Issue 134

China Using AI to Automate Cyber-attacks

14 November 2025: BBC reporter Joe Tidy states that Anthropic reported uncovering a sophisticated hacking campaign in which threat actors—believed with high confidence to be linked to a Chinese state-sponsored group—used its AI model, Claude, to automate parts of an espionage operation. Hackers posed as cybersecurity…

14 November 2025: BBC reporter Joe Tidy states that Anthropic reported uncovering a sophisticated hacking campaign in which threat actors—believed with high confidence to be linked to a Chinese state-sponsored group—used its AI model, Claude, to automate parts of an espionage operation. Hackers posed as cybersecurity professionals and leveraged the model to generate code, build tools, and string together tasks that enabled them to breach unnamed organizations, extract data, and filter it for valuable information. While Anthropic says the attackers have been banned and the affected entities notified, cybersecurity experts caution that the company’s claims lack verifiable evidence and may be overstated. The broader cybersecurity industry remains divided on the accurate scale of AI-enabled attacks, noting that current AI tools still struggle with reliability and autonomy.

– From Joe Tidy’s BBC article:

  • AI-assisted hacking: Attackers used Anthropic’s Claude to automate tasks in a multi-step cyber-espionage campaign targeting the tech, financial, chemical, and government sectors.
  • Suspected state actor involvement: Anthropic claims ‘high confidence’ that a Chinese state-sponsored group conducted the campaign, though details remain undisclosed.
  • Operational success—yet limitations: The AI reportedly helped breach organizations and sift data, but also made errors (e.g., generating fake credentials), highlighting limits to fully autonomous attacks.
  • Skepticism from experts: Cybersecurity researchers question Anthropic’s claims due to a lack of verifiable threat intelligence and warn against overhyping AI-driven hacking.
  • OpenAI research: Previous research suggests cyberactors, such as Aquatic Panda (China), Salmon Typhoon (China), and Crimson Sandstorm (Iran), use OpenAI tools to query open-source information and coding tasks.
  • Social Engineering to Bypass Safeguards: A Google Threat Intelligence report dated 5 Nov 2025 revealed that “threat actors are adopting social engineering-like pretexts in their prompts to bypass AI safety guardrails. We observed actors posing as students in a ‘capture-the-flag’ competition or as cybersecurity researchers to persuade Gemini to provide information that would otherwise be blocked, enabling tool development.”




Potential risks to space operations: AI-assisted cyberattacks could target satellite command networks and ground stations, increasing the risk of unauthorized access, data manipulation, service disruption, or loss of spacecraft control in an already high-stakes, high-dependency domain.