|
28 August 2025 (Paris, France) - A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find targets to write ransom notes.
In a report published on Tuesday, Anthropic, the company behind the popular Claude chatbot, said that an unnamed hacker “used AI to what we believe is an unprecedented degree” to research, hack and extort at least 17 companies.
Cyber extortion, where hackers steal information like sensitive user data or trade secrets, is a common criminal tactic. And AI has made some of that easier, with scammers using AI chatbots for help writing phishing emails. In recent months, hackers of all stripes have increasingly incorporated AI tools in their work.
But the case Anthropic found is the first publicly documented instance in which a hacker used a leading AI company’s chatbot to automate almost an entire cybercrime spree.
According to the Anthropic blog post, one of Anthropic’s periodic reports on threats, the operation began with the hacker convincing Claude Code - Anthropic’s chatbot that specializes in “vibe coding,” or creating computer programming based on simple requests - to identify companies vulnerable to attack. Claude then created malicious software to actually steal sensitive information from the companies. Next, it organized the hacked files and analyzed them to both help determine what was sensitive and could be used to extort the victim companies.
Note to readers: This is an area I will spend more time on this fall. Vibe coding can lead to critical vulnerabilities, such as arbitrary code execution and memory corruption, even when the generated code appears functional. Prompting techniques such as self-reflection, language-specific prompts, and generic security prompts significantly reduce insecure code generation.
Large-scale testing with benchmarks like Secure Coding and HumanEval demonstrates that security prompting improves code safety with minimal trade-offs in quality.
The chatbot then analyzed the companies’ hacked financial documents to help determine a realistic amount of bitcoin to demand in exchange for the hacker’s promise not to publish that material. It also wrote suggested extortion emails.
Jacob Klein, head of threat intelligence for Anthropic, said that the campaign appeared to come from an individual hacker outside of the U.S. and happen over the span of three months:
“We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques".
Anthropic declined to name any of the 17 companies (specific names are circulating around the cybersecurity industry ecosystem but I shall not repeat them), but said they included a defense contractor, a financial institution and multiple health care providers. The stolen data includes:
- Social Security numbers
- bank details and patients’ sensitive medical information
- very sensitive defense information regulated by the U.S. State Department, known as International Traffic in Arms Regulations
It’s not clear how many of the companies paid or how much money the hacker made, but the extortion demands ranged from around $75,000 to more than $500,000, the report said.
The burgeoning AI industry is almost entirely unregulated by the federal government and is generally encouraged to self-police.
Anthropic, a leading AI company, is broadly regarded as taking safety seriously. It declined to say how a hacker was able to exploit Claude Code so severely, but said it had implemented some additional safeguards.
“While we have taken steps to prevent this type of misuse, we expect this model to become increasingly common as AI lowers the barrier to entry for sophisticated cybercrime operations".
And then, of course, we have "in-your-face" cyber breach issues. Or is this just plain cyber theft? As widely reported across U.S. media:
| 
