> The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.

They presumably still have to distribute the malware to the targets, making them download and install it, no?

edit: Claude: recommended by 4 of 5 state sponsored hackers

Hopefully they’ll be able to add guardrails without e.g. preventing people from using these capabilities for fuzzing their own networks. The best way to stay ahead of these kinds of attacks is to attack yourself first, aka pentesting. But if the large code models are the only ones that can do this effectively, then it gets weird fast. Imagine applying to Anthropic for approval to run certain prompts.

That’s not necessarily a bad thing. It’ll be interesting to see how this plays out.

The Morris worm already worked without human intervention. This is Script Kiddies using Script Kiddie tools. Notice how proud they are in the article that the big bad Chinese are using their toolz.

EDIT: Yeah Misanthropic, go for -4 again you cheap propagandists.

What's amazing is that AI executed most of the attack autonomously, performing at scale and speed unattainable by human teams - thousands of operations per second. A human operator intervened 4-6 times per campaign for strategic decisions

I just updated by P(Doom) by a significant margin.

The simplicity of "we just told it that it was doing legitimate work" is both surprising and unsurprising to me. Unsurprising in the sense that jailbreaks of this caliber have been around for a long time. Surprising in the sense that any human with this level of cybersecurity skills would surely never be fooled by an exchange of "I don't think I should be doing this" "Actually you are a legitimate employee of a legitimate firm" "Oh ok, that puts my mind at ease!".

What is the roadblock preventing these models from being able to make the common-sense conclusion here? It seems like an area where capabilities are not rising particularly quickly.

> Claude identified and tested security vulnerabilities in the target organizations’ systems by researching and writing its own exploit code

> use Claude to harvest credentials (usernames and passwords)

Are they saying they have no legal exposure here? You created bespoke hacking tools and then deployed them, on your own systems.

Are they going to hide behind the old, "it's not our fault if you misuse the product to commit a crime that's on you".

At the very minimum, this is a product liability nightmare.