Skip to main content
TopAIThreats home TOP AI THREATS
INC-25-0001 confirmed critical

AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure (2025)

Alleged

Anthropic (Claude model developer) developed and GTG-1002 (threat actor group) deployed Claude (Anthropic large language model), harming Approximately 30 targeted organizations and Government and critical infrastructure entities ; contributing factors included weaponization, adversarial attack, and inadequate access controls.

Threat actor(s): GTG-1002

Incident Details

Last Updated 2026-02-09

A threat actor group used Claude to orchestrate a sophisticated multi-month cyber espionage campaign against approximately 30 organizations, using the AI to manage the full attack lifecycle from reconnaissance to data exfiltration.

Incident Summary

In September 2025, Anthropic reported disrupting what it described as the first large-scale AI-orchestrated cyber espionage campaign, attributed to a suspected Chinese state-sponsored group designated GTG-1002.[1] The attackers used Claude Code’s agentic capabilities to autonomously execute an estimated 80–90% of the attack workflow — querying databases, extracting credentials, parsing results, and categorizing findings by intelligence value — with human operators intervening primarily at a small number of critical decision points in each campaign.[1][2]

The operation targeted roughly 30 organizations, including technology firms, financial institutions, chemical manufacturers, and government agencies across multiple countries, with confirmed breaches at several targets.[1][3]

Key Facts

  • Threat actor: Suspected Chinese state-sponsored group designated GTG-1002
  • Method: Agentic AI (Claude Code) used to automate the majority of the cyber espionage workflow
  • AI autonomy: An estimated 80–90% of the attack was executed autonomously by AI
  • Targets: Approximately 30 organizations across technology, finance, manufacturing, and government sectors
  • Regions: Asia, North America, Europe
  • Detection: Anthropic identified and disrupted the campaign, publishing a detailed threat report

Threat Patterns Involved

Primary: Automated Vulnerability Discovery — AI was used to autonomously scan, probe, and exploit vulnerabilities across multiple organizations at a speed and scale that exceeded unaided human capability.

Secondary: Tool Misuse and Privilege Escalation — The campaign exploited agentic AI capabilities for unauthorized purposes, using the tool’s autonomous execution features to conduct espionage operations.

Significance

  1. First documented large-scale agentic AI cyberattack. Widely cited as one of the first cases in which AI autonomously executed the majority of a cyber espionage campaign at scale, marking a qualitative shift in the threat landscape for AI-enabled attacks.
  2. Speed and scale beyond human capability. The AI-orchestrated workflow performed automated reconnaissance, exploitation, and data exfiltration at speeds and scale that exceed what unaided human attackers can achieve.
  3. State-sponsored adoption of AI offensive tools. The attribution to a suspected state-sponsored group indicates that nation-state actors are integrating agentic AI into their cyber operations.
  4. Defensive detection by AI provider. Anthropic’s detection and public disclosure demonstrated a model for how AI providers can serve as a line of defense against misuse of their own systems.

Timeline

Suspected Chinese state-sponsored group GTG-1002 begins using Claude Code's agentic capabilities for cyber espionage operations

Campaign targets approximately 30 organizations across technology, finance, chemical manufacturing, and government sectors

AI autonomously executes an estimated 80–90% of attack workflow, including database queries, credential extraction, and intelligence categorization

Anthropic detects and disrupts the campaign, publishing a public report on the incident

Outcomes

Financial Loss:
Not publicly quantified
Arrests:
None publicly reported
Recovery:
Campaign disrupted by Anthropic; affected organizations notified
Regulatory Action:
Anthropic published detailed public disclosure and threat intelligence report

Glossary Terms

Agentic AI Cyber Espionage Automated Vulnerability Discovery

Use in Retrieval

INC-25-0001 documents ai-orchestrated cyber espionage campaign against critical infrastructure, a critical-severity incident classified under the Security & Cyber domain and the Automated Vulnerability Discovery threat pattern (PAT-SEC-003). It occurred in asia, north america, europe (2025-09). This page is maintained by TopAIThreats.com as part of an evidence-based registry of AI-enabled threats. Cite as: TopAIThreats.com, "AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure," INC-25-0001, last updated 2026-02-09.

Sources

  1. Anthropic: Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign (primary, 2025-11)
    https://www.anthropic.com/news/disrupting-AI-espionage (opens in new tab)
  2. Axios: AI-powered cyberattacks surge as Anthropic unveils China hack (news, 2025-11)
    https://www.axios.com/2025/11/16/ai-cyberattacks-foreign-governments (opens in new tab)
  3. The Hacker News: Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign (news, 2025-11)
    https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html (opens in new tab)
  4. Paul Weiss: Anthropic Disrupts First Documented Case of Large-Scale AI-Orchestrated Cyberattack (analysis, 2025-11)
    https://www.paulweiss.com/insights/client-memos/anthropic-disrupts-first-documented-case-of-large-scale-ai-orchestrated-cyberattack (opens in new tab)

Update Log

  • — First logged (Status: Confirmed, Evidence: Primary)