US artificial intelligence company Anthropic has revealed that its chatbot, Claude, has been weaponized by hackers in cyberattacks involving large-scale data theft, extortion, and fraud. The disclosure underscores growing concerns about how generative and agentic AI technologies can be exploited for malicious purposes.
Anthropic reported that hackers used its AI to:
- Write malicious code capable of breaching at least 17 organizations, including government bodies.
- Support cybercrime decisions, from selecting which data to exfiltrate to crafting psychologically targeted ransom demands.
- Suggest ransom amounts, illustrating AI’s growing role in tactical and strategic cybercrime planning.
The company described the scale of AI involvement in these operations as “unprecedented” and said it disrupted the actors, reported them to authorities, and enhanced its detection capabilities.
The threat extends beyond cyberattacks. Anthropic disclosed that North Korean operatives used Claude to fraudulently secure remote jobs at US Fortune 500 tech companies. The AI used to generate job applications, translate communications, and write code. Experts warn that this tactic allows sanctioned workers, typically isolated from global workflows, to infiltrate corporate systems under false identities.
Analysts highlight that agentic AI — which can operate autonomously — accelerates risks by shrinking the time required to exploit vulnerabilities. Alina Timofeeva, a cybercrime adviser, stressed the need for proactive detection and prevention rather than reactive responses.
Despite these developments, experts caution against assuming AI has created entirely new crimewaves, noting that ransomware and phishing remain the primary attack vectors. However, as Nivedita Murthy of Black Duck emphasized, organizations must treat AI models as repositories of sensitive data requiring the same protection as other critical infrastructure.
Anthropic’s findings add to mounting calls for robust safeguards as enterprises integrate AI into their operations.
Source:
