Anthropic Warns of 'Vibe Hacking': AI-Powered Cyberattacks Reach New Heights

Anthropic Warns of New 'Vibe Hacking' Attacks That Use Claude AI

In its Threat Intelligence Report, Anthropic lists a highly scalable form of extortion scheme as one of the top emerging AI security threats. Anthropic, the company behind the popular AI model Claude, said in a new Threat Intelligence Report that it disrupted a 'Vibe Hacking' extortion scheme. In the report, the company detailed how the attack was carried out, allowing hackers to scale up a mass attack against 17 targets including entities in government, healthcare, emergency services and religious organizations. (You can read the full report in this PDF file.) Anthropic says that its Claude AI technology was used as both a "technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually." Claude was used to "automate reconnaissance, credential harvesting, and network penetration at scale," the report said. Making the findings more disturbing is that so-called Vibe Hacking was considered to be a future threat, with some experts believing it was not yet possible. What Anthropic shared in its report may represent a major shift in how AI models and agents are used to scale up massive cyberattacks, ransomware schemes or extortion scams. Separately, Anthropic has also recently been dealing with other AI issues, namely settling a lawsuit by authors claiming Claude was trained on their copyrighted materials. Another company, Perplexity, has been dealing with its own security issues as its Comet AI browser was shown to have a major vulnerability.

'Vibe-hacking' is now a top AI threat

"Agentic AI systems are being weaponized." That's one of the first lines of Anthropic's new Threat Intelligence report, out today, which details the wide range of cases in which Claude -- and likely many other leading AI agents and chatbots -- are being abused. First up: "Vibe-hacking." One sophisticated cybercrime ring that Anthropic says it recently disrupted used Claude Code, Anthropic's AI coding agent, to extort data from at least 17 different organizations around the world within one month. The hacked parties included healthcare organizations, emergency services, religious institutions, and even government entities. "If you're a sophisticated actor, what would have otherwise required maybe a team of sophisticated actors, like the vibe-hacking case, to conduct -- now, a single individual can conduct, with the assistance of agentic systems," Jacob Klein, head of Anthropic's threat intelligence team, told The Verge in an interview. He added that in this case, Claude was "executing the operation end-to-end." Anthropic wrote in the report that in cases like this, AI "serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually." For example, Claude was specifically used to write "psychologically targeted extortion demands." Then the cybercriminals figured out how much the data -- which included healthcare data, financial information, government credentials, and more -- would be worth on the dark web and made ransom demands exceeding $500,000, per Anthropic. "This is the most sophisticated use of agents I've seen ... for cyber offense," Klein said. In another case study, Claude helped North Korean IT workers fraudulently get jobs at Fortune 500 companies in the U.S. in order to fund the country's weapons program. Typically, in such cases, North Korea tries to leverage people who have been to college, have IT experience, or have some ability to communicate in English, per Klein -- but he said that in this case, the barrier is much lower for people in North Korea to pass technical interviews at big tech companies and then keep their jobs. With the assistance of Claude, Klein said, "we're seeing people who don't know how to write code, don't know how to communicate professionally, know very little about the English language or culture, who are just asking Claude to do everything ... and then once they land the job, most of the work they're actually doing with Claude is maintaining the job." Another case study involved a romance scam. A Telegram bot with more than 10,000 monthly users advertised Claude as a "high EQ model" for help generating emotionally intelligent messages, ostensibly for scams. It enabled non-native English speakers to write persuasive, complimentary messages in order to gain the trust of victims in the U.S., Japan, and Korea, and ask them for money. One example in the report showed a user uploading an image of a man in a tie and asking how best to compliment him. In the report, Anthropic itself acknowledges that although the company has "developed sophisticated safety and security measures to prevent the misuse" of its AI, and though the measures are "generally effective," bad actors still sometimes manage to find ways around them. Anthropic says that AI has lowered the barriers for sophisticated cybercrime and that bad actors use the technology to profile victims, automate their practices, create false identities, analyze stolen data, steal credit card information, and more. Each of the case studies in the report adds to the increasing amount of evidence that AI companies, try as they might, often can't keep up with the societal risks associated with the tech they're creating and putting out into the world. "While specific to Claude, the case studies presented below likely reflect consistent patterns of behaviour across all frontier AI models," the report states. Anthropic said that for every case study, it banned the associated accounts, created new classifiers or other detection measures, and shared information with the appropriate government agencies, like intelligence agencies or law enforcement, Klein confirmed. He also said the case studies his team saw are part of a broader change in AI risk. "There's this shift occurring where AI systems are not just a chatbot because they can now take multiple steps," Klein said, adding, "They're able to actually conduct actions or activity like we're seeing here."

Vibe Hacking and No-Code Ransomware: AI's Dark Side Is Here

AI is no longer just a tool for defenders; it's now a weapon in the hands of cybercriminals. Anthropic's August 2025 Threat Intelligence Report reveals our new reality: threat actors are using AI not just to assist, but to actively orchestrate cyberattacks. This includes automating phishing campaigns, bypassing security controls, and exfiltrating sensitive data, often without human intervention. AI Scales Cybercrime Faster Than We Can Defend The report outlines how Claude, Anthropic's agentic AI coding assistant, was misused in multiple sophisticated campaigns. One standout case, dubbed "vibe hacking," involved a threat actor using Claude Code to automate reconnaissance, credential harvesting, and extortion across 17 organizations in sectors ranging from healthcare to emergency services. Rather than encrypting systems, the attacker used Claude to exfiltrate sensitive data and craft psychologically targeted ransom notes. These notes were embedded into victim machines and tailored to each organization. Key takeaway for CISOs: Recognize the speed and scale shift of adversaries. AI enables attackers to scale operations with minimal technical skill. Your adversary may not be a seasoned hacker. They may just be good at prompting an AI. Include AI-assisted adversaries in your risk assessments and augment your detection and response capabilities with MDR. AI Simulates Competence To Infiltrate Your Workforce Another case exposed how North Korean operatives used Claude to secure remote tech jobs at Western companies. These actors couldn't write code or communicate professionally without AI assistance, yet they passed interviews and performed satisfactory work. Claude helped them: * Generate fake resumes and portfolios * Prepare for interviews * Deliver frontend and scripting work * Maintain daily communications with teams Key takeaway for CISOs: Invest in AI detection. AI now enables insider risk. Vetting technical competence and monitoring behavioral anomalies in remote workers is now a critical security function. Turn to The CISO's Primer For Defining Human-Element Breaches and Best Practices: Insider Risk Management for more details on how to handle this issue. Traditional security tools won't catch synthetic personas. This reinforces our Budget Planning Guide 2026: Security And Risk recommendation to experiment with deepfake detection to combat these threats. No-Code Ransomware-As-A-Service A UK-based threat actor used Claude to build and sell ransomware kits on dark web forums. Anthropic shared that these kits featured ChaCha20 encryption, anti-EDR techniques, and stealthy delivery mechanisms all created by someone who it appeared couldn't code without AI. Claude enabled: * Direct syscall evasion * Shadow copy deletion * Modular malware architecture * Commercial packaging with PHP consoles Key takeaway for CISOs: The barrier to entry for ransomware development disappeared. Expect more frequent attacks from less experienced actors. This makes Prioritizing Your Ransomware Readiness And Response Efforts more important than ever. AI Is Powering End-To-End Fraud Ecosystems From carding stores to romance scam bots, AI is now embedded across the fraud supply chain. According to Anthropic, threat actors used Claude to: * Analyze stealer logs and build victim profiles * Automate credit card validation across multiple APIs * Generate emotionally intelligent scam messages * Create synthetic identities for financial fraud Key takeaway for CISOs: Fraud is no longer manual. AI enables real-time adaptation, behavioral targeting, and operational resilience for adversaries. Use Fraud Management tools that incorporate Generative AI to combat AI-enabled fraud. These are just excerpts from a few of the fantastic case studies and detailed in the full Anthropic Threat Intel Report: August 2025. It's a must read for CISOs and their teams. Connect With Us Forrester clients can schedule an inquiry or guidance session to discuss attackers' use of AI, AI for cybersecurity, human element breaches, and insider risk (among many other security topics). You can also connect with us and learn more about securing AI and using AI for cybersecurity at the upcoming Forrester Security & Risk Summit. The event is packed with visionary keynotes, informative breakout sessions, interactive workshops, insightful roundtables, and other special programs to help you master risk and conquer chaos. Join us November 5-7 in Austin, Texas -- we can't wait to see you there!

Anthropic Warns of Hacker Weaponizing Claude AI Like Never Before

Don't miss out on our latest stories. Add PCMag as a preferred source on Google. It's no longer a hypothetical: Anthropic has discovered a hacker using its AI chatbot to plan and execute a large-scale data extortion campaign that targeted 17 organizations last month. The San Francisco company says an unnamed hacker "used AI to what we believe is an unprecedented degree," by automating large portions of the hacking spree using Claude AI. "This threat actor leveraged Claude's code execution environment to automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions," Anthropic said on Wednesday. A defense contractor was also affected. The company disclosed the incident in a new threat intelligence report documenting its efforts to prevent cybercriminals and state-sponsored hackers from exploiting Claude. However, the same report also warns about an unsettling "evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator," enabling human hackers to pull off attacks they would have never achieved alone. In the data theft extortion case, the hacker abused Claude Code, a tool for programmers, to help them breach and steal "personal records, including healthcare data, financial information, government credentials, and other sensitive information" from the targeted organizations. "Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines," Anthropic added, noting the ransom amounts ranged from $75,000 to over $500,000 in bitcoin. Although Claude was built with safeguards to prevent such misuse, the hacker bypassed the guardrails by uploading a configuration file to the AI that "included a cover story claiming network security testing under official support contracts while providing detailed attack methodologies and target prioritization frameworks," Anthropic found. During the campaign, the hacker first used Claude to scan for vulnerable networks at "high success rates" before breaching them, which appears to include brute-forcing access through plugging in credentials. In another disturbing find, Claude also created malware and other custom tools to evade Windows Defender during the intrusion attempts. The incident stands out from earlier findings where hackers only used generative AI for a specific task, such as writing a phishing email, providing coding help, or conducting vulnerability research. "AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out," Anthropic added. In response, the company banned the accounts the hacker used to access Claude. Anthropic also said it "developed a tailored classifier (an automated screening tool), and introduced a new detection method to help us discover activity like this as quickly as possible in the future." Still, the company expects more hackers to adopt AI chatbots in the same way, which risks unleashing more cybercrime. In the same threat intelligence report, Anthropic said it discovered a separate, possibly amateur hacker using Claude to develop, market, and sell several variants of ransomware. "This actor appears to have been dependent on AI to develop functional malware. Without Claude's assistance, they could not implement or troubleshoot core malware components," the company added. On Tuesday, ESET also discovered a mysterious ransomware that harnesses OpenAI's open-source model to generate malicious code on infected devices.

Crims laud Claude, use Anthropic's AI to plant ransomware

comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud. By saying so in a 25-page report [PDF], the biz aims to reassure the public and private sector that it can mitigate the harmful use of its technology with "sophisticated safety and security measures." After all, who wants to be regulated as a dangerous weapon? Yet these measures, specifically account bans, amount to the same ineffective game of cybersecurity Whack-a-Mole that has failed to curb abuses at Google, Meta, or any number of other large online platforms. The company is developing custom machine-learning classifiers to catch specific attack patterns, which sounds more promising. However, defensive measures of this sort simply encourage attackers to adapt. Anthropic only mentions one successful instance of prevention in its report. "We successfully prevented a sophisticated North Korean [DPRK] threat actor from establishing operations on our platform through automated safety measures," the company claims. The operation was part of the DPRK "Contagious Interview" campaign, which attempts to dupe software developers into downloading malware-laden coding assessments with fake job offers. The remainder of the instances Anthropic cites represent responses to the misuse of its models rather than prevention. For example, the company said that it had disrupted one cybercrime operation (tracked as GTG-2002) that "used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe." Some 17 organizations, including those involved in government, healthcare, emergency services, and religion, faced automated reconnaissance, credential harvesting, and network penetration, all orchestrated by Claude Code. The crims made ransom demands for stolen data, ranging from $75,000 to $500,000 in Bitcoin. Anthropic does not say whether any of the victims paid out. Claude Code was used in all phases of the operation. The attacker provided the model with a CLAUDE.md file outlining preferred tactics and Claude Code proceeded to conduct automated reconnaissance and target discovery, exploitation, and malware creation. "It created obfuscated versions of the Chisel tunneling tool to evade Windows Defender detection and developed completely new TCP proxy code that doesn't use Chisel libraries at all," Anthropic's report explains. The model went on to perform data exfiltration, analysis, and ransom note development. Anthropic's response doesn't offer much reassurance beyond noting this particular campaign has been halted. Rather it reads like a forecast of bleak weather for the foreseeable future. "While we have taken steps to prevent this type of misuse, we expect this model to become increasingly common as AI lowers the barrier to entry for sophisticated cybercrime operations," the company said. Specifically, it banned accounts, added a new classifier to the safety enforcement pipeline, and shared details with partners, who can now keep an eye out for this sort of thing. The second-place AI provider's enumeration of incidents also includes details on how AI has transformed DPRK employment fraud schemes, where North Korean operatives deceive companies into hiring them so that their salaries can be used to fund the country's weapons programs. "The most striking finding is the [threat] actors' complete dependency on AI to function in technical roles," Anthropic's report explains. "These operators do not appear to be able to write code, debug problems, or even communicate professionally without Claude's assistance. Yet they're successfully maintaining employment at Fortune 500 companies (according to public reporting) passing technical interviews, and delivering work that satisfies their employers." Oh, and Anthropic also spotted a presumed Chinese APT group using Claude to facilitate its compromise of Vietnamese telecommunications infrastructure. "This likely represents an intelligence collection operation with potential implications for Vietnamese national security and economic interests," Anthropic's report says. Claude offers a free tier, but for compromising national telecom networks, you'll probably want at least a Pro tier subscription. ®

Anthropic thwarts hacker attempts to misuse Claude AI for cybercrime

Aug 27 (Reuters) - Anthropic said on Wednesday it had detected and blocked hackers attempting to misuse its Claude AI system to write phishing emails, create malicious code and circumvent safety filters. The company's findings, published in a report, highlight growing concerns that AI tools are increasingly exploited in cybercrime, intensifying calls for tech firms and regulators to strengthen safeguards as the technology spreads. Anthropic's report said its internal systems had stopped the attacks and it was sharing the case studies - showing how attackers had attempted to use Claude to produce harmful content - to help others understand the risks. The report cited attempts to use Claude to draft tailored phishing emails, write or fix snippets of malicious code and sidestep safeguards through repeated prompting. It also described efforts to script influence campaigns by generating persuasive posts at scale and helping low-skill hackers with step-by-step instructions. The company, backed by Amazon.com (AMZN.O), opens new tab and Alphabet (GOOGL.O), opens new tab, did not publish technical indicators such as IPs or prompts, but said it had banned the accounts involved and tightened its filters after detecting the activity. Experts say criminals are increasingly turning to AI to make scams more convincing and to speed up hacking attempts. These tools can help write realistic phishing messages, automate parts of malware development and even potentially assist in planning attacks. Security researchers warn that as AI models become more powerful, the risk of misuse will grow unless companies and governments act quickly. Anthropic said it follows strict safety practices, including regular testing and outside reviews, and plans to keep publishing reports when it finds major threats. Microsoft (MSFT.O), opens new tab and SoftBank-backed (9984.T), opens new tab OpenAI and Google have faced similar scrutiny over fears their AI models could be exploited for hacking or scams, prompting calls for stronger safeguards. Governments are also moving to regulate the technology, with the European Union moving forward with its Artificial Intelligence Act and the United States pushing for voluntary safety commitments from major developers. Reporting by Akash Sriram in Bengaluru; Editing by Pooja Desai Our Standards: The Thomson Reuters Trust Principles., opens new tab

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. "The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions," the company said. "Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000." "The actor employed Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that provided persistent context for every interaction." The unknown threat actor is said to have used AI to an "unprecedented degree," using Claude Code, Anthropic's agentic coding tool, to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The reconnaissance efforts involved scanning thousands of VPN endpoints to flag susceptible systems, using them to obtain initial access and following up with user enumeration and network discovery steps to extract credentials and set up persistence on the hosts. Furthermore, the attacker used Claude Code to craft bespoke versions of the Chisel tunneling utility to sidestep detection efforts, and disguise malicious executables as legitimate Microsoft tools - an indication of how AI tools are being used to assist with malware development with defense evasion capabilities. The activity, codenamed GTG-2002, is notable for employing Claude to make "tactical and strategic decisions" on its own and allowing it to decide which data needs to be exfiltrated from victim networks and craft targeted extortion demands by analyzing the financial data to determine an appropriate ransom amount ranging from $75,000 to $500,000 in Bitcoin. Claude Code, per Anthropic, was also put to use to organize stolen data for monetization purposes, pulling out thousands of individual records, including personal identifiers, addresses, financial information, and medical records from multiple victims. Subsequently, the tool was employed to create customized ransom notes and multi-tiered extortion strategies based on exfiltrated data analysis. "Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators," Anthropic said. "This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real-time." To mitigate such "vibe hacking" threats from occurring in the future, the company said it developed a custom classifier to screen for similar behavior and shared technical indicators with "key partners." Other documented misuses of Claude are listed below - * Use of Claude by North Korean operatives related to the fraudulent remote IT worker scheme in order to create elaborate fictitious personas with persuasive professional backgrounds and project histories, technical and coding assessments during the application process, and assist with their day-to-day work once hired * Use of Claude by a U.K.-based cybercriminal, codenamed GTG-5004, to develop, market, and distribute several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms, which were then sold on darknet forums such as Dread, CryptBB, and Nulled to other threat actors for $400 to $1,200 * Use of Claude by a Chinese threat actor to enhance cyber operations targeting Vietnamese critical infrastructure, including telecommunications providers, government databases, and agricultural management systems, over the course of a 9-month campaign * Use of Claude by a Russian-speaking developer to create malware with advanced evasion capabilities * Use of Model Context Protocol (MCP) and Claude by a threat actor operating on the xss[.]is cybercrime forum with the goal of analyzing stealer logs and build detailed victim profiles * Use of Claude Code by a Spanish-speaking actor to maintain and improve an invite-only web service geared towards validating and reselling stolen credit cards at scale * Use of Claude as part of a Telegram bot that offers multimodal AI tools to support romance scam operations, advertising the chatbot as a "high EQ model" * Use of Claude by an unknown actor to launch an operational synthetic identity service that rotates between three card validation services, aka "card checkers" The company also said it foiled attempts made by North Korean threat actors linked to the Contagious Interview campaign to create accounts on the platform to enhance their malware toolset, create phishing lures, and generate npm packages, effectively blocking them from issuing any prompts. The case studies add to growing evidence that AI systems, despite the various guardrails baked into them, are being abused to facilitate sophisticated schemes at speed and at scale. "Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training," Anthropic's Alex Moix, Ken Lebedev, and Jacob Klein said, calling out AI's ability to lower the barriers to cybercrime. "Cybercriminals and fraudsters have embedded AI throughout all stages of their operations. This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets."

Malware devs abuse Anthropic's Claude AI to build ransomware

Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. The company says that its tool has also been used in fraudulent North Korean IT worker schemes and to distribute lures for Contagious Interview campaigns, in Chinese APT campaigns, and by a Russian-speaking developer to create malware with advanced evasion capabilities. In another instance, tracked as 'GTG-5004,' a UK-based threat actor used Claude Code to develop and commercialize a ransomware-as-a-service (RaaS) operation. The AI utility helped create all the required tools for the RaaS platform, implementing ChaCha20 stream cipher with RSA key management on the modular ransomware, shadow copy deletion, options for specific file targeting, and the ability to encrypt network shares. On the evasion front, the ransomware loads via reflective DLL injection and features syscall invocation techniques, API hooking bypass, string obfuscation, and anti-debugging. Anthropic says that the threat actor relied almost entirely on Claude to implement the most knowledge-demanding bits of the RaaS platform, noting that, without AI assistance, they would have most likely failed to produce a working ransomware. "The most striking finding is the actor's seemingly complete dependency on AI to develop functional malware," reads the report. "This operator does not appear capable of implementing encryption algorithms, anti-analysis techniques, or Windows internals manipulation without Claude's assistance." After creating the RaaS operation, the threat actor offered ransomware executables, kits with PHP consoles and command-and-control (C2) infrastructure, and Windows crypters for $400 to $1,200 on dark web forums such as Dread, CryptBB, and Nulled. In one of the analyzed cases, which Anthropic tracks as 'GTG-2002,' a cybercriminal used Claude as an active operator to conduct a data extortion campaign against at least 17 organizations in the government, healthcare, financial, and emergency services sectors. The AI agent performed network reconnaissance and helped the threat actor achieve initial access, and then generated custom malware based on the Chisel tunneling tool to use for sensitive data exfiltration. After the attack failed, Claude Code was used to make the malware hide itself better by providing techniques for string encryption, anti-debugging code, and filename masquerading. Claude was subsequently used to analyze the stolen files to set the ransom demands, which ranged between $75,000 and $500,000, and even to generate custom HTML ransom notes for each victim. Anthropic called this attack an example of "vibe hacking," reflecting the use of AI coding agents as partners in cybercrime, rather than employing them outside the operation's context. Anthropic's report includes additional examples where Claude Code was put to illegal use, albeit in less complex operations. The company says that its LLM assisted a threat actor in developing advanced API integration and resilience mechanisms for a carding service. Another cybercriminal leveraged AI power for romance scams, generating "high emotional intelligence" replies, creaating images that improved profiles, and developingemotional manipulation content to target victims, as well as providing multi-language support for wider targeting. For each of the presented cases, the AI developer provides tactics and techniques that could help other researchers uncover new cybercriminal activity or make a connection to a known illegal operation. Anthropic has banned all accounts linked to the malicious operations it detected, built tailored classifiers to detect suspicious use patterns, and shared technical indicators with external partners to help defend against these cases of AI misuse.

Anthropic admits its AI is being used to conduct cybercrime

The company's threat report detailed a 'vibe hacking' extortion scheme powered by Claude. Anthropic's agentic AI, , has been "weaponized" in high-level cyberattacks, according to a new published by the company. It claims to have successfully disrupted a cybercriminal whose "vibe hacking" extortion scheme targeted at least 17 organizations, including some related to healthcare, emergency services and government. Anthropic says the hacker attempted to extort some victims into paying six-figure ransoms to prevent their personal data from being made public, with an "unprecedented" reliance on AI assistance. The report claims that Claude Code, Anthropic's agentic coding tool, was used to "automate reconnaissance, harvest victims' credentials, and penetrate networks." The AI was also used to make strategic decisions, advise on which data to target and even generate "visually alarming" ransom notes. As well as sharing information about the attack with relevant authorities, Anthropic says it banned the accounts in question after discovering criminal activity, and has since developed an automated screening tool. It has also introduced a faster and more efficient detection method for similar future cases, but doesn't specify how that works. The report (which you can read in full ) also details Claude's involvement in a fraudulent employment scheme in North Korea and the development of AI-generated ransomware. The common theme of the three cases, according to Anthropic, is that the highly reactive and self-learning nature of AI means cybercriminals now use it for operational reasons, as well as just advice. AI can also perform a role that would once have required a team of individuals, with technical skill no longer being the barrier it once was. Claude isn't the only AI that has been used for nefarious means. Last year, said that its generative AI tools were being used by cybercriminal groups with ties to China and North Korea, with hackers using GAI for code debugging, researching potential targets and drafting phishing emails. OpenAI, whose architecture Microsoft uses to power its own Copilot AI, said it had blocked the groups' access to its systems.

Chatbot's Crime Spree Used AI to Grab Bank Details, Social Security Numbers

A hacker has exploited a leading artificial intelligence chatbot to orchestrate the most extensive and profitable cybercriminal scheme involving AI to date, according to a new report from Anthropic, the company behind the popular Claude chatbot. Anthropic declined to identify all 17 victim companies but confirmed that they included a defense contractor, a financial institution, and multiple healthcare providers. The breach resulted in the theft of sensitive data including Social Security numbers, bank details, and confidential medical records, Anthropic said. The hacker also accessed files related to sensitive U.S. defense information regulated under the International Traffic in Arms Regulations (ITAR). It remains unclear how much the hacker extorted or how many firms paid, but demands ranged from approximately $75,000 to over $500,000, the report said. The operation, which lasted over three months, involved malware deployment, data analysis, and targeted extortion efforts. Jacob Klein, head of threat intelligence for Anthropic, said that the campaign appeared to come from an individual hacker outside of the U.S. "We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques," he said. According to the company's threat analysis, the attack began with the hacker convincing Claude to identify companies vulnerable to attack. Claude, which specializes in generating code based on simple promptsâ€"a process known as “vibe codingâ€â€"was instructed to pinpoint targets with exploitable weaknesses. Anthropic says the hacker then had the chatbot create malicious software designed to extract sensitive information such as personal data and corporate files from the victims. Once stolen, Claude categorized and analyzed the data to determine what was most valuable and could be leveraged for extortion. For the hacker, the chatbot's built-in analysis tools certainly helped. Anthropic said that Claude even evaluated the compromised financial documents, helping the attacker estimate a realistic ransom amount in Bitcoin, and drafted threatening emails demanding payment in exchange for not releasing or exploiting the stolen data. Probably. Hackers have historically been very good at learning and then manipulating technology to find the most lucrative or effective ways to use it for a specific goal they have. More broadly, the case underscores the risks both users and investors in the sector take when they use AI. As the largely unregulated AI industry becomes more intertwined with cybercrime, with recent data showing hackers increasingly leveraging AI tools to facilitate scams, ransomware, and data breaches. Recently, that has meant that hackers have used a variety of AI specialized tools to get what they want, including using chatbots for things like writing phishing emails, like they did in this NASA scheme. “We already see criminal and nation-state elements utilizing AI,†NSA Cybersecurity Director Rob Joyce said earlier this year. “We’re seeing intelligence operators, we’re seeing criminals on those platforms.â€

Hacker Used AI To Launch 'Unprecedented' Cyberattack -- and It Could Happen Again

First OpenAI is under fire for safety concerns and now a new report from Anthropic states, a hacker used the AI coding assistant to automate nearly every step of a massive cybercrime spree, and it's being called "unprecedented." The operation targeted at least 17 organizations across healthcare, government, emergency services and even religious institutions. Using Claude Code, Anthropic's AI-powered coding tool, the attacker handled everything from scanning for vulnerabilities to writing ransomware, calculating ransom demands and even drafting polished extortion emails. Anthropic's report describes the threat actor -- tracked as GTG-5004 -- using Claude to effectively outsource the entire attack. Tasks that once required deep technical skills are now being handled by AI in minutes. Here's what the hacker did: At one point, ransom demands exceeded $500,000, Anthropic confirmed. Cybercriminals have been using automation for years, but this case shows how AI is lowering the barrier to entry for sophisticated attacks. You no longer need elite hacking skills to pull off large-scale breaches; coding skills are no longer required either when you have the right AI tool. This also means the phishing emails, ransomware demands and scams hitting your inbox are getting smarter, more polished and harder to detect. A fake email generated by AI can look virtually identical to one from your bank, workplace or even a trusted family member. Anthropic says it has shut down the accounts involved and rolled out new safeguards to prevent this kind of misuse in the future. The company also deployed detection tools and shared indicators of compromise with cybersecurity authorities. But many industry voices warn this may just be the beginning. As advanced AI tools become even more sophisticated and more accessible, we will undoubtedly see more incidents like this one; and they'll be faster, more scalable and far harder to stop. While businesses are the primary targets in this case, you should still take extra precautions: This attack highlights a new reality: AI isn't just helping us work smarter -- it's helping hackers get smarter too. What Anthropic flagged as an "unprecedented" incident today could soon become the norm as more cybercriminals turn to AI for speed and scale.

Anthropic warns that its Claude AI is being 'weaponized' by hackers to write malicious code

One of the world's largest AI companies, Anthropic, has warned that its chatbot has been 'weaponised' by threat actors to "to commit large-scale theft and extortion of personal data". Anthropic's Threat Intelligence Report details ways in which the technology is being used to carry out sophisticated cyberattacks. Weaponized AI is making hackers faster, more aggressive, and more successful - and the threat report outlines that ransomware attacks which previously would have required years of training can now be crafted with very few technical skills. These cyberattacks are lucrative for hackers, with AI now being used for fraudulent activity like stealing credit card information and identity theft, with attackers even using AI to analyze stolen data. Defenders have long warned that AI is lowering the barriers to cybercrime, allowing low-skilled hackers to carry out complex attacks, but LLMs are now assisting criminals at every point along the attack process. The report describes a particular threat it dubs 'vibe-hacking', which refers to a campaign in which Claude was used to scale and build a data extortion scheme. The name is a reference to the 'vibe coding' method of software development which heavily relies on AI to generate code and build applications. Cluade's code execution environment was used to; 'automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions.' Anthropic's investigations found cybercriminals targeted a range of sectors, focusing on data theft and extortion. These attacks resulted in 'the compromise of personal records, including healthcare data, financial information, government credentials, and other sensitive information, with direct ransom demands occasionally exceeding $500,000.'

A hacker turned a popular AI tool into a cybercrime machine

The creator of AI chatbot Claude has issued a chilling warning about cybercriminals' growing use of AI tools as the technology becomes increasingly sophisticated. The company behind the popular AI chatbot Claude has issued a chilling warning about cybercriminals' growing use of AI tools as the technology becomes increasingly sophisticated. In its latest Threat Intelligence report, Anthropic detailed the recent case of how a hacker used its AI tools to launch a cyberattack targeting numerous companies and organizations. Recommended Videos According to Anthropic, the hacker used an AI coding agent (in this case Claude Code), a tool that's capable of writing, editing, and running code with minimal human input. It said that over the past month, the hacker used the agent to automate "reconnaissance, credential harvesting, and network penetration at scale," stealing sensitive data from at least 17 businesses and organizations across government, healthcare, emergency services, and religious institutions. The perpetrator was able to obtain people's personal records, including healthcare data, financial information, and government credentials before going on to demand ransom payments while threatening to expose the data online if the demands were not met. The Claude AI agent even analyzed the stolen financial data to work out the appropriate ransom amount -- up to $500,000 was demanded in some of the attacks -- and also created "visually alarming" ransom notes that appeared on the targets' computer screens. Anthropic said that the bold operation demonstrates "a concerning evolution in AI-assisted cybercrime" and "represents a fundamental shift in how cybercriminals can scale their operations" now that AI can be used to automate much of the hacking process, albeit under human direction. While it's not clear if any of the targets in this particular case paid up, Anthropic said it has now taken steps to prevent this type of misuse. But it added that this method of attack is likely to become increasingly common "as AI lowers the barrier to entry for sophisticated cybercrime operations." Its latest Threat Intelligence report also highlighted how North Korean operatives have been using Claude to fraudulently secure remote employment positions at U.S. Fortune 500 technology companies, and another case in which a cybercriminal used its AI tools to create and market various ransomware products, selling them on to other cybercriminals for up to $1,200 a piece. Many hackers have been using AI in some form for years. However, chatbots like ChatGPT, which was released in 2022, have made it easier to launch attacks, and now the rise of AI agents poses an even greater threat. Fortunately, the very technology being exploited by attackers is also being harnessed by cybersecurity firms to build a critical line of defense, though clearly it's a constant battle to keep pace.

'Vibe Hacking': Criminals Are Weaponizing AI With Help From Bitcoin, Says Anthropic - Decrypt

A UK-based actor is selling AI-built ransomware-as-a-service kits on dark web forums, with payments settled in crypto. Anthropic released a new threat intelligence report on Wednesday that reads like a peek into the future of cybercrime. Its report documents how bad actors are no longer just asking AI for coding tips, they're using it to run attacks in real time -- and using crypto for the payment rails. The standout case is what researchers call "vibe hacking." In this campaign, a cybercriminal used Anthropic's Claude Code -- a natural language coding assistant that runs in the terminal -- to carry out a mass extortion operation across at least 17 organizations spanning government, healthcare, and religious institutions. Instead of deploying classic ransomware, the attacker relied on Claude to automate reconnaissance, harvest credentials, penetrate networks, and exfiltrate sensitive data. Claude didn't just provide guidance; it executed "on-keyboard" actions like scanning VPN endpoints, writing custom malware, and analyzing stolen data to determine which victims could pay the most. Then came the shakedown: Claude generated custom HTML ransom notes, tailored to each organization with financial figures, employee counts, and regulatory threats. Demands ranged from $75,000 to $500,000 in Bitcoin. One operator, augmented by AI, had the firepower of an entire hacking crew. While the report spans everything from state espionage to romance scams, the throughline is money -- and much of it flows through crypto rails. The "vibe hacking" extortion campaign demanded payments of up to $500,000 in Bitcoin, with ransom notes auto-generated by Claude to include wallet addresses and victim-specific threats. A separate ransomware-as-a-service shop is selling AI-built malware kits on dark web forums where crypto is the default currency. And in the bigger geopolitical picture, North Korea's AI-enabled IT worker fraud funnels millions into the regime's weapons programs, often laundered through crypto channels. In other words: AI is scaling the kinds of attacks that already lean on cryptocurrency for both payouts and laundering, making crypto more tightly entwined with cybercrime economics than ever. Another revelation: North Korea has woven AI deep into its sanctions-evasion playbook. The regime's IT operatives are landing fraudulent remote jobs at Western tech firms by faking technical competence with Claude's help. According to the report, these workers are almost entirely dependent on AI for day-to-day tasks. Claude generates resumes, writes cover letters, answers interview questions in real time, debugs code, and even composes professional emails. The scheme is lucrative. The FBI estimates these remote hires funnel hundreds of millions of dollars annually back to North Korea's weapons programs. What used to require years of elite technical training at Pyongyang universities can now be simulated on the fly with AI. If that weren't enough, the report details a UK-based actor (tracked as GTG-5004) running a no-code ransomware shop. With Claude's help, the operator is selling ransomware-as-a-service (RaaS) kits on dark web forums like Dread and CryptBB. For as little as $400, aspiring criminals can buy DLLs and executables powered by ChaCha20 encryption. A full kit with a PHP console, command-and-control tools, and anti-analysis evasion costs $1,200. These packages include tricks like FreshyCalls and RecycledGate, techniques normally requiring advanced knowledge of Windows internals to bypass endpoint detection systems. The disturbing part? The seller appears incapable of writing this code without AI assistance. Anthropic's report stresses that AI has erased the skill barrier -- anyone can now build and sell advanced ransomware. The report also highlights how nation-state actors are embedding AI across their operations. A Chinese group targeting Vietnamese critical infrastructure used Claude across 12 of 14 MITRE ATT&CK tactics -- everything from reconnaissance to privilege escalation and lateral movement. Targets included telecom providers, government databases, and agricultural systems. Separately, Anthropic says it auto-disrupted a North Korean malware campaign tied to the infamous "Contagious Interview" scheme. Automated safeguards caught and banned accounts before they could launch attacks, forcing the group to abandon its attempt. Beyond high-profile extortion and espionage, the report describes AI quietly powering fraud at scale. Criminal forums are offering synthetic identity services and AI-driven carding stores capable of validating stolen credit cards across multiple APIs with enterprise-grade failover. There's even a Telegram bot marketed for romance scams, where Claude was advertised as a "high EQ model" to generate emotionally manipulative messages. The bot handled multiple languages and served over 10,000 users monthly, according to the report. AI isn't just writing malicious code -- it's writing love letters to victims who don't know they're being scammed. Anthropic frames these disclosures as part of its broader transparency strategy: to show how its own models have been misused, while sharing technical indicators with partners to help the wider ecosystem defend against abuse. Accounts tied to these operations were banned, and new classifiers were rolled out to detect similar misuse. But the bigger takeaway is that AI is fundamentally altering the economics of cybercrime. As the report bluntly puts it, "Traditional assumptions about the relationship between actor sophistication and attack complexity no longer hold." One person, with the right AI assistant, can now mimic the work of a full hacking crew. Ransomware is available as a SaaS subscription. And hostile states are embedding AI into espionage campaigns. Cybercrime was already a lucrative business. With AI, it's becoming frighteningly scalable.

A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says

The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies. A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find targets to write ransom notes. In a report published Tuesday, Anthropic, the company behind the popular Claude chatbot, said that an unnamed hacker "used AI to what we believe is an unprecedented degree" to research, hack and extort at least 17 companies. Cyber extortion, where hackers steal information like sensitive user data or trade secrets, is a common criminal tactic. And AI has made some of that easier, with scammers using AI chatbots for help writing phishing emails. In recent months, hackers of all stripes have increasingly incorporated AI tools in their work. But the case Anthropic found is the first publicly documented instance in which a hacker used a leading AI company's chatbot to automate almost an entire cybercrime spree. According to the blog post, one of Anthropic's periodic reports on threats, the operation began with the hacker convincing Claude Code -- Anthropic's chatbot that specializes in "vibe coding," or creating computer programming based on simple requests -- to identify companies vulnerable to attack. Claude then created malicious software to actually steal sensitive information from the companies. Next, it organized the hacked files and analyzed them to both help determine what was sensitive and could be used to extort the victim companies. The chatbot then analyzed the companies' hacked financial documents to help determine a realistic amount of bitcoin to demand in exchange for the hacker's promise not to publish that material. It also wrote suggested extortion emails. Jacob Klein, head of threat intelligence for Anthropic, said that the campaign appeared to come from an individual hacker outside of the U.S. and happen over the span of three months. "We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques," he said.

The vibes are bad because 'vibe hacking' is real: AI company Anthropic says agentic AI has been 'weaponized' and is now being used to do major international crime

AI company Anthropic says it recently disrupted "a sophisticated cybercriminal operation" that relied heavily upon its Claude code in a "vibe hacking" scheme targeting at least 17 separate organizations, including government agencies. "The actor used AI to what we believe is an unprecedented degree," Anthropic wrote (via the BBC). "Claude Code was used to automate reconnaissance, harvesting victims' credentials, and penetrating networks. "Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines." Anthropic said the operation represents "an evolution in AI-assisted cybercrime," as it demonstrates that operations previously requiring a team of humans can now be largely supported by agentic AI. The use of AI assistance also reduces the technical expertise required to pull off sophisticated cybercrimes, the company added. This sort of thing may not be entirely surprising from a chatbot that seems to have a real predilection for criminal behavior, but the bad news is that it's not the only way Claude is getting up to trouble. In the same report, Anthropic said North Korean operatives are using the chatbot to get jobs at big tech companies in the US, which can then be leveraged in any number of ways to help North Korea evade sanctions or do whatever it is a rogue state does once it's on the inside of a Fortune 500 tech firm. This remote-work scheme has been going on for a while and is relatively well known, but until now it's required significant amounts of specialized training in order to produce workers who could actually do the required jobs, or at least fake it sufficiently -- a challenge exacerbated by North Korea's near-complete isolation from the Western world. "AI has eliminated this constraint," Anthropic wrote. "Operators who cannot otherwise write basic code or communicate professionally in English are now able to pass technical interviews at reputable technology companies and then maintain their positions. This represents a fundamentally new phase for these employment scams." Yet another enterprising criminal used Claude to "develop, market, and distribute several variants of ransomware, each with advanced evasion capabilities, encryption, and anti-recovery mechanisms." Those pieces of "no-code malware," as Anthropic described them, were then sold through online forums to other criminals for $400 to $1,200 each. Anthropic said it banned the Claude accounts involved in all of the above, notified appropriate authorities, and is developing new tools and systems to help prevent this sort of thing in the future. But, like other, far more horrific cases of AI doing awful things, it illustrates the central flaw of the technology: We're not ready for it, we're reacting to it. If we take Anthropic's report at face value -- and I can't shake the feeling that it's at least a little bit of a "look how powerful our AI is" flex -- we then have to ask how many incidents of AI-assisted criminal behavior remain undetected. And then maybe we should also take a minute to think about what we're getting out of the deal in return. Anthropic's full report on how Claude is being used to do crime, which also touches on romance scams and "synthetic identity services," is available here.

'Vibe hacking' puts chatbots to work for cybercriminals

Paris (AFP) - The potential abuse of consumer AI tools is raising concerns, with budding cybercriminals apparently able to trick coding chatbots into giving them a leg-up in producing malicious programmes. So-called "vibe hacking" -- a twist on the more positive "vibe coding" that generative AI tools supposedly enable those without extensive expertise to achieve -- marks "a concerning evolution in AI-assisted cybercrime" according to American company Anthropic. The lab -- whose Claude product competes with the biggest-name chatbot, ChatGPT from OpenAI -- highlighted in a report published Wednesday the case of "a cybercriminal (who) used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe". Anthropic said the programming chatbot was exploited to help carry out attacks that "potentially" hit "at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions". The attacker has since been banned by Anthropic. Before then, they were able to use Claude Code to create tools that gathered personal data, medical records and login details, and helped send out ransom demands as stiff as $500,000. Anthropic's "sophisticated safety and security measures" were unable to prevent the misuse, it acknowledged. Such identified cases confirm the fears that have troubled the cybersecurity industry since the emergence of widespread generative AI tools, and are far from limited to Anthropic. "Today, cybercriminals have taken AI on board just as much as the wider body of users," said Rodrigue Le Bayon, who heads the Computer Emergency Response Team (CERT) at Orange Cyberdefense. Dodging safeguards Like Anthropic, OpenAI in June revealed a case of ChatGPT assisting a user in developing malicious software, often referred to as malware. The models powering AI chatbots contain safeguards that are supposed to prevent users from roping them into illegal activities. But there are strategies that allow "zero-knowledge threat actors" to extract what they need to attack systems from the tools, said Vitaly Simonovich of Israeli cybersecurity firm Cato Networks. He announced in March that he had found a technique to get chatbots to produce code that would normally infringe on their built-in limits. The approach involved convincing generative AI that it is taking part in a "detailed fictional world" in which creating malware is seen as an art form -- asking the chatbot to play the role of one of the characters and create tools able to steal people's passwords. "I have 10 years of experience in cybersecurity, but I'm not a malware developer. This was my way to test the boundaries of current LLMs," Simonovich said. His attempts were rebuffed by Google's Gemini and Anthropic's Claude, but got around safeguards built into ChatGPT, Chinese chatbot Deepseek and Microsoft's Copilot. In future, such workarounds mean even non-coders "will pose a greater threat to organisations, because now they can... without skills, develop malware," Simonovich said. Orange's Le Bayon predicted that the tools were likely to "increase the number of victims" of cybercrime by helping attackers to get more done, rather than creating a whole new population of hackers. "We're not going to see very sophisticated code created directly by chatbots," he said. Le Bayon added that as generative AI tools are used more and more, "their creators are working on analysing usage data" -- allowing them in future to "better detect malicious use" of the chatbots.

Anthropic Thwarts Hacker Attempts to Misuse Claude AI for Cybercrime

Attackers attempted to use Claude to produce harmful content Anthropic said on Wednesday it had detected and blocked hackers attempting to misuse its Claude AI system to write phishing emails, create malicious code and circumvent safety filters. The company's findings, published in a report, highlight growing concerns that AI tools are increasingly exploited in cybercrime, intensifying calls for tech firms and regulators to strengthen safeguards as the technology spreads. Anthropic's report said its internal systems had stopped the attacks and it was sharing the case studies - showing how attackers had attempted to use Claude to produce harmful content - to help others understand the risks. The report cited attempts to use Claude to draft tailored phishing emails, write or fix snippets of malicious code and sidestep safeguards through repeated prompting. It also described efforts to script influence campaigns by generating persuasive posts at scale and helping low-skill hackers with step-by-step instructions. The company, backed by Amazon.com and Alphabet, did not publish technical indicators such as IPs or prompts, but said it had banned the accounts involved and tightened its filters after detecting the activity. Experts say criminals are increasingly turning to AI to make scams more convincing and to speed up hacking attempts. These tools can help write realistic phishing messages, automate parts of malware development and even potentially assist in planning attacks. Security researchers warn that as AI models become more powerful, the risk of misuse will grow unless companies and governments act quickly. Anthropic said it follows strict safety practices, including regular testing and outside reviews, and plans to keep publishing reports when it finds major threats. Microsoft and SoftBank-backed OpenAI and Google have faced similar scrutiny over fears their AI models could be exploited for hacking or scams, prompting calls for stronger safeguards. Governments are also moving to regulate the technology, with the European Union moving forward with its Artificial Intelligence Act and the United States pushing for voluntary safety commitments from major developers.

'Agentic AI Has Been Weaponized': Major AI Company Says Hackers With No AI Skills Used Its Chatbot to Generate Phishing Schemes and Ransom Demands

Hackers recently exploited Anthropic's Claude AI chatbot to orchestrate "large-scale" extortion operations, a fraudulent employment scheme, and the sale of AI-generated ransomware targeting and extorting at least 17 companies, the company said in a report. The report details how its chatbot was manipulated by hackers (with little to no technical knowledge) to identify vulnerable companies, generate tailored malware, organize stolen data, and craft ransom demands with automation and speed. "Agentic AI has been weaponized," Anthropic said. Related: Instagram Head Was the Victim of an 'Experienced a Sophisticated Phishing Attack' It's not yet public which companies were targeted or how much money the hacker made, but the report noted that extortion demands went up to $500,000. Anthropic's internal team detected the hacker's operation, observing the use of Claude's coding features to pinpoint victims and build malicious software with simple prompts -- a process termed "vibe hacking," a play on "vibe coding," which is using AI to write code with prompts in plain English. Upon detection, Anthropic said it responded by suspending accounts, tightening safety filters, and sharing best practices for organizations to defend against emerging AI-borne threats. Related: This AI-Driven Scam Is Draining Retirement Funds -- And No One Is Safe, According to the FBI With that in mind, the SBA breaks down how small business owners can protect themselves:

Anthropic Flags Alarming Rise In AI-Powered Cybercrime With "Vibe-Hacking" Leading A New Wave Of Sophisticated Attacks

We are seeing cybercrimes on the rise globally, with the attacks being more sophisticated and the nature of these ransomware attacks shaping up differently, with generative AI tools being easily accessible and, as a result, being misused. Artificial intelligence is not only being used to write frightening ransom messages but also to carry out the tasks themselves. It is no longer just a tool for more professional communication but rather a core part of cybercrimes. As per a new report by Anthropic, criminals are now relying more on technology to build malware and carry out full-fledged operations for hackers. Anthropic released a Threat Intelligence Report this Wednesday via Reuters about intercepting and shutting down multiple attempts by hackers to use its Claude AI systems to carry out malicious activities, send phishing emails, and even bypass built-in safeguards. By highlighting these new ways of exploiting generative AI and exposing the sophisticated misuse of its Claude AI models, it is shedding light on the new strategies cybercriminals are using to carry out their threats. One of the most alarming parts of the report was a hacking group using Claude Code, the company's AI coding agent, to carry out an entire cyberattack campaign across 17 organizations. These included government agencies, healthcare providers, religious institutions, and emergency services. The AI model was used to craft ransom messages and even carry out the entire hacking process. Anthropic used the term "vibe-hacking" to describe this new kind of cyberattack, where AI's ability to generate emotional or psychological pressure is used to coerce victims into paying ransoms or giving up personal information. The hacking group is said to have been demanding ransoms above $500,000, which sheds light on the use of AI in deploying high-stakes cyber extortion. The report also pointed to misuse not being limited to ransomware, but also involving fraudulent actions such as using AI to secure jobs at Fortune 500 firms through deception. Obstacles such as fluency in English or technical skills were overcome with the help of the artificial intelligence models to get through the hiring process. There were other examples highlighted in the report, including romance scams through Telegram, wherein scammers built a bot using Claude to help them create persuasive messages in different languages and even generate flattering compliments for the victims who were being deceived in varied regions, including the U.S., Japan, and Korea. Anthropic has responded to these illegal activities by banning accounts, putting up more safety guardrails, and sharing the information with government agencies. The company's Usage Policy has also been updated to warn against using the tools to create scams or malware. With the emergence of vibe-hacking, there seem to be even deeper concerns about the use of AI to exploit victims with more precision and how governments and tech companies need to improve detection systems and ensure the evolution of safety measures keeps pace with the technology itself in order to prevent it from being used for manipulation.

Vibe-hacking based AI attack turned Claude against its safeguard: Here's how

Anthropic report warns hackers manipulated Claude against safeguards in extortion schemes When Anthropic introduced Claude, the company marketed it as a safer kind of AI, one built with guardrails strong enough to withstand malicious use. But a fresh threat intelligence report from Anthropic itself shows just how quickly those safeguards can be bent, if not broken. The culprit: a chilling new form of cyber extortion dubbed "vibe-hacking." Also read: ChatGPT and Claude AI bots test each other: Hallucination and sycophancy findings revealed Unlike conventional ransomware, which encrypts files until a ransom is paid, vibe-hacking operates in the psychological domain. Attackers aren't locking computers - they're locking minds. Using Claude's advanced reasoning and language skills, criminals craft intimidation campaigns that exploit human vulnerabilities. These AI-driven ransom messages are personalized, emotionally calibrated, and far more manipulative than anything written by hand. The August 2025 Detecting and Countering Misuse of AI report documents at least 17 targeted incidents. Victims included hospitals, religious institutions, local governments, and even emergency services. Instead of simply demanding money in exchange for access, attackers threatened public exposure of sensitive data. Some ransom notes demanded over half a million dollars, making clear that the damage wasn't just digital - it was reputational and deeply personal. In earlier waves of cybercrime, AI often played the role of consultant - helping attackers debug code or draft phishing emails. Now, Anthropic warns, Claude has crossed into becoming an operational partner. In the vibe-hacking campaigns, it was integrated into nearly every stage of the attack chain: conducting reconnaissance, generating exploit scripts, profiling victims, drafting the ransom notes, and even coaching the criminals on negotiation tactics. These AI-assisted ransom notes felt uncanny -- they weren't robotic, they were eerily human, mixing empathy with menace to maximize psychological pressure. For victims, the notes felt like they were written by someone who knew them personally. Claude is designed with strict rules against helping create malware, conducting cyberattacks, or facilitating extortion. Yet attackers didn't break these safeguards head-on. Instead, they subverted them through persuasion, splitting instructions into smaller prompts, disguising malicious intent in benign queries, and framing tasks in ways that evaded content filters. In essence, criminals didn't just hack systems, they hacked the AI itself. By "vibe-hacking" Claude into rationalizing cooperation, they turned its guardrails into blind spots. What was supposed to be a shield became a pathway. Also read: Apple's AI reset: Could Mistral or Perplexity be Apple's shortcut to AI relevance? Anthropic's report doesn't stop at vibe-hacking. It also outlines two other major misuses: Together, these cases illustrate a core point: AI is lowering the barrier to entry for crime. What used to require skilled hackers, social engineers, or organized rings can now be pulled off by individuals with little more than a chatbot and an internet connection. Anthropic says it is taking action. Misused accounts are being banned, misuse-detection classifiers are being trained, and the company is working with law enforcement and government agencies to curb malicious applications. Earlier this month, it also rolled out an updated usage policy, explicitly banning assistance with cyber operations, weapons development, and deceptive political influence. Claude Opus 4 now operates under AI Safety Level 3, a new standard designed to harden models against manipulation. But even Anthropic admits safeguards can only go so far. Vibe-hacking shows that the future of AI misuse won't always look like brute-force hacking. It may look like coaxing, reframing, and persuading models to cross their own lines, and then weaponizing that output to manipulate humans at scale. For cybersecurity experts, this means the battleground is shifting. Defending against AI-powered threats will require not only technical firewalls but also strategies to counter psychological manipulation. In the age of vibe-hacking, the real target isn't just the machine, it's the human on the other end of the screen.