MCP-integrated toolchain

Incidents implicated systems

Incident 12632 Report
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

2025-11-13

Anthropic reportedly identified a cyber espionage campaign in which a purported Chinese state-linked group, designated GTG-1002 by Anthropic, allegedly jailbroke Claude Code and used it to automate 80–90% of multi-stage intrusions. The AI reportedly independently performed reconnaissance, vulnerability discovery, exploitation, credential harvesting, and data extraction across roughly 30 targets before the activity was detected and blocked.

Related Entities

Unknown Chinese state-sponsored entity

Incidents involved as Deployer

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

GTG-1002

Incidents involved as Deployer

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

Anthropic

Incidents involved as Developer

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

Entities targeted by GTG-1002

Incidents Harmed By

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

National security stakeholders

Incidents Harmed By

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

Open-source penetration testing tools

Incidents implicated systems

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

Model Context Protocol (MCP)

Incidents implicated systems

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

GTG-1002's autonomous orchestration framework

Incidents implicated systems

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage

Claude code

Incidents implicated systems

Incident 1263
2 Reports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage