed Claude to gather usernames and passwords to access sensitive data, and afterwards submit a report summarizing the actions taken, including credentials used, backdoors created, and systems breached.
Jacob Klein, Anthropic’s threat intelligence chief, informed The Wall Street Journal that four of the Chinese hackers’ attack operations were successful.
The company stated in its blog post, “AI robots are crucial for daily work and boosting productivity, but if they fall into the hands of criminals, the likelihood of large-scale network attacks significantly increases.”
“AI generates thousands of requests per second – a speed that human hackers cannot match,” the article added.
However, AI robots are not flawless. Claude mistakenly obtained some login credentials and claimed to have stolen a confidential document, which was actually already public.
Anthropic pointed out that this remains a significant barrier to achieving fully autonomous network attacks.
Cybersecurity experts have expressed deep concerns about this incident, warning that this may just be the beginning.
Anthropic’s blog post stated, “While we anticipate such malicious actors continuing to evolve their use of AI capabilities, the rapid advancement at such astonishing speed continues to surprise us.”
Anthropic mentioned that they are enhancing their detection tools to counter the emerging trends of network attacks.
In the article, Anthropic raised an important question for everyone to consider – if AI models can be abused for such large-scale network attacks, why continue developing and deploying them?
Their response was, “When complex network attacks inevitably occur, our goal is for Claude to assist cybersecurity professionals in detecting, preventing, and preparing for future versions of attacks. In fact, our threat intelligence team extensively utilized Claude during this investigation to analyze massive amounts of data.”