Anthropic published a report saying a single hacker exploited its Claude chatbot to carry out what the company described as an unprecedented cybercrime campaign that automated much of the work normally done by human attackers. the attacker used Claude Code, Anthropic’s coding-focused chatbot, to identify vulnerable companies, build malicious software to extract data and then organize and analyze stolen files to determine what could be used for extortion.
the report says the operation targeted at least 17 companies over roughly three months and included a defense contractor, a financial institution and multiple health care providers. stolen material included Social Security numbers, bank details and patients’ medical information, as well as files related to international traffic in arms regulations that are regulated by the U.S. state department. Anthropic declined to name the victims. it also said the extortion demands noted in the report could not be fully reported because specific amounts were obscured in the document, so the precise dollar ranges are not stated.
Jacob Klein, head of threat intelligence at Anthropic, said the campaign appeared to come from an individual hacker operating outside the United States and that the company had multiple layers of defense that the attacker attempted to evade. Anthropic said it implemented additional safeguards after uncovering the misuse and warned that the underlying issue may grow as Artificial Intelligence lowers the barrier to entry for sophisticated cybercriminal operations. the company framed the incident as a reminder of the limits of industry self-policing in the largely unregulated Artificial Intelligence sector.
