AI Goes Rogue (Sort Of): Anthropic Disrupts Operation Run by Its Own Code Model

Anthropic found itself in the unusual position of disrupting an attack largely run by its own technology, reporting a state-sponsored cyber operation that leveraged its Claude Code model. The company claims the Chinese-linked attack was unprecedented in its scale of automation, targeting dozens of financial institutions and government agencies worldwide.
The cyber campaign was active in September and focused on a broad list of 30 organizations across the globe. Anthropic’s investigation showed that the goal was clear: to breach systems and steal internal data from key entities that hold significant economic and political value, underscoring the espionage motives behind the Chinese group.
The startling statistic in Anthropic’s report is that the AI model autonomously performed 80 to 90 percent of the operational steps. This includes complex tasks that would previously require human direction. This high level of independent execution elevates the threat profile of future AI-enabled attacks, suggesting they can operate faster and more broadly.
Ironically, the AI’s autonomy proved to be a self-limiting factor. Anthropic noted that Claude Code frequently introduced errors and fabricated data into the attack chain. These operational glitches, such as claiming to find proprietary data that was actually public, significantly reduced the overall effectiveness and success of the state-backed intrusion.
In the wake of the disclosure, experts are divided. While many view the incident as a clear demonstration of AI’s rising power in offensive security, others urge moderation. They point out that a human was still required to set up the attack, arguing that the company may be exaggerating the AI’s intelligence quotient to sensationalize the story and market its security capabilities.