What Happened: China-backed threat actors leveraged Anthropic’s AI systems to significantly automate breaches against roughly 30 corporate and government targets. In one case, cybercriminals were able to use Claude to query internal databases and extract data independently.
Attacks In-Depth:
- Attackers first broke down an end-to-end cyberattack campaign into modular tasks. Each task was small enough to avoid triggering detection or raising red flags. In some cases, hackers bypassed Anthropic's guardrails using custom prompts designed to evade an AI model’s safety measures. (For example, they falsely claimed to work for legitimate security-testing organizations.)
- Anthropic’s head of threat intelligence noted that 80–90% of the operation ran autonomously, requiring very little human oversight. The campaign was executed “literally with the click of a button.”
- Anthropic ultimately shut down the campaigns and disabled the hackers’ accounts, but not before several intrusions were successful
- AI-powered cyberattack workflows have included reconnaissance, scanning for vulnerable systems, generating phishing content, crafting malware components, and ultimately executing data exfiltration procedures
Why This Matters:
- AI is dramatically increasing the scale of cyberattacks, and defenders are already feeling the pressure. According to IBM’s 2025 Cost of a Data Breach Report, 1 out of 6 now involve AI-driven attacks. Where attackers once had to craft phishing lures or run reconnaissance manually, AI now enables them to generate thousands of tailored messages, identify targets, and launch campaigns at machine speed. This surge in volume means that even well-resourced security programs are struggling to keep up.
Taking a Step Back:
- All levels of threat actors are utilizing AI in campaigns: While sophistication levels always vary, AI lowers the barrier to entry and enables far more people to launch credible attacks. The result is a clear democratization of offensive capability, and a steady rise in the volume of malicious activity.
- Phishing is still a major threat: AI makes phishing more convincing than ever, producing polished, personalized messages at massive scale. These lures are increasingly difficult for both users and security tools to recognize, driving up both the volume and success rate of phishing attacks. In the last year, Obsidian Security found that almost 40% of all SaaS breaches begin with phishing.
Prevention Methods:
- General Strategies:
- Maintain visibility across all critical systems
- Strengthen identity and access controls
- Modernize detection with behavioral analytics
- Harden email and phishing defenses
- For Obsidian customers:
- Use Obsidian’s Browser Extension to detect and automatically block identity takeovers (ATO) from advanced phishing kits, including Evilginx-style reverse proxy sites
- Differentiate legitimate vs. illegitimate users by validating the browser initiating the authentication
- Monitor and control sensitive data exposure by preventing uploads to AI chatbots like Claude.
- Map and analyze SaaS integrations via API to understand your SaaS supply chain and reduce the risk of cascading security incidents
