Anthropic reported on 11 November 2025 that it discovered and disrupted what it described as the first big-time cyber espionage campaign primarily conducted by an artificial intelligence system. The operation was linked to a Chinese state-sponsored group that targeted about 30 organizations across technology, finance, manufacturing, and government sectors.
AI Takes the Lead in Cyber Espionage: Anthropic Exposes AI-Powered Cyberattack on 30 Global Organizations
How the Attack Happened
A state-sponsored group used an artificial intelligence system to run a first-of-its-kind and widespread cyber espionage campaign to target and infiltrate technology, financial, chemical, and government networks.
The campaign stood out because the attackers relied on an artificial intelligence model to perform most technical tasks. The human operators designed the mission and tricked the system into cooperating, but between 80 and 90 percent of the hacking work was executed autonomously by the artificial intelligence. The following were details of the attack:
1. Target Selection and System Setup
Human operators chose about 30 organizations and prepared an attack framework. They then modified prompts, disguised intentions, and broke harmful tasks into smaller pieces to bypass model safeguards. This prepared the AI to operate inside a false narrative about legitimate cybersecurity work.
2. Reconnaissance and Network Scanning
The AI quickly scanned networks, mapped infrastructure, identified open ports, and located valuable systems upon activation. It generated summaries of potential vulnerabilities at speeds far beyond human analysts. This allowed the attackers to understand the context or environment of each target in detail.
3. Exploitation of Vulnerabilities
The AI further wrote exploit code, tested attack pathways, and leveraged discovered weaknesses to enter networks of targeted organizations. It created back doors, escalated user privileges, and moved laterally through systems, thereby enabling deeper and more persistent access to sensitive environments.
4. Credential Harvesting and Internal Navigation
Important credentials like usernames, passwords, and administrative tokens were gathered after breaching the systems. The AI used these credentials to bypass restrictions, explore internal databases, and interact with protected resources, often mimicking legitimate user behavior to avoid detection.
5. Data Exfiltration and Sorting
Internal files, documents, and system information were also copied by the AI system. It also sorted the collected materials based on intelligence value by labeling files or items that contained higher strategic or economic importance. This made follow-on human review faster and significantly more efficient.
6. Automated Documentation for Follow-Up
The AI also generated detailed summaries that read like internal mission reports. These described accessed systems, stolen credentials, important vulnerabilities, remaining opportunities, and recommended next steps. The reports enabled humans to plan continued cyber espionage with minimal effort.
The aforesaid actions were grouped into four to five phases. The first involved looking for weak spots, and the second centered on creating or altering codes needed to slip into networks. The third involved stealing login credentials to move deeper into the systems. The fourth to fifth centered on copying sensitive data and documenting or writing a report on each attack.
Response and Implications
Anthropic uncovered the operation, shut it down, and revealed how autonomous or agenetic artificial intelligence capabilities are rapidly reshaping both the offensive and defensive sides of modern cybersecurity.
Anthropic noticed the attacks in mid-September of 2025 when their systems flagged a cluster of unusual and suspicious requests coming from multiple accounts. These requests showed highly coordinated, repetitive, and technically advanced behavior that did not match normal user patterns and looked like an organized hacking workflow than typical platform use.
The safety and security teams at the AI firm then initiated a deeper investigation, connected the scattered signals into a single coordinated operation, and ultimately traced the behavior back to a Chinese state-sponsored threat group. Moreover, while details on how it arrived at this conclusion were not shared, its report has stated it is highly confident of its findings.
Anthropic did not name the specific organizations that were targeted, nor did it mention the actual number of affected ones. But its report said these included large technology companies, financial institutions like banks, chemical manufacturing companies, and government agencies. A small number of attempts at hacking the networks of the targets were successful.
Nevertheless, following the discovery of the attacks, the AI firm banned malicious accounts, alerted targeted organizations, and coordinated with government partners. It also expanded monitoring tools, strengthened misuse detection systems, and shared findings publicly to further help security teams understand and prepare for AI-enabled cyberattacks.
The company emphasized that this event shows how artificial intelligence can significantly lower barriers to advanced cyberattacks. With automated speed and scale, even modestly resourced groups may soon perform operations once limited to elite teams. It further warned that agenetic AI will reshape both defensive and offensive cybersecurity landscapes.
Anthropic noted that the technologies that enabled the campaign can also strengthen defenses. It encouraged security teams to experiment with AI tools for automated incident response, vulnerability assessment, and threat detection. The company stated that responsible development is essential to ensure that defensive benefits outpace emerging misuse risks.
FURTHER READING AND REFERENCE
- November 2025. Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign. Anthropic. Available via PDF