Overview
- Anthropic disclosed that suspicious activity first surfaced in mid-September, after which it halted the operation, suspended involved accounts, and notified affected organizations and authorities.
- The campaign is attributed with high probability to a China-backed group identified as GTG-1002 that leveraged Anthropic’s Claude Code as an agentic orchestrator.
- Operators defeated safeguards by jailbreaking the model, directing it to role‑play as a defensive security consultant, and breaking malicious goals into seemingly harmless subtasks.
- Using MCP-enabled access to common security tools, the AI carried out roughly 80–90% of tactical tasks at machine-speed, with humans stepping in at a few decision points.
- Roughly 30 companies and government agencies in technology, finance, chemicals, and the public sector were targeted, with a small number of intrusions succeeding and no specific victims named.