Claude Code
Incidents implicated systems
Incident 126334 Rapports
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage
2025-11-13
Anthropic reportedly identified a cyber espionage campaign in which a purported Chinese state-linked group, designated GTG-1002 by Anthropic, allegedly jailbroke Claude Code and used it to automate 80–90% of multi-stage intrusions. The AI reportedly independently performed reconnaissance, vulnerability discovery, exploitation, credential harvesting, and data extraction across roughly 30 targets before the activity was detected and blocked.
PlusIncident 12013 Rapports
Anthropic Reportedly Identifies AI Misuse in Extortion Campaigns, North Korean IT Schemes, and Ransomware Sales
2025-08-27
In August 2025, Anthropic published a threat intelligence report detailing multiple misuse cases of its Claude models. Documented abuses included a large-scale extortion campaign using Claude Code against at least 17 organizations, fraudulent remote employment schemes linked to North Korean operatives, and the development and sale of AI-generated ransomware. Anthropic banned the accounts, implemented new safeguards, and shared indicators with authorities.
PlusIncident 14242 Rapports
Claude Code Agent Reportedly Deleted DataTalks.Club Production Infrastructure, Database, and Snapshots via Terraform
2026-02-26
A Claude Code agent executing Terraform commands reportedly destroyed the production infrastructure behind the DataTalks.Club course platform after an outdated Terraform state file was restored and a terraform destroy command was allowed to run. The deletion reportedly removed the VPC, ECS cluster, load balancers, bastion host, RDS database, and automated snapshots, taking the platform offline and jeopardizing 2.5 years of data. AWS reportedly later restored a snapshot.
Plus