Anthropic released a paper late last week which describes what may be the first known case of a nearly fully autonomous AI-conducted cyber-espionage operation, attributed to a Chinese state-sponsored threat group dubbed GTG-10002. According to the paper, this incident “represents a fundamental shift in how advanced threat actors use AI.” 

The breakthrough is not that AI assisted hacking, that is something that has occurred before, but that a frontier AI model (Claude) was successfully manipulated into running 80–90% of a complex intrusion campaign autonomously, coordinating reconnaissance, vulnerability discovery, lateral movement, credential harvesting, and data exfiltration with minimal human oversight.

The threat actor operated a fully autonomous hacking “Agent Swarm” and humans were present only in a supervisory role.

The attackers used Claude as a central orchestrator, repeatedly instantiating “Claude code” instances that functioned as coordinated autonomous penetration-testing agents.

The volume, speed, and concurrency of operations convinced investigators that: “The operational tempo achieved proves the use of an autonomous model rather than interactive assistance.”

In other words, AI ran all the attack faster and more efficiently than a human could, and only another AI could be used to analyze and mitigate the issue.  

Even though Claude has elaborate guardrails, the attackers were able to get around them by modifying the prompts and jailbreaking.  The  attackers could have fine-tuned an open source model with no guardrails.

 Anthropic poses the core dilemma plainly:

“If AI models can be misused for cyber attacks at this scale, why continue to develop and release them?”

Their stated answer:

“The only way to stop bad AI is with better good AI.”

Meaning that defensive AI must outpace offensive AI and security teams will need autonomous agents to counter other autonomous agents

Future cyber defense and investigative forensics may resemble AI vs AI attrition

 Last week at Paraben’s Fall PFIC event one of the presenters highlighted a case where they had worked on where the attack was AI driven, and forensic AI methodology was used to help in the analysis and mitigation. To watch those PFIC recordings reach out for access.