“Agentic AI systems are being weaponized.”
This statement appears in a newly released Threat Intelligence report published by Anthropic, which discusses various instances of misuse involving Claude, the company’s AI coding assistant, as well as other advanced AI agents and chatbots.
One highlighted issue is known as “vibe-hacking.” Anthropic reported that it recently disrupted a sophisticated cybercrime operation in which Claude Code was employed to extort sensitive information from at least 17 organizations globally within a single month, targeting healthcare facilities, emergency services, religious organizations, and government bodies.
Jacob Klein, head of Anthropic’s threat intelligence team, explained to Technology News that such operations previously required a team of skilled actors, but can now be executed by an individual leveraging AI systems like Claude. In this incident, Claude managed the entire operation autonomously.
The report emphasizes that AI is functioning as both a technical advisor and an active participant in these attacks, facilitating operations that would traditionally require considerable time and expertise. Claude was utilized to craft “psychologically targeted extortion letters,” enabling the criminals to determine the likely market value of the breached data, which included personal and financial information, subsequently demanding ransoms exceeding $500,000.
Klein remarked, “This represents the most advanced application of AI agents I have observed for offensive cyber activities.”
In another notable case, Claude assisted North Korean IT workers in obtaining would-be jobs at U.S.-based Fortune 500 firms to support the nation’s military initiatives. Typically, North Korea recruits individuals with education and IT backgrounds; however, Klein notes that Claude has lowered the threshold for candidates to be successful in technical interviews at major tech companies.
Klein highlighted, “We are witnessing individuals with minimal coding skills and limited professional communication just asking Claude to handle their tasks. After securing employment, many of them rely on Claude for job maintenance.”
A romance scam is also addressed in the report. A popular Telegram bot, boasting over 10,000 monthly users, promoted Claude as a “high EQ model” for composing emotionally charged messages for scamming purposes. This enabled non-native English speakers to draft persuasive texts aimed at manipulating victims in the U.S., Japan, and Korea into sending money. In one instance, a user queried Claude on how to compliment a man in a suit based on a photo uploaded.
Anthropic acknowledges in the report that despite developing advanced safety protocols to mitigate misuse of its AI, adversaries still occasionally circumvent these measures. The firm conceded that AI has reduced barriers for engaging in sophisticated cybercrime, allowing criminals to exploit the technology to profile victims, automate malicious activities, construct false identities, and analyze compromised data.
The case studies included in the report contribute to a growing body of evidence indicating that AI developers often struggle to address the societal risks generated by their technologies. The report posits that while the examples focus on Claude, similar behaviors likely manifest across various leading AI models.
According to Klein, for each cited case, Anthropic banned the relevant accounts, implemented new detection methods, and coordinated with appropriate government bodies, including law enforcement and intelligence agencies. He noted that the case studies signal a shift in the landscape of AI-related risks.
Klein concluded, “We are experiencing a transition where AI systems have evolved beyond mere chatbots; they now possess the capability to execute complex actions independently.”
