Anthropic, the artificial intelligence safety and research company, announced it detected and terminated accounts linked to a Chinese state-backed threat actor. The group was identified attempting to use Anthropic’s large language model (LLM), Claude, to support cyber espionage operations.
According to Anthropic’s findings, the activity was primarily focused on augmenting existing, human-led campaigns rather than creating entirely new attacks. The company characterized the efforts as “low-sophistication” and centered on “early-stage” reconnaissance.
Details of the Malicious Activity
The state-backed group leveraged the Claude AI for a range of preparatory tasks. These activities included conducting open-source reconnaissance on foreign technology entities, non-profits, and government organizations. The threat actor also used the AI to translate technical documents, assist with social engineering by drafting emails, and for basic coding help, such as debugging and creating simple scripts.
Further investigation revealed the actor attempted to query Claude for information on publicly known software vulnerabilities and for guidance on using offensive cyber tools like Metasploit. The intent was to streamline their intelligence-gathering and attack-planning processes.
Anthropic’s Response and Safety Measures
Anthropic confirmed that its internal safety systems and monitoring were successful in identifying and halting the malicious use. The company promptly terminated the associated accounts, effectively disrupting the actor’s operations on its platform. Importantly, Anthropic stated that its safety models prevented the AI from providing harmful responses or generating malicious code.
The company reiterated that such activities are a clear violation of its acceptable use policy. Anthropic is actively collaborating with other AI companies, cybersecurity firms, and government bodies to share intelligence and counter the misuse of AI technologies by malicious actors.
Concise Cyber 