Chinese Hackers Use Anthropic AI for Hacking... 80% of Attack 'Automated'

Anthropic announced on November 13 (local time) that state-sponsored hackers backed by the Chinese government carried out cyberattacks targeting major corporations and foreign governments in September, using Anthropic's artificial intelligence (AI) technology to automate the process.

[Photo by The Asia Business Daily DB]

The company stated that the attack targeted dozens of organizations and involved the highest level of automation it has ever observed in hacking incidents. The hackers attempted to breach approximately 30 companies and government agencies, but Anthropic did not specify which companies or countries were targeted. In the course of the attack, some sensitive information was also exposed.

Anthropic is confident that this attack was carried out by hackers supported by the Chinese government. However, the Chinese Embassy in Washington did not comment on the incident. The Chinese government has consistently maintained that it has never been involved in hacking incidents for which it has been accused.

Anthropic explained that this hacking incident represented the most advanced AI-powered automated attack the company has witnessed to date. In the past, hackers would write code themselves, search for system vulnerabilities, and craft phishing emails one by one. In this attack, however, AI performed 80 to 90 percent of the work, with humans only intervening in a few key decision-making stages.

Jacob Klein, Head of Threat Intelligence at Anthropic, said, "The hackers were literally able to launch an attack with the push of a button, and there was almost no human involvement afterward. The hacker's role was limited to reviewing a few things, such as saying 'yes,' 'continue,' 'thanks for this information,' or 'this seems odd, Claude, are you sure?'"

The Wall Street Journal (WSJ) pointed out that cyberattacks are evolving into an entirely new form through AI-based automation. Most tasks that previously required human labor and technical skills are now being performed autonomously by AI.

Recent hacking cases also confirm that cyberattacks are now being automated using AI. This summer, cybersecurity firm Volexity detected an attack led by Chinese hackers in which AI tools were used to automate target selection, phishing email composition, and even malware creation. It was also revealed that hackers linked to the Russian government recently used AI models to generate customized malware instructions in real time during attacks on Ukraine.

The increasing prevalence of cyberattacks using AI agents demonstrates the dual nature of AI tools. The WSJ noted, "Anthropic aims to use AI to strengthen cyber defense, but more powerful AI can simultaneously become a more powerful means of attack."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.