The company behind the popular AI chatbot Claude has issued a chilling warning about cybercriminals’ growing use of AI tools as the technology becomes increasingly sophisticated.
In its latest Threat Intelligence report, Anthropic detailed the recent case of how a hacker used its AI tools to launch a cyberattack targeting numerous companies and organizations.
According to Anthropic, the hacker used an AI coding agent (in this case Claude Code), a tool that’s capable of writing, editing, and running code with minimal human input.
It said that over the past month, the hacker used the agent to automate “reconnaissance, credential harvesting, and network penetration at scale,” stealing sensitive data from at least 17 businesses and organizations across government, healthcare, emergency services, and religious institutions.
The perpetrator was able to obtain people’s personal records, including healthcare data, financial information, and government credentials before going on to demand ransom payments while threatening to expose the data online if the demands were not met.
The Claude AI agent even analyzed the stolen financial data to work out the appropriate ransom amount — up to $500,000 was demanded in some of the attacks — and also created “visually alarming” ransom notes that appeared on the targets’ computer screens.
Anthropic said that the bold operation demonstrates “a concerning evolution in AI-assisted cybercrime” and “represents a fundamental shift in how cybercriminals can scale their operations” now that AI can be used to automate much of the hacking process, albeit under human direction.
While it’s not clear if any of the targets in this particular case paid up, Anthropic said it has now taken steps to prevent this type of misuse. But it added that this method of attack is likely to become increasingly common “as AI lowers the barrier to entry for sophisticated cybercrime operations.”
Its latest Threat Intelligence report also highlighted how North Korean operatives have been using Claude to fraudulently secure remote employment positions at U.S. Fortune 500 technology companies, and another case in which a cybercriminal used its AI tools to create and market various ransomware products, selling them on to other cybercriminals for up to $1,200 a piece.
Many hackers have been using AI in some form for years. However, chatbots like ChatGPT, which was released in 2022, have made it easier to launch attacks, and now the rise of AI agents poses an even greater threat. Fortunately, the very technology being exploited by attackers is also being harnessed by cybersecurity firms to build a critical line of defense, though clearly it’s a constant battle to keep pace.
