Associated Incidents
Anthropic said Thursday that Chinese hackers used its artificial intelligence technology in what the company believes is the first cyberespionage operation largely carried out using AI.
Anthropic said the cybercriminals used its popular chatbot, Claude, to targetroughly 30 technology companies, financial institutions, chemical manufacturers and government agencies. The hackers used the AI platform to gather usernames and passwords from the companies' databases that they then exploited to steal private data, Anthropic said, while noting that only a "small number" of these attacks succeeded.
"We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention," Anthropic said in a statement.
The San Francisco-based company shared its findings with CBS News but did not offer additional comment. The news was first reported by the Wall Street Journal.
Anthropic said it began detecting suspicious activity in mid-September. A subsequent investigation by the company revealed that the activity stemmed from an espionage campaign that Anthropic said was likely carried out by a state-sponsored group based in China.
According to the investigation, hackers allegedly duped Claude into thinking it was an employee of a legitimate cybersecurity firm and that it was being used for defensive testing. Anthropic also said the cybercriminals sought to hide their tracks by breaking down the attack into small tasks.
Unlike conventional cyberattacks, the operation required minimal human intervention, according to the company. "The AI made thousands of requests per second, an attack speed that would have been, for human hackers, simply impossible to match," Anthropic said.
Anthropic said it expects AI cyberattacks to grow in scale and sophistication as so-called agents become more widely used for a range of services. AI agents are cheaper than professional hackers and can operate quickly at a larger scale, making them particularly attractive to cybercriminals, MIT Technology Review has pointed out.
Chris Krebs, the former head of the federal government's Cybersecurity and Infrastructure Security Agency, told CBS Mornings on Friday that this attack is a sign of what's to come.
"As security experts, we've been talking about events and attacks like this for close to a decade," he said. To see an AI cyberattack come to life like this is "pretty chilling," he added.