Incident 1054: Anthropic Report Reveals Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

Description: In April 2025, Anthropic published a report detailing several misuse cases involving its Claude LLM, all detected in March. These included an "influence-as-a-service" operation that orchestrated over 100 social media bots; an effort to scrape and test leaked credentials for security camera access; a recruitment fraud campaign targeting Eastern Europe; and a novice actor developing sophisticated malware. Anthropic banned the accounts involved but could not confirm downstream deployment.
Editor Notes: Timeline notes: Anthropic's report details separate case studies from March 2025, but published their findings on 04/23/2025, which is the date this incident ID takes.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Incident Stats

Incident ID
1054
Report Count
3
Incident Date
2025-04-23
Editors
Daniel Atherton
Detecting and Countering Malicious Uses of Claude: March 2025
anthropic.com · 2025

We are committed to preventing misuse of our Claude models by adversarial actors while maintaining their utility for legitimate users. While our safety measures successfully prevent many harmful outputs, threat actors continue to explore me…

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
thehackernews.com · 2025

Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X.

The sophisticated activit…

Anthropic Flags AI-Driven Influence and Cybercrime Operations
channele2e.com · 2025

Anthropic has revealed a concerning example of how AI tools can be weaponized to scale influence operations, according to a report by The Hacker News. The company found that its Claude chatbot was used to create and manage a network of poli…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

AI-Generated Profiles Used in Disinformation Campaign Targeting Ukrainians

· 4 reports
Fake LinkedIn Profiles Created Using GAN Photos

Fake LinkedIn Profiles Created Using GAN Photos

· 4 reports
DALL-E 2 Reported for Gender and Racially Biased Outputs

DALL-E 2 Reported for Gender and Racially Biased Outputs

· 3 reports
Previous Incident