Anthropic announces that 'Chinese spies were stealing information using AI,' but some point out that the evidence is scarce and unreliable
Anthropic, the developer of the chat AI 'Claude,' published a report on November 14, 2025, stating that it had 'detected and prevented espionage activities using AI agents.' The report stated that attackers linked to the Chinese government had used Anthropic's AI tools to carry out attacks against technology companies and governments.
Disrupting the first reported AI-orchestrated cyber espionage campaign \ Anthropic
According to the report, Anthropic detected espionage activity using Claude Code beginning in mid-September 2025. The attackers attempted to infiltrate approximately 30 targets around the world, including major technology companies, financial institutions, chemical companies, and government agencies, and were successful in a small number of cases. Anthropic also stated that it 'has determined with high confidence that the attackers are Chinese government-sponsored threat actors.'
The attack flow is as follows: First, a human selects a target, then uses Claude Code to develop an attack framework, investigate the target's system to identify the most valuable information, create and test custom exploit code, identify the highest privileged account, create a backdoor to steal information, and create an analysis report on the stolen information. The attacker then posed as an employee of a security company, tricking Claude Code into thinking they were conducting a cyberattack defense test, thereby bypassing existing fraud detection systems.
Anthropic said, 'After detecting the attacks, we suspended the attackers' accounts, notified affected organizations, and coordinated with regulatory authorities. 'These attacks exploited features that were either non-existent or in their infancy a year ago, such as intelligence capable of following complex instructions, agent functionality to automatically execute actions, and the ability to use external tools via an MCP server.'
As mentioned above, Anthropic claims that its tools were used by Chinese government hackers for espionage activities. However, security expert djnn questioned the authenticity of Anthropic's report, stating, 'Cyberattack reports typically disclose domain names related to the campaign and hash values associated with the actual malware samples used. However, Anthropic's report does not include this information and contains no verifiable information at all.' Another comment on the news sharing site Hacker News stated , 'Anthropic's report appears to be a marketing ploy to suggest that its products are sophisticated enough to be used by Chinese government hackers for espionage activities.'
The full text of Anthropic's report can be viewed at the following link:
Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign
(PDF file) https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf
Related Posts:
