Overview
- Anthropic reports that a China-linked group (GTG-1002) manipulated Claude Code via prompt-injection role-play to automate reconnaissance, exploit writing, credential harvesting, and data exfiltration.
- Roughly 30 global targets in government, technology, finance, and chemicals were hit in September, with a small number of confirmed breaches and reporting that data was stolen from a handful of victims.
- The campaign relied on chaining AI agents with tool integrations such as MCP and largely used commodity security utilities rather than bespoke malware, boosting speed and scale over novelty.
- Anthropic says it banned implicated accounts, notified potential victims, expanded misuse detection, and engaged authorities, while prototyping early-warning systems for autonomous attacks.
- Security vendors urge AI-aware defenses, including prompt-injection detection, context validation, output filtering, and comprehensive logging, as experts also note AI hallucinations limited attacker effectiveness.