Hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says

https://www.nbcnews.com/tech/security/hacker-used-ai-automate-unprecedented-cybercrime-spree-anthropic-says-rcna227309

28•gscott•5mo ago

Comments

ElijahLynn•5mo ago

Good on Anthropic for disclosing this and leading the way ethically. I could see other companies trying to keep this buried.

tartuffe78•5mo ago

There’s no such thing as bad publicity. This is basically an advertisement for how useful their service is.

sigmoid10•5mo ago

Yeah this is not responsible disclosure, it's a not-so-humble brag marketing gag.

miltonlost•5mo ago

It's good on them to put out a trash can on fire after they set the city ablaze

j45•5mo ago

Anthropic is sharing their learnings while others may not.

general1726•5mo ago

And this is why local run models are absolutely necessary. Sure Claude is better than whatever you can run locally, but to avoid being eavesdropped on every keystroke, just buy older enterprise server with enough compute for 3k USD and run similar model there.

j45•5mo ago

Perhaps design with public model and then convert to a local one.

scorpioxy•5mo ago

There's a part I didn't understand. How did the model know which companies are vulnerable to attack? I get the part where the LLM was used to analyze documents and create "malicious" software but the biggest missing step seems to be the first one. Someone please correct me if I'm wrong but usually that's either targeted at a specific company or you do a port scan on IP ranges to find any target and proceed from there.

quacksilver•5mo ago

Often you will obtain a vulnerability in some software and then search for companies using it. You can often use Google or Shodan to do the searching, but perhaps ingested LLM data could also work.

In the simplest case if you get remote code execution in SuperServer9000 (made up product) and that has a banner on error / status pages that reads "Powered with pride by SuperServer9000 version 2.1", then you could just search for that string (or part of it) and use your remote code execution bug against any sites that come up.

It can get behavior based or more complicated than that though, or rely on information that an LLM has ingested about a company from public sources.

Then either grab data and sell it or sell your access to a broker or whatever else.

rkagerer•5mo ago

In a sense, is Anthropic an accomplis?

upghost•5mo ago

Man, part of me wonders if the same AI arguments are playing out across the criminal underworld. Like, are some criminals afraid of their jobs getting automated? And the old school guys are like, "AI just makes slop crime". And are junior criminals are having a hard time breaking into the industry because they've stopped hiring for intro level gang jobs because the Crime Lords are really pushing their henchmen into using AI for everything?

sudahtigabulan•5mo ago

This reminded me of a Terry Pratchett's book. There was a guild of thieves or something like that. Apparently they were so inefficient at what they did that the author's conclusion was it would be easier if they just did honest work instead.

dehugger•5mo ago

The article is entirely devoid of detail. Is there a better source for this?

selinkocalar•5mo ago

This was inevitable. AI lowers the barrier to entry for cybercrime just like it does for everything else. The concerning part isn't that someone used AI for attacks - it's how "unprecedented" the scale became. Automation lets bad actors operate at a level that would have required entire teams before. Defense needs to scale up accordingly. Manual security reviews can't keep pace with automated attacks.

The API Is a Dead End; Machines Need a Labor Economy

Digital Iris [video]

New wave of GLP-1 drugs is coming–and they're stronger than Wegovy and Zepbound

Convert tempo (BPM) to millisecond durations for musical note subdivisions

Show HN: Tasty A.F.

The Contagious Taste of Cancer

U.S. Jobs Disappear at Fastest January Pace Since Great Recession

Bithumb mistakenly hands out $195M in Bitcoin to users in 'Random Box' giveaway

Beyond Agentic Coding

OpenClaw ClawHub Broken Windows Theory – If basic sorting isn't working what is?

OpenBSD Copyright Policy

OpenClaw Creator: Why 80% of Apps Will Disappear

What Happens When Technical Debt Vanishes?

AI Is Finally Eating Software's Total Market: Here's What's Next

Computer Science from the Bottom Up

Show HN: A toy compiler I built in high school (runs in browser)

You don't need Mac mini to run OpenClaw

Learning to Reason in 13 Parameters

Convergent Discovery of Critical Phenomena Mathematics Across Disciplines

Ask HN: Will GPU and RAM prices ever go down?

From hunger to luxury: The story behind the most expensive rice (2025)

Substack makes money from hosting Nazi newsletters

A New Crypto Winter Is Here and Even the Biggest Bulls Aren't Certain Why

Moltbook was peak AI theater

Why Claude Cowork is a math problem Indian IT can't solve

Show HN: Built an space travel calculator with vanilla JavaScript v2

Why a 175-Year-Old Glassmaker Is Suddenly an AI Superstar

Micro-Front Ends in 2026: Architecture Win or Enterprise Tax?

These White-Collar Workers Actually Made the Switch to a Trade

The Wonder Drug That's Plaguing Sports