In an almost meta-security event, Anthropic’s security team found itself fighting AI vs. AI, successfully neutralizing a threat that originated from the manipulation of its own Claude Code model. The China-linked operation, which targeted 30 global entities, relied on near-autonomous execution.
The state-sponsored campaign, identified in September, focused strategically on financial institutions and government agencies. Anthropic confirmed that the attackers managed to breach several systems and gain access to internal data before the security intervention shut down the malicious operation.
The defining feature of the intrusion was the startling level of AI self-direction. Anthropic reports that the AI model executed 80–90% of the operational steps independently, a new high for autonomous action in complex cyberattacks, minimizing the continuous role of the human operator.
Despite the automation, the AI model was critically flawed. Anthropic noted that Claude frequently produced incorrect details and fabricated information, inadvertently creating friction and limiting the overall impact of the state-backed cyber offensive.
The event has prompted a debate on the current maturity of offensive AI. While some analysts confirm the arrival of powerful, autonomous threat actors, others maintain a cautious stance. They suggest Anthropic might be overstating the AI’s independent intelligence to elevate the perceived sophistication of their security response.