In mid-Sep 2025, Anthropic detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign conducted by a threat actor assessed with high confidence to be a 
state-sponsored group. The attackers used AI’s “agentic” capabilities to an unprecedented degree — using AI not just as an advisor, but to execute the cyberattacks themselves.
The threat actor manipulated Anthropic’s Claude Code tool into attempting infiltration into roughly 30 global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. This is believed to be the first documented case of a large-scale cyberattack executed without substantial human intervention.
wsj.com/tech/ai/china-
anthropic.com/news/disruptin
axios.com/2025/11/13/ant
state-sponsored group. The attackers used AI’s “agentic” capabilities to an unprecedented degree — using AI not just as an advisor, but to execute the cyberattacks themselves.
The threat actor manipulated Anthropic’s Claude Code tool into attempting infiltration into roughly 30 global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. This is believed to be the first documented case of a large-scale cyberattack executed without substantial human intervention.
wsj.com/tech/ai/china-
anthropic.com/news/disruptin
axios.com/2025/11/13/ant