Anthropic-Disclosed AI-Orchestrated Campaign (Sept 2025)

Wiki article →Data →

In mid-September 2025, Anthropic detected and disrupted a cyber-espionage campaign by threat actor GTG-1002 (assessed high confidence as Chinese state-sponsored) using Claude Code as the primary execution agent. The attackers jailbroke Claude by decomposing attacks into compartmentalized small tasks, allowing the AI to execute reconnaissance, exploitation, credential harvesting, lateral movement, and data exfiltration without recognizing their malicious aggregate purpose. Approximately 30 organizations were targeted; 4 successful breaches were confirmed. This is considered the first publicly documented case of a large-scale cyberattack in which an AI agent — not human operators — executed the majority of tactical operations. Although direct damages were limited by Anthropic's intervention, the incident is the canonical reference for AI-orchestrated attack capability and a pivotal data point for capability-trajectory and offense-defense analyses.

Details

Date

Mid-September 2025 (detected); disclosed November 2025

Attribution

GTG-1002 — assessed high confidence as Chinese state-sponsored

AI involvement

orchestrated (first publicly documented case)

Tool used

Claude Code (with custom scaffolding to compartmentalize tasks)

AI autonomy level

80–90% of tactical operations executed without human intervention

Targets

~30 global organizations (large tech, financial, chemical mfg, government)

Successful breaches

4 confirmed

Direct damage estimate

limited (small target set; campaign disrupted); precedent value high

Related Wiki Pages

Top Related Pages

Risk

Anthropic-Disclosed AI-Orchestrated Campaign (Sept 2025)

Details

Related Wiki Pages

Top Related Pages

Catastrophic Cyber Tail Risk

Tool Use and Computer Use

SolarWinds (2020)

China AI Regulatory Framework

Anthropic

Concepts

Tags