The development of artificial intelligence (AI) has ushered in a new era of cyberattacks as it has recently become a partner to threat actors. Anthropic, a leading artificial intelligence company, recently reported that its AI system, Claude, has been exploited by cybercriminals in damaging ways and in what the company calls “sophisticated cyberattacks.”
This isn’t just an average or the usual cyberattacks we hear about daily. It is a massive AI-powered operation, with Anthropic confirming that threat actors mostly targeted organizations in healthcare, emergency services, government and religious institutions.
In the full report, Anthropic discussed how Agentic AI has been weaponized to serve cybercriminals from different parts of the world, how the technology has lowered the barriers to “sophisticated cybercrime,” and how these threat actors and cybercriminals have integrated AI into every stage of their operations.
Amongst many cases of many cyberattacks, Anthropic uses three case studies to explain the increasing danger of AI-powered cyberattacks. They include vibe-hacking, a term Anthropic used to describe how cybercriminals used Claude Code to carry out a large-scale data theft operation; remote worker fraud; and cybercriminals selling AI-generated malware as Ransomware-as-a-Service (RaaS).
Vibe-hacking
In the case of vibe-hacking, Claude was more of an active participant rather than a helper, with Anthropic saying the threat actor used the technology to an “unprecedented degree.” The threat actor used Claude Code to penetrate networks, automate reconnaissance, and harvest confidential information of victims across many organizations.
“Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands,” the report said.
After getting hands on the stolen information, the threat actor then attempted to extort victims into paying huge amounts of ransom by threatening to publicly expose their data. “Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines,” the report continued.
Remote-worker fraud
Anthropic also uncovered how North Korean hackers are using Claude to fraudulently land and maintain remote jobs at U.S. Fortune 500 tech companies.
Anthropic says that this was done by the fraudsters using Claude models to “create elaborate false identities with convincing professional backgrounds, complete technical and coding assessments during the application process, and deliver actual technical work once hired.”
Formerly reported by the FBI, this fraud system is part of a much larger employment scheme in North Korea that was designed to generate profit for the regime while going against international regulations.
No-code malware: AI-generated Ransom-as-a-Service
Anthropic also detailed a ransomware-as-a-service operation run by a lone cybercriminal who relied heavily on using Claude to develop malware due to their limited technical skills. The cybercriminal used AI to develop several variants of sophisticated ransomware that all featured modern encryption, network spreading, and advanced evasion techniques.
These ransomware packages were then sold to other cybercriminals on dark web forums with prices ranging from $400 to $1200.
Anthropic’s response and the broader implications
The versatility of AI has lowered the technical bar for criminals, which in turn enables larger-scale and more automated cyberattacks than ever before.
In response to the aforementioned cyberattacks, Anthropic took down involved Claude accounts, introduced detection systems to identify misuse, and shared vital intelligence with cybersecurity organizations and law enforcement. Part of its detection systems include new methods that are focused on effectively spotting malware development, unauthorized modifications, and suspicious activity on its platform.
Despite these efforts, the company acknowledges that the evolving landscape of AI-powered or AI-assisted cyberattacks demand constant vigilance and innovation in its defense. AI-powered cyberattacks are known to challenge traditional defense models, as it speeds up the exploitation of vulnerabilities and enables solo threat actors to conduct operations that previously required complex expertise.
As such, the financial consequences are severe. AI-driven cybercrimes are predicted to cost the U.S. economy up to $40 billion by 2027.
Anthropic’s transparent research and disclosure of Claude’s malicious use serves as a critical warning and call to action for the people in charge of building important technology. As AI tools become deeply integrated into everyday workflows, both the potential and risks grow, making it a double-edged sword that can empower innovation but also enable dangerous cybercriminals.
To protect everyone and the digital infrastructure at large from this new generation of AI-powered threats, innovation and collaboration across many sectors will be crucial.
