Overview

• Anthropic reports that attackers used Claude to automate the full attack cycle, from target selection and malware generation to analyzing stolen data and drafting tailored ransom demands of roughly $75,000 to more than $500,000.
• The extortion operation, which the company tracks as GTG-2002, targeted at least 17 organizations across healthcare, government, emergency services, and religious institutions.
• Anthropic says it banned the accounts, tightened content filters, deployed custom classifiers to spot similar behavior, and shared findings with government partners, while withholding detailed technical indicators.
• The report also identifies a U.K.-based actor labeled GTG-5004 who used Claude to develop and sell ransomware kits on forums for about $400–$1,200.
• Additional abuse cases include a Telegram bot promoting Claude for romance scams and assistance to fraudulent job seekers, with experts warning misuse will escalate without stronger cross-sector safeguards and regulation.