A report from Anthropic found that Chinese state-sponsored hackers used its Claude AI tools to automate a hacking campaign targeting both corporations and governments. The hackers reportedly bypassed Claude’s safeguards by posing as security auditors, and Anthropic asserted that 80% to 90% of the attacks were automated using its tools.
Anthropic was able to quickly disrupt the campaign by blocking accounts after tracking four successful intrusions, which reportedly included data theft.
Big picture: While headlines suggest a new era of AI-driven attacks, experts say the real risk is scale more than it is novel techniques. Most tools used in this case were open-source, meaning attacks aren’t necessarily more sophisticated, just faster and more frequent.
IANS Faculty Jake Williams sat down with us to offer his perspective on how security leaders should respond.
READ MORE: How to Navigate Insider Threats in the Age of AI
Q: What was your reaction when you saw this report?
When I saw the title of the report, I thought, “Wow, this could be really interesting.” Then I read it, and I was very underwhelmed. Honestly, I thought it was a piece of marketing material for Anthropic. Well, not really “thought” it was—it is a piece of marketing material for Anthropic.
Anthropic is basically using the playbook of, “Look at how advanced these threat actors scale their path with our AI.” Of course, the logical conclusion then is, “Only with our AI can you possibly protect from our AI,” right? And so that was my reaction when I first read the report—there’s really not a lot of substance there.
DOWNLOAD NOW: Tips for Reducing AI Risk
Q: What should security leaders really be concerned about and what's the hype?
Even the Anthropic report notes that most of the tools used in these attacks were open-source frameworks, command-and-control tools, open-source scanners, past exploitation tools, etc. So, what I’m trying to highlight, at least to my clientele, is that when you’re reading this stuff and thinking, “Oh my gosh, AI attacks are coming,” I’m not even sure what folks think that means. I always step back and try to focus on the impact.
What I’ve seen attributed to AI or orchestration with threat actor tools is all open-source. That means we’ve got to get really good at defending against commodity malware. Generative AI is not going to invent brand new, never-seen-before attack techniques or malware. It’s going to scale attacks and make them go faster.
So while you may have sufficient staff based on your response processes or staff cooling today, the scale of attacks is going to go up, so you’re going to have to scale your response. And you’ll need to find some way to automate your response.
By the way, I’m not sure AI is always going to be the answer for scaling response. If we’re talking about open-source and commodity tooling and existing techniques, then it seems to me we wouldn’t want AI there. We’d want more security orchestration, automation, and response (SOAR).
DOWNLOAD NOW: AI Acceptable Use Policy Template
Q: How can security leaders effectively communicate these stories to their executives?
Candidly, if you think saying to your board, “AI attacks are coming” will get you budget for your security program, then go ahead and use this kind of story to your advantage. Convey it with every bit of hype as the vendors did. Get that budget, right?
But if you’re trying to level-set with your stakeholders (as you should) about the realistic risks, you’ve got to take the air out of the room a bit and communicate that this is largely nothing new.
One of the things I like to point back to: Back in 2016 at DEF CON, we had the DARPA Cyber Grand Challenge. This was basically AI and machine learning used for autonomous hacking. These machines had to find vulnerabilities in software, exploit the other team’s copies, and simultaneously patch their own side to prevent exploitation. You couldn’t just take it offline because a scoring bot checked uptime, which multiplied your score for exploiting others.
The big takeaway from that? The bots beat the humans -- the best humans in the world. And all of this was designed so you couldn’t go in with prior knowledge. The folks who built those systems did so in a vacuum, not knowing what they’d face.
I highlight this because the fear of AI attacks isn’t new. After that challenge, vendors wrote countless stories saying, “Machines beat humans! You need our tools!” That was 2016. Here we are, almost a decade later. The world didn’t end then, and it won’t now. I’m not saying there’s no threat, but this isn’t something radically new. Time is a flat circle.
READ MORE: How to Effectively Use AI
Q: What steps should security teams be taking now and going forward?
I think priorities need to shift toward faster response. Let’s say, for instance, you assess that AI will scale phishing attacks by 5x. That means you need to handle 5x more attacks. Even if the attacks don’t get better, the scale increases.
And that’s my honest assessment. Attacks generally aren’t getting better; we’re just seeing more of them. Phishing might be a slight exception, but generally, it’s volume. If I’m seeing 5x more attacks, I either need 5x more staff or I need to improve my processes and automate them. Since we all know most security teams aren’t getting more staff, that means start figuring out how to scale your responses much faster. And again, that’s going to be automation and orchestration.
DOWNLOAD NOW: Using Production Data in AI Development
Get the Latest Analysis on the CISO Talent Landscape
Cybersecurity faces a persistent talent shortage. With CISOs struggling to staff critical security roles and retain existing employees, understaffed teams are left to execute critical security initiatives. Download the 2025 CISO Compensation Benchmark Snapshot Report and use benchmark data to refine staffing, negotiate pay bands, and secure budgets for top talent. To request the full 36-page report, please contact us.
You can also download our 2025 Security Organizational Design Benchmark Report—and gain access to valuable insights on team design, leadership positions, and pay ranges broken out by three distinct revenue and staffing clusters: contact us to request the full report.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.