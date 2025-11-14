For the first time in history, cyber malicious actors have used Anthropic’s Claude Code, a generative AI coding assistant, to conduct cyber-attacks.

The attackers are likely Chinese state-sponsored hackers and deployed the campaigns for cyber espionage purposes, said Anthropic in a report published on November 13.

The targeted organizations included large tech companies, financial institutions, chemical manufacturing companies and government agencies.

These victims of the cyber-attacks saw their systems infiltrated with minor human intervention.

Anthropic assessed that the AI assistant, Claude Code, performed up to 80-90% of the tasks, with only four to six critical decision points per hacking campaign made by the hackers themselves.

Sophisticated Features of New Generation AI Agents Exploited

In mid-September 2025, Anthropic detected early signs of a highly sophisticated espionage campaign.

Upon investigating the case, the security researchers realised that the attackers manipulated Claude Code to attempt to infiltrate roughly thirty organizations. The threat actors succeeded in a small number of cases.

Anthropic described the campaign as “the first documented case of a large-scale cyberattack executed without substantial human intervention.”

The attackers used Claude Code’s agentic capabilities to an “unprecedented” degree, in part because some of the features have only recently emerged:

The capability for GenAI-powered tools to follow complex instructions and understand context in ways that make very sophisticated tasks possible

Their access to a multitude of software tools and applications and ability to act on behalf of the users (e.g. to search the web, retrieve data, analyze emails)

Their ability to make automated (or semi-autonomous) decisions when performing tasks and even chain together tasks

A Six-Phase Attack Flow

Anthropic described a six step attack chain, as follows: