Description: Anthropic reportedly identified a cyber espionage campaign in which a purported Chinese state-linked group, designated GTG-1002 by Anthropic, allegedly jailbroke Claude Code and used it to automate 80–90% of multi-stage intrusions. The AI reportedly independently performed reconnaissance, vulnerability discovery, exploitation, credential harvesting, and data extraction across roughly 30 targets before the activity was detected and blocked.
Editor Notes: Anthropic's full report can be read here: https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf. The reported Chinese state-sponsored deployer has been designated GTG-1002 by Anthropic. They reportedly detected the activity sometime in mid-September 2025. The incident ID date of 11/13/2025 corresponds to the publication of their initial findings.
Entities
View all entitiesAlleged: Anthropic developed an AI system deployed by Unknown Chinese state-sponsored entity and GTG-1002, which harmed Entities targeted by GTG-1002 and National security stakeholders.
Alleged implicated AI systems: Open-source penetration testing tools , Model Context Protocol (MCP) , MCP-integrated toolchain , GTG-1002's autonomous orchestration framework and Claude code
Incident Stats
Incident ID
1263
Report Count
2
Incident Date
2025-11-13
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Loading...
We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill. This was based on systematic evaluations showing …
Loading...
China's state-sponsored hackers used artificial-intelligence technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday.
The effort focused on…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?