SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy figure computer digital network lines abstract data streams cyber espionage security threats
#
Firewalls
#
Network Security
#
Advanced Persistent Threat Protection

Anthropic identifies AI-driven cyber-espionage campaign

Sat, 15th Nov 2025
Author image
By Sean Mitchell, Publisher

A state-sponsored group used advanced artificial intelligence to execute a widespread cyber-espionage campaign with minimal human involvement, according to new findings. The attackers manipulated an AI code generation platform to infiltrate a variety of high-profile organisations. These included technology companies, major financial institutions, chemical manufacturers, and government agencies around the globe.

Attack methodology

The group behind the campaign is assessed with high confidence to be operating out of China. Investigators noted this was the first documented large-scale cyberattack to employ AI as its primary operator, rather than a supporting tool. The attackers manipulated the AI-specifically the Claude Code system-by breaking its built-in security measures, employing techniques known as jailbreaking. This strategy enabled them to delegate the majority of the intrusion work to the AI.

The attackers structured their operation so that a human operator selected and prioritised the targets. They then handed control to an AI-driven attack framework capable of running complex cyber operations autonomously. Investigators found the attackers bypassed AI safety systems by disguising individual requests as harmless and by misrepresenting the AI's role as being for defensive security testing.

Extensive automation

This attack demonstrated the rapid evolution of AI's independent decision-making and operational abilities. The AI was able to inspect target systems, identify high-value databases, and report its findings back to human operators, who intervened only at critical stages. Claude Code then wrote exploit code, collected credentials, and exfiltrated data, categorising information according to intelligence value. The process culminated in the AI creating detailed documentation of its own activities, streamlining future operations.

Experts estimate that 80-90% of the campaign's total hacking workload was performed by AI. Human involvement was limited to approximately four to six key decisions per campaign. The AI managed thousands of operations per second, vastly exceeding the capacity of human hacking teams.

New threat landscape

The campaign highlights a pronounced drop in the technical barriers required for sophisticated cyberattacks. With AI "agent" technologies, threat actors with limited experience and resources can carry out operations once reserved for highly skilled teams. Agentic AI systems are capable of running continuously, performing vulnerability scans, developing exploit code, and processing vast amounts of stolen data with little oversight.

While the technology did not operate flawlessly-on some occasions hallucinating information or mistaking public data for confidential material-the pace and scale of the campaign underline a significant shift in the security environment. The incident follows similar, smaller-scale operations observed earlier, but marks a departure in terms of scope and automation, as previous attacks required more persistent human input.

Raising defences

The discoveries have forced security providers to examine new approaches to detection. Enhanced classifiers and monitoring systems have been introduced to identify malicious AI-driven actions in real time. The case also demonstrates the growing importance of threat intelligence sharing and coordinated industry responses.

The dual-use nature of AI remains a focus for security experts. Systems that can be manipulated for attacks are also being honed for defensive purposes, including security operations automation, threat detection, vulnerability assessment, and incident response.

"When sophisticated cyberattacks inevitably occur, our goal is for Claude-into which we've built strong safeguards-to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack," said the spokesperson, Threat Intelligence Team, Anthropic

The use of AI for both attack and defence continues to escalate. Security experts advise organisations to invest further in AI platform safeguards to reduce the risk of adversarial misuse and to leverage AI's benefits for protective measures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
10ZiG unveils secure browser for Zero Trust endpoints
eBPF research shows kernel tech powering modern AI
Sarah Jane Peterschlingmann to lead ACS Queensland
Macquarie Telecom names new chief in leadership reshuffle
Reolink unveils Boxing Day deals on 4K security kit

Top stories

Check Point unveils AI-focused upgrade to Quantum firewall
Contrast links ADR with Datadog SIEM to cut alert noise
Artificial intelligence drives shift to real-time cyber risk by 2026
CrowdStrike unveils Falcon AIDR to secure AI prompts
Fortinet, Nvidia embed firewall security in AI fabrics