Anthropic Uncovers 'Vibe Hacking': AI-Powered Cybercrime Reaches New Heights

Anthropic Warns of New 'Vibe Hacking' Attacks That Use Claude AI

In its Threat Intelligence Report, Anthropic lists a highly scalable form of extortion scheme as one of the top emerging AI security threats. Anthropic, the company behind the popular AI model Claude, said in a new Threat Intelligence Report that it disrupted a 'Vibe Hacking' extortion scheme. In the report, the company detailed how the attack was carried out, allowing hackers to scale up a mass attack against 17 targets including entities in government, healthcare, emergency services and religious organizations. (You can read the full report in this PDF file.) Anthropic says that its Claude AI technology was used as both a "technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually." Claude was used to "automate reconnaissance, credential harvesting, and network penetration at scale," the report said. Making the findings more disturbing is that so-called Vibe Hacking was considered to be a future threat, with some experts believing it was not yet possible. What Anthropic shared in its report may represent a major shift in how AI models and agents are used to scale up massive cyberattacks, ransomware schemes or extortion scams. Separately, Anthropic has also recently been dealing with other AI issues, namely settling a lawsuit by authors claiming Claude was trained on their copyrighted materials. Another company, Perplexity, has been dealing with its own security issues as its Comet AI browser was shown to have a major vulnerability.

'Vibe-hacking' is now a top AI threat

"Agentic AI systems are being weaponized." That's one of the first lines of Anthropic's new Threat Intelligence report, out today, which details the wide range of cases in which Claude -- and likely many other leading AI agents and chatbots -- are being abused. First up: "Vibe-hacking." One sophisticated cybercrime ring that Anthropic says it recently disrupted used Claude Code, Anthropic's AI coding agent, to extort data from at least 17 different organizations around the world within one month. The hacked parties included healthcare organizations, emergency services, religious institutions, and even government entities. "If you're a sophisticated actor, what would have otherwise required maybe a team of sophisticated actors, like the vibe-hacking case, to conduct -- now, a single individual can conduct, with the assistance of agentic systems," Jacob Klein, head of Anthropic's threat intelligence team, told The Verge in an interview. He added that in this case, Claude was "executing the operation end-to-end." Anthropic wrote in the report that in cases like this, AI "serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually." For example, Claude was specifically used to write "psychologically targeted extortion demands." Then the cybercriminals figured out how much the data -- which included healthcare data, financial information, government credentials, and more -- would be worth on the dark web and made ransom demands exceeding $500,000, per Anthropic. "This is the most sophisticated use of agents I've seen ... for cyber offense," Klein said. In another case study, Claude helped North Korean IT workers fraudulently get jobs at Fortune 500 companies in the U.S. in order to fund the country's weapons program. Typically, in such cases, North Korea tries to leverage people who have been to college, have IT experience, or have some ability to communicate in English, per Klein -- but he said that in this case, the barrier is much lower for people in North Korea to pass technical interviews at big tech companies and then keep their jobs. With the assistance of Claude, Klein said, "we're seeing people who don't know how to write code, don't know how to communicate professionally, know very little about the English language or culture, who are just asking Claude to do everything ... and then once they land the job, most of the work they're actually doing with Claude is maintaining the job." Another case study involved a romance scam. A Telegram bot with more than 10,000 monthly users advertised Claude as a "high EQ model" for help generating emotionally intelligent messages, ostensibly for scams. It enabled non-native English speakers to write persuasive, complimentary messages in order to gain the trust of victims in the U.S., Japan, and Korea, and ask them for money. One example in the report showed a user uploading an image of a man in a tie and asking how best to compliment him. In the report, Anthropic itself acknowledges that although the company has "developed sophisticated safety and security measures to prevent the misuse" of its AI, and though the measures are "generally effective," bad actors still sometimes manage to find ways around them. Anthropic says that AI has lowered the barriers for sophisticated cybercrime and that bad actors use the technology to profile victims, automate their practices, create false identities, analyze stolen data, steal credit card information, and more. Each of the case studies in the report adds to the increasing amount of evidence that AI companies, try as they might, often can't keep up with the societal risks associated with the tech they're creating and putting out into the world. "While specific to Claude, the case studies presented below likely reflect consistent patterns of behaviour across all frontier AI models," the report states. Anthropic said that for every case study, it banned the associated accounts, created new classifiers or other detection measures, and shared information with the appropriate government agencies, like intelligence agencies or law enforcement, Klein confirmed. He also said the case studies his team saw are part of a broader change in AI risk. "There's this shift occurring where AI systems are not just a chatbot because they can now take multiple steps," Klein said, adding, "They're able to actually conduct actions or activity like we're seeing here."

Anthropic Warns of Hacker Weaponizing Claude AI Like Never Before

Don't miss out on our latest stories. Add PCMag as a preferred source on Google. It's no longer a hypothetical: Anthropic has discovered a hacker using its AI chatbot to plan and execute a large-scale data extortion campaign that targeted 17 organizations last month. The San Francisco company says an unnamed hacker "used AI to what we believe is an unprecedented degree," by automating large portions of the hacking spree using Claude AI. "This threat actor leveraged Claude's code execution environment to automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions," Anthropic said on Wednesday. A defense contractor was also affected. The company disclosed the incident in a new threat intelligence report documenting its efforts to prevent cybercriminals and state-sponsored hackers from exploiting Claude. However, the same report also warns about an unsettling "evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator," enabling human hackers to pull off attacks they would have never achieved alone. In the data theft extortion case, the hacker abused Claude Code, a tool for programmers, to help them breach and steal "personal records, including healthcare data, financial information, government credentials, and other sensitive information" from the targeted organizations. "Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines," Anthropic added, noting the ransom amounts ranged from $75,000 to over $500,000 in bitcoin. Although Claude was built with safeguards to prevent such misuse, the hacker bypassed the guardrails by uploading a configuration file to the AI that "included a cover story claiming network security testing under official support contracts while providing detailed attack methodologies and target prioritization frameworks," Anthropic found. During the campaign, the hacker first used Claude to scan for vulnerable networks at "high success rates" before breaching them, which appears to include brute-forcing access through plugging in credentials. In another disturbing find, Claude also created malware and other custom tools to evade Windows Defender during the intrusion attempts. The incident stands out from earlier findings where hackers only used generative AI for a specific task, such as writing a phishing email, providing coding help, or conducting vulnerability research. "AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out," Anthropic added. In response, the company banned the accounts the hacker used to access Claude. Anthropic also said it "developed a tailored classifier (an automated screening tool), and introduced a new detection method to help us discover activity like this as quickly as possible in the future." Still, the company expects more hackers to adopt AI chatbots in the same way, which risks unleashing more cybercrime. In the same threat intelligence report, Anthropic said it discovered a separate, possibly amateur hacker using Claude to develop, market, and sell several variants of ransomware. "This actor appears to have been dependent on AI to develop functional malware. Without Claude's assistance, they could not implement or troubleshoot core malware components," the company added. On Tuesday, ESET also discovered a mysterious ransomware that harnesses OpenAI's open-source model to generate malicious code on infected devices.

Crims laud Claude, use Anthropic's AI to plant ransomware

comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud. By saying so in a 25-page report [PDF], the biz aims to reassure the public and private sector that it can mitigate the harmful use of its technology with "sophisticated safety and security measures." After all, who wants to be regulated as a dangerous weapon? Yet these measures, specifically account bans, amount to the same ineffective game of cybersecurity Whack-a-Mole that has failed to curb abuses at Google, Meta, or any number of other large online platforms. The company is developing custom machine-learning classifiers to catch specific attack patterns, which sounds more promising. However, defensive measures of this sort simply encourage attackers to adapt. Anthropic only mentions one successful instance of prevention in its report. "We successfully prevented a sophisticated North Korean [DPRK] threat actor from establishing operations on our platform through automated safety measures," the company claims. The operation was part of the DPRK "Contagious Interview" campaign, which attempts to dupe software developers into downloading malware-laden coding assessments with fake job offers. The remainder of the instances Anthropic cites represent responses to the misuse of its models rather than prevention. For example, the company said that it had disrupted one cybercrime operation (tracked as GTG-2002) that "used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe." Some 17 organizations, including those involved in government, healthcare, emergency services, and religion, faced automated reconnaissance, credential harvesting, and network penetration, all orchestrated by Claude Code. The crims made ransom demands for stolen data, ranging from $75,000 to $500,000 in Bitcoin. Anthropic does not say whether any of the victims paid out. Claude Code was used in all phases of the operation. The attacker provided the model with a CLAUDE.md file outlining preferred tactics and Claude Code proceeded to conduct automated reconnaissance and target discovery, exploitation, and malware creation. "It created obfuscated versions of the Chisel tunneling tool to evade Windows Defender detection and developed completely new TCP proxy code that doesn't use Chisel libraries at all," Anthropic's report explains. The model went on to perform data exfiltration, analysis, and ransom note development. Anthropic's response doesn't offer much reassurance beyond noting this particular campaign has been halted. Rather it reads like a forecast of bleak weather for the foreseeable future. "While we have taken steps to prevent this type of misuse, we expect this model to become increasingly common as AI lowers the barrier to entry for sophisticated cybercrime operations," the company said. Specifically, it banned accounts, added a new classifier to the safety enforcement pipeline, and shared details with partners, who can now keep an eye out for this sort of thing. The second-place AI provider's enumeration of incidents also includes details on how AI has transformed DPRK employment fraud schemes, where North Korean operatives deceive companies into hiring them so that their salaries can be used to fund the country's weapons programs. "The most striking finding is the [threat] actors' complete dependency on AI to function in technical roles," Anthropic's report explains. "These operators do not appear to be able to write code, debug problems, or even communicate professionally without Claude's assistance. Yet they're successfully maintaining employment at Fortune 500 companies (according to public reporting) passing technical interviews, and delivering work that satisfies their employers." Oh, and Anthropic also spotted a presumed Chinese APT group using Claude to facilitate its compromise of Vietnamese telecommunications infrastructure. "This likely represents an intelligence collection operation with potential implications for Vietnamese national security and economic interests," Anthropic's report says. Claude offers a free tier, but for compromising national telecom networks, you'll probably want at least a Pro tier subscription. ®

Anthropic thwarts hacker attempts to misuse Claude AI for cybercrime

Aug 27 (Reuters) - Anthropic said on Wednesday it had detected and blocked hackers attempting to misuse its Claude AI system to write phishing emails, create malicious code and circumvent safety filters. The company's findings, published in a report, highlight growing concerns that AI tools are increasingly exploited in cybercrime, intensifying calls for tech firms and regulators to strengthen safeguards as the technology spreads. Anthropic's report said its internal systems had stopped the attacks and it was sharing the case studies - showing how attackers had attempted to use Claude to produce harmful content - to help others understand the risks. The report cited attempts to use Claude to draft tailored phishing emails, write or fix snippets of malicious code and sidestep safeguards through repeated prompting. It also described efforts to script influence campaigns by generating persuasive posts at scale and helping low-skill hackers with step-by-step instructions. The company, backed by Amazon.com (AMZN.O), opens new tab and Alphabet (GOOGL.O), opens new tab, did not publish technical indicators such as IPs or prompts, but said it had banned the accounts involved and tightened its filters after detecting the activity. Experts say criminals are increasingly turning to AI to make scams more convincing and to speed up hacking attempts. These tools can help write realistic phishing messages, automate parts of malware development and even potentially assist in planning attacks. Security researchers warn that as AI models become more powerful, the risk of misuse will grow unless companies and governments act quickly. Anthropic said it follows strict safety practices, including regular testing and outside reviews, and plans to keep publishing reports when it finds major threats. Microsoft (MSFT.O), opens new tab and SoftBank-backed (9984.T), opens new tab OpenAI and Google have faced similar scrutiny over fears their AI models could be exploited for hacking or scams, prompting calls for stronger safeguards. Governments are also moving to regulate the technology, with the European Union moving forward with its Artificial Intelligence Act and the United States pushing for voluntary safety commitments from major developers. Reporting by Akash Sriram in Bengaluru; Editing by Pooja Desai Our Standards: The Thomson Reuters Trust Principles., opens new tab

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. "The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions," the company said. "Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000." "The actor employed Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that provided persistent context for every interaction." The unknown threat actor is said to have used AI to an "unprecedented degree," using Claude Code, Anthropic's agentic coding tool, to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The reconnaissance efforts involved scanning thousands of VPN endpoints to flag susceptible systems, using them to obtain initial access and following up with user enumeration and network discovery steps to extract credentials and set up persistence on the hosts. Furthermore, the attacker used Claude Code to craft bespoke versions of the Chisel tunneling utility to sidestep detection efforts, and disguise malicious executables as legitimate Microsoft tools - an indication of how AI tools are being used to assist with malware development with defense evasion capabilities. The activity, codenamed GTG-2002, is notable for employing Claude to make "tactical and strategic decisions" on its own and allowing it to decide which data needs to be exfiltrated from victim networks and craft targeted extortion demands by analyzing the financial data to determine an appropriate ransom amount ranging from $75,000 to $500,000 in Bitcoin. Claude Code, per Anthropic, was also put to use to organize stolen data for monetization purposes, pulling out thousands of individual records, including personal identifiers, addresses, financial information, and medical records from multiple victims. Subsequently, the tool was employed to create customized ransom notes and multi-tiered extortion strategies based on exfiltrated data analysis. "Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators," Anthropic said. "This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real-time." To mitigate such "vibe hacking" threats from occurring in the future, the company said it developed a custom classifier to screen for similar behavior and shared technical indicators with "key partners." Other documented misuses of Claude are listed below - * Use of Claude by North Korean operatives related to the fraudulent remote IT worker scheme in order to create elaborate fictitious personas with persuasive professional backgrounds and project histories, technical and coding assessments during the application process, and assist with their day-to-day work once hired * Use of Claude by a U.K.-based cybercriminal, codenamed GTG-5004, to develop, market, and distribute several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms, which were then sold on darknet forums such as Dread, CryptBB, and Nulled to other threat actors for $400 to $1,200 * Use of Claude by a Chinese threat actor to enhance cyber operations targeting Vietnamese critical infrastructure, including telecommunications providers, government databases, and agricultural management systems, over the course of a 9-month campaign * Use of Claude by a Russian-speaking developer to create malware with advanced evasion capabilities * Use of Model Context Protocol (MCP) and Claude by a threat actor operating on the xss[.]is cybercrime forum with the goal of analyzing stealer logs and build detailed victim profiles * Use of Claude Code by a Spanish-speaking actor to maintain and improve an invite-only web service geared towards validating and reselling stolen credit cards at scale * Use of Claude as part of a Telegram bot that offers multimodal AI tools to support romance scam operations, advertising the chatbot as a "high EQ model" * Use of Claude by an unknown actor to launch an operational synthetic identity service that rotates between three card validation services, aka "card checkers" The company also said it foiled attempts made by North Korean threat actors linked to the Contagious Interview campaign to create accounts on the platform to enhance their malware toolset, create phishing lures, and generate npm packages, effectively blocking them from issuing any prompts. The case studies add to growing evidence that AI systems, despite the various guardrails baked into them, are being abused to facilitate sophisticated schemes at speed and at scale. "Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training," Anthropic's Alex Moix, Ken Lebedev, and Jacob Klein said, calling out AI's ability to lower the barriers to cybercrime. "Cybercriminals and fraudsters have embedded AI throughout all stages of their operations. This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets."

Anthropic admits its AI is being used to conduct cybercrime

The company's threat report detailed a 'vibe hacking' extortion scheme powered by Claude. Anthropic's agentic AI, , has been "weaponized" in high-level cyberattacks, according to a new published by the company. It claims to have successfully disrupted a cybercriminal whose "vibe hacking" extortion scheme targeted at least 17 organizations, including some related to healthcare, emergency services and government. Anthropic says the hacker attempted to extort some victims into paying six-figure ransoms to prevent their personal data from being made public, with an "unprecedented" reliance on AI assistance. The report claims that Claude Code, Anthropic's agentic coding tool, was used to "automate reconnaissance, harvest victims' credentials, and penetrate networks." The AI was also used to make strategic decisions, advise on which data to target and even generate "visually alarming" ransom notes. As well as sharing information about the attack with relevant authorities, Anthropic says it banned the accounts in question after discovering criminal activity, and has since developed an automated screening tool. It has also introduced a faster and more efficient detection method for similar future cases, but doesn't specify how that works. The report (which you can read in full ) also details Claude's involvement in a fraudulent employment scheme in North Korea and the development of AI-generated ransomware. The common theme of the three cases, according to Anthropic, is that the highly reactive and self-learning nature of AI means cybercriminals now use it for operational reasons, as well as just advice. AI can also perform a role that would once have required a team of individuals, with technical skill no longer being the barrier it once was. Claude isn't the only AI that has been used for nefarious means. Last year, said that its generative AI tools were being used by cybercriminal groups with ties to China and North Korea, with hackers using GAI for code debugging, researching potential targets and drafting phishing emails. OpenAI, whose architecture Microsoft uses to power its own Copilot AI, said it had blocked the groups' access to its systems.

Chatbot's Crime Spree Used AI to Grab Bank Details, Social Security Numbers

A hacker has exploited a leading artificial intelligence chatbot to orchestrate the most extensive and profitable cybercriminal scheme involving AI to date, according to a new report from Anthropic, the company behind the popular Claude chatbot. Anthropic declined to identify all 17 victim companies but confirmed that they included a defense contractor, a financial institution, and multiple healthcare providers. The breach resulted in the theft of sensitive data including Social Security numbers, bank details, and confidential medical records, Anthropic said. The hacker also accessed files related to sensitive U.S. defense information regulated under the International Traffic in Arms Regulations (ITAR). It remains unclear how much the hacker extorted or how many firms paid, but demands ranged from approximately $75,000 to over $500,000, the report said. The operation, which lasted over three months, involved malware deployment, data analysis, and targeted extortion efforts. Jacob Klein, head of threat intelligence for Anthropic, said that the campaign appeared to come from an individual hacker outside of the U.S. "We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques," he said. According to the company's threat analysis, the attack began with the hacker convincing Claude to identify companies vulnerable to attack. Claude, which specializes in generating code based on simple promptsâ€"a process known as “vibe codingâ€â€"was instructed to pinpoint targets with exploitable weaknesses. Anthropic says the hacker then had the chatbot create malicious software designed to extract sensitive information such as personal data and corporate files from the victims. Once stolen, Claude categorized and analyzed the data to determine what was most valuable and could be leveraged for extortion. For the hacker, the chatbot's built-in analysis tools certainly helped. Anthropic said that Claude even evaluated the compromised financial documents, helping the attacker estimate a realistic ransom amount in Bitcoin, and drafted threatening emails demanding payment in exchange for not releasing or exploiting the stolen data. Probably. Hackers have historically been very good at learning and then manipulating technology to find the most lucrative or effective ways to use it for a specific goal they have. More broadly, the case underscores the risks both users and investors in the sector take when they use AI. As the largely unregulated AI industry becomes more intertwined with cybercrime, with recent data showing hackers increasingly leveraging AI tools to facilitate scams, ransomware, and data breaches. Recently, that has meant that hackers have used a variety of AI specialized tools to get what they want, including using chatbots for things like writing phishing emails, like they did in this NASA scheme. “We already see criminal and nation-state elements utilizing AI,†NSA Cybersecurity Director Rob Joyce said earlier this year. “We’re seeing intelligence operators, we’re seeing criminals on those platforms.â€

'Vibe Hacking': Criminals Are Weaponizing AI With Help From Bitcoin, Says Anthropic - Decrypt

A UK-based actor is selling AI-built ransomware-as-a-service kits on dark web forums, with payments settled in crypto. Anthropic released a new threat intelligence report on Wednesday that reads like a peek into the future of cybercrime. Its report documents how bad actors are no longer just asking AI for coding tips, they're using it to run attacks in real time -- and using crypto for the payment rails. The standout case is what researchers call "vibe hacking." In this campaign, a cybercriminal used Anthropic's Claude Code -- a natural language coding assistant that runs in the terminal -- to carry out a mass extortion operation across at least 17 organizations spanning government, healthcare, and religious institutions. Instead of deploying classic ransomware, the attacker relied on Claude to automate reconnaissance, harvest credentials, penetrate networks, and exfiltrate sensitive data. Claude didn't just provide guidance; it executed "on-keyboard" actions like scanning VPN endpoints, writing custom malware, and analyzing stolen data to determine which victims could pay the most. Then came the shakedown: Claude generated custom HTML ransom notes, tailored to each organization with financial figures, employee counts, and regulatory threats. Demands ranged from $75,000 to $500,000 in Bitcoin. One operator, augmented by AI, had the firepower of an entire hacking crew. While the report spans everything from state espionage to romance scams, the throughline is money -- and much of it flows through crypto rails. The "vibe hacking" extortion campaign demanded payments of up to $500,000 in Bitcoin, with ransom notes auto-generated by Claude to include wallet addresses and victim-specific threats. A separate ransomware-as-a-service shop is selling AI-built malware kits on dark web forums where crypto is the default currency. And in the bigger geopolitical picture, North Korea's AI-enabled IT worker fraud funnels millions into the regime's weapons programs, often laundered through crypto channels. In other words: AI is scaling the kinds of attacks that already lean on cryptocurrency for both payouts and laundering, making crypto more tightly entwined with cybercrime economics than ever. Another revelation: North Korea has woven AI deep into its sanctions-evasion playbook. The regime's IT operatives are landing fraudulent remote jobs at Western tech firms by faking technical competence with Claude's help. According to the report, these workers are almost entirely dependent on AI for day-to-day tasks. Claude generates resumes, writes cover letters, answers interview questions in real time, debugs code, and even composes professional emails. The scheme is lucrative. The FBI estimates these remote hires funnel hundreds of millions of dollars annually back to North Korea's weapons programs. What used to require years of elite technical training at Pyongyang universities can now be simulated on the fly with AI. If that weren't enough, the report details a UK-based actor (tracked as GTG-5004) running a no-code ransomware shop. With Claude's help, the operator is selling ransomware-as-a-service (RaaS) kits on dark web forums like Dread and CryptBB. For as little as $400, aspiring criminals can buy DLLs and executables powered by ChaCha20 encryption. A full kit with a PHP console, command-and-control tools, and anti-analysis evasion costs $1,200. These packages include tricks like FreshyCalls and RecycledGate, techniques normally requiring advanced knowledge of Windows internals to bypass endpoint detection systems. The disturbing part? The seller appears incapable of writing this code without AI assistance. Anthropic's report stresses that AI has erased the skill barrier -- anyone can now build and sell advanced ransomware. The report also highlights how nation-state actors are embedding AI across their operations. A Chinese group targeting Vietnamese critical infrastructure used Claude across 12 of 14 MITRE ATT&CK tactics -- everything from reconnaissance to privilege escalation and lateral movement. Targets included telecom providers, government databases, and agricultural systems. Separately, Anthropic says it auto-disrupted a North Korean malware campaign tied to the infamous "Contagious Interview" scheme. Automated safeguards caught and banned accounts before they could launch attacks, forcing the group to abandon its attempt. Beyond high-profile extortion and espionage, the report describes AI quietly powering fraud at scale. Criminal forums are offering synthetic identity services and AI-driven carding stores capable of validating stolen credit cards across multiple APIs with enterprise-grade failover. There's even a Telegram bot marketed for romance scams, where Claude was advertised as a "high EQ model" to generate emotionally manipulative messages. The bot handled multiple languages and served over 10,000 users monthly, according to the report. AI isn't just writing malicious code -- it's writing love letters to victims who don't know they're being scammed. Anthropic frames these disclosures as part of its broader transparency strategy: to show how its own models have been misused, while sharing technical indicators with partners to help the wider ecosystem defend against abuse. Accounts tied to these operations were banned, and new classifiers were rolled out to detect similar misuse. But the bigger takeaway is that AI is fundamentally altering the economics of cybercrime. As the report bluntly puts it, "Traditional assumptions about the relationship between actor sophistication and attack complexity no longer hold." One person, with the right AI assistant, can now mimic the work of a full hacking crew. Ransomware is available as a SaaS subscription. And hostile states are embedding AI into espionage campaigns. Cybercrime was already a lucrative business. With AI, it's becoming frighteningly scalable.

A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says

The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies. A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find targets to write ransom notes. In a report published Tuesday, Anthropic, the company behind the popular Claude chatbot, said that an unnamed hacker "used AI to what we believe is an unprecedented degree" to research, hack and extort at least 17 companies. Cyber extortion, where hackers steal information like sensitive user data or trade secrets, is a common criminal tactic. And AI has made some of that easier, with scammers using AI chatbots for help writing phishing emails. In recent months, hackers of all stripes have increasingly incorporated AI tools in their work. But the case Anthropic found is the first publicly documented instance in which a hacker used a leading AI company's chatbot to automate almost an entire cybercrime spree. According to the blog post, one of Anthropic's periodic reports on threats, the operation began with the hacker convincing Claude Code -- Anthropic's chatbot that specializes in "vibe coding," or creating computer programming based on simple requests -- to identify companies vulnerable to attack. Claude then created malicious software to actually steal sensitive information from the companies. Next, it organized the hacked files and analyzed them to both help determine what was sensitive and could be used to extort the victim companies. The chatbot then analyzed the companies' hacked financial documents to help determine a realistic amount of bitcoin to demand in exchange for the hacker's promise not to publish that material. It also wrote suggested extortion emails. Jacob Klein, head of threat intelligence for Anthropic, said that the campaign appeared to come from an individual hacker outside of the U.S. and happen over the span of three months. "We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques," he said.

'Agentic AI Has Been Weaponized': Major AI Company Says Hackers With No AI Skills Used Its Chatbot to Generate Phishing Schemes and Ransom Demands

Hackers recently exploited Anthropic's Claude AI chatbot to orchestrate "large-scale" extortion operations, a fraudulent employment scheme, and the sale of AI-generated ransomware targeting and extorting at least 17 companies, the company said in a report. The report details how its chatbot was manipulated by hackers (with little to no technical knowledge) to identify vulnerable companies, generate tailored malware, organize stolen data, and craft ransom demands with automation and speed. "Agentic AI has been weaponized," Anthropic said. Related: Instagram Head Was the Victim of an 'Experienced a Sophisticated Phishing Attack' It's not yet public which companies were targeted or how much money the hacker made, but the report noted that extortion demands went up to $500,000. Anthropic's internal team detected the hacker's operation, observing the use of Claude's coding features to pinpoint victims and build malicious software with simple prompts -- a process termed "vibe hacking," a play on "vibe coding," which is using AI to write code with prompts in plain English. Upon detection, Anthropic said it responded by suspending accounts, tightening safety filters, and sharing best practices for organizations to defend against emerging AI-borne threats. Related: This AI-Driven Scam Is Draining Retirement Funds -- And No One Is Safe, According to the FBI With that in mind, the SBA breaks down how small business owners can protect themselves:

Anthropic Flags Alarming Rise In AI-Powered Cybercrime With "Vibe-Hacking" Leading A New Wave Of Sophisticated Attacks

We are seeing cybercrimes on the rise globally, with the attacks being more sophisticated and the nature of these ransomware attacks shaping up differently, with generative AI tools being easily accessible and, as a result, being misused. Artificial intelligence is not only being used to write frightening ransom messages but also to carry out the tasks themselves. It is no longer just a tool for more professional communication but rather a core part of cybercrimes. As per a new report by Anthropic, criminals are now relying more on technology to build malware and carry out full-fledged operations for hackers. Anthropic released a Threat Intelligence Report this Wednesday via Reuters about intercepting and shutting down multiple attempts by hackers to use its Claude AI systems to carry out malicious activities, send phishing emails, and even bypass built-in safeguards. By highlighting these new ways of exploiting generative AI and exposing the sophisticated misuse of its Claude AI models, it is shedding light on the new strategies cybercriminals are using to carry out their threats. One of the most alarming parts of the report was a hacking group using Claude Code, the company's AI coding agent, to carry out an entire cyberattack campaign across 17 organizations. These included government agencies, healthcare providers, religious institutions, and emergency services. The AI model was used to craft ransom messages and even carry out the entire hacking process. Anthropic used the term "vibe-hacking" to describe this new kind of cyberattack, where AI's ability to generate emotional or psychological pressure is used to coerce victims into paying ransoms or giving up personal information. The hacking group is said to have been demanding ransoms above $500,000, which sheds light on the use of AI in deploying high-stakes cyber extortion. The report also pointed to misuse not being limited to ransomware, but also involving fraudulent actions such as using AI to secure jobs at Fortune 500 firms through deception. Obstacles such as fluency in English or technical skills were overcome with the help of the artificial intelligence models to get through the hiring process. There were other examples highlighted in the report, including romance scams through Telegram, wherein scammers built a bot using Claude to help them create persuasive messages in different languages and even generate flattering compliments for the victims who were being deceived in varied regions, including the U.S., Japan, and Korea. Anthropic has responded to these illegal activities by banning accounts, putting up more safety guardrails, and sharing the information with government agencies. The company's Usage Policy has also been updated to warn against using the tools to create scams or malware. With the emergence of vibe-hacking, there seem to be even deeper concerns about the use of AI to exploit victims with more precision and how governments and tech companies need to improve detection systems and ensure the evolution of safety measures keeps pace with the technology itself in order to prevent it from being used for manipulation.