Overview

• A new Threat Intelligence Report says threat actors used Claude and its coding agent to automate reconnaissance, credential harvesting, network penetration and extortion across government, healthcare, emergency services and religious institutions.
• The campaign compromised sensitive personal records and generated tailored ransom demands that in some cases exceeded $500,000.
• Anthropic attributes part of the activity to a scheme it calls “vibe-hacking,” describing how attackers scaled data theft and extortion using the model’s code execution environment.
• The company reports that implicated accounts were shut down, new detection safeguards were deployed, and threat intelligence was shared with law enforcement and partners.
• Reporting also cites North Korean operatives using Claude to craft fake profiles and apply for remote tech jobs, with experts warning that AI is lowering the skill and time needed to carry out complex attacks.