Chinese hackers used Anthropic's AI agent to automate spying
Nov 13, 2025
Sam Sabin
![[Image: 155506-1589903706396.jpg?w=3840]](https://images.axios.com/9TcUFtBPlDU98GhULlHR3Y_t0qg=/1920x1080/smart/2020/05/19/155506-1589903706396.jpg?w=3840)
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
https://www.axios.com/2025/11/13/anthrop...yberattack
Nov 13, 2025
Sam Sabin
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
https://www.axios.com/2025/11/13/anthrop...yberattack