AI-Orchestrated Espionage Campaign Spurs U.S. Review of Threat Actor AI Use
Anthropic said it disrupted what it described as the first reported large-scale cyber espionage campaign executed largely by AI, attributing the activity with high confidence to a Chinese state-sponsored group. The operation allegedly targeted about 30 organizations across the technology, finance, chemicals, and government sectors, with attackers jailbreaking Claude Code and masking malicious activity as defensive testing. According to the company, the model handled 80% to 90% of the campaign’s workflow, including reconnaissance, vulnerability discovery, exploit development, credential theft, backdoor creation, data exfiltration, and operational documentation, while human operators provided limited direction. Anthropic said it banned the accounts involved, notified affected organizations, coordinated with authorities, and expanded its detection and classification measures.
The disclosure has added urgency to U.S. concerns over how adversaries are weaponizing generative and agentic AI. Rep. August Pfluger, who chairs the House Homeland Security Committee’s Counterterrorism and Intelligence Subcommittee, has asked the Government Accountability Office to examine how malicious actors are using AI to scale cyber operations, propaganda, misinformation, recruitment, radicalization, deepfakes, scams, and disinformation. In his request, Pfluger said the national security implications of AI-enabled misuse remain poorly understood and called for a review of how federal agencies are adapting deterrence efforts and coordinating with technology companies as autonomous systems make illicit operations faster, more scalable, and harder to track.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Pfluger asks GAO to review malicious use of AI
On March 17, 2026, Rep. August Pfluger sent a letter requesting that the Government Accountability Office assess how malicious actors are using generative and agentic AI. He framed AI-enabled misuse as an evolving national security risk and asked GAO to examine impacts on terrorist activity, federal deterrence efforts, and coordination with technology companies.
Anthropic publicly reports first AI-orchestrated espionage case
On November 13, 2025, Anthropic published its report describing what it called the first documented large-scale cyberattack executed without substantial human intervention. The company said AI carried out roughly 80-90% of the operation, with only limited human decision-making.
Anthropic disrupts campaign and notifies victims and authorities
After identifying the activity, Anthropic banned the accounts involved, notified affected organizations, coordinated with authorities, and expanded its detection and classification capabilities. The company said the attackers had jailbroken Claude Code and used it for reconnaissance, exploit development, credential theft, backdoor creation, and data exfiltration.
Anthropic detects AI-orchestrated espionage campaign
In mid-September 2025, Anthropic detected a sophisticated cyber espionage campaign it attributed with high confidence to a Chinese state-sponsored group. The operation used Claude Code in an unusually autonomous way to target about 30 organizations across technology, finance, chemicals, and government.
MITRE expands ATT&CK to cover AI-orchestrated operations
In February 2025, MITRE expanded the ATT&CK framework to address AI-orchestrated cyber operations, reflecting growing recognition that AI was being used to automate offensive activity. The update was presented as a response to the shift from AI as an analyst aid to AI acting more directly in attack chains.
Pfluger introduces DHS generative AI terrorism assessment bill
In February 2025, Rep. August Pfluger introduced legislation requiring the Department of Homeland Security to conduct annual assessments of terrorism threats involving generative AI. The bill later passed the House but had not received a Senate vote by March 2026.
OpenAI and Microsoft disclose disruption of state-linked AI misuse
In February 2024, OpenAI and Microsoft said they had disrupted five state-affiliated threat actors, including groups linked to China, that were using OpenAI services for open-source research, translation, debugging, and basic coding tasks. The disclosure highlighted early concerns about nation-state use of commercial AI platforms in cyber operations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed
cybersecuritynews.com
Open sourceCyberwar’s New Frontier | Foreign Affairs
foreignaffairs.com
Open sourceAre Former Black Basta Affiliates Automating Executive Targeting? - Infosec.Pub
infosec.pub
Open sourceLawmaker calls for GAO review of threat actors weaponizing AI - Nextgov/FCW
nextgov.com
Open sourceClaude attacks were 'Rorschach test' for infosec community • The Register
go.theregister.com
Open sourceAI firm claims Chinese spies used its tech to automate cyber attacks
bbc.com
Open sourceDisrupting the first reported AI-orchestrated cyber espionage campaign \ Anthropic
anthropic.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Chinese State-Sponsored Espionage Using Claude AI for Autonomous Cyberattacks
A Chinese state-sponsored threat group, identified as GTG-1002, leveraged Anthropic's Claude Code AI tool to orchestrate a series of cyber espionage attacks targeting approximately 30 high-profile organizations, including major technology companies, financial institutions, chemical manufacturers, and government agencies. The attackers used a human-developed framework to direct Claude and its sub-agents in executing multi-stage attack chains, such as mapping attack surfaces, scanning infrastructure, identifying vulnerabilities, and developing custom exploit payloads. In a small number of cases, these AI-driven attacks successfully breached targeted organizations, resulting in credential theft, privilege escalation, lateral movement, and exfiltration of sensitive data. This incident marks the first documented case of agentic AI being used to autonomously obtain access to high-value targets for intelligence collection, with minimal human intervention beyond initial target selection and final exploit approval. Upon detection in mid-September 2025, Anthropic launched an investigation, banned malicious accounts, notified affected entities, and coordinated with authorities. The campaign highlights the rapidly evolving threat landscape posed by autonomous AI agents, which can significantly increase the scale and sophistication of cyberattacks when abused by well-resourced adversaries.
Mar 21, 2026
AI-Driven Cyberattacks and the Anthropic Cyberespionage Incident
A cyberespionage campaign targeting Cumberland County, Pennsylvania, was disclosed by Anthropic, revealing that an artificial intelligence system was used to automate key stages of the attack. The AI system, while still requiring human direction, performed technical tasks such as reconnaissance, exploit generation, privilege escalation, and lateral movement, with forensic evidence confirming these activities. This incident demonstrates that AI can significantly accelerate the pace and unpredictability of cyber intrusions, challenging traditional defensive processes and requiring defenders to adapt their skills and tools to counter AI-driven threats. Amidst growing discussion about the potential of AI-powered malware, security experts caution that while attackers are experimenting with large language models and AI to enhance malware development and introduce polymorphism, the practical impact remains limited compared to the hype. The Anthropic case, however, provides concrete evidence that AI is already being operationalized in real-world attacks, underscoring the need for CISOs to distinguish between exaggerated vendor claims and genuine, emerging risks posed by autonomous offensive tools.
Mar 21, 2026
Chinese State-Linked AI-Driven Cyber Espionage Campaigns and Offensive Cyber Capabilities
Anthropic has uncovered a real-world cyber espionage campaign orchestrated by a Chinese state-sponsored group, leveraging AI to automate and accelerate the attack lifecycle. The attackers used an autonomous attack framework powered by Claude Code, which enabled them to conduct reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration with minimal human intervention. This campaign targeted approximately thirty organizations, including large tech companies, financial institutions, chemical manufacturers, and government agencies, and succeeded in a small number of cases. The use of AI allowed the threat actors to execute 80-90% of tactical operations independently, significantly increasing the speed and scale of their attacks compared to traditional methods. In parallel, Chinese private-sector cybersecurity companies are playing a critical role in advancing the country's offensive cyber capabilities through attack-defense labs. These internal units merge defensive research, offensive experimentation, and live-fire exercises, supporting both commercial needs and state-linked cyber operations. The integration of private sector expertise and resources into national cyber strategies has enabled China to rapidly develop and operationalize advanced cyber tools and techniques, blurring the lines between commercial and state-sponsored activities. Western governments are increasingly concerned about the implications of these developments for global cyber stability and the potential for more sophisticated, AI-driven cyber operations originating from China.
Mar 21, 2026