'Unprecedented': AI company documents startling discovery after thwarting 'sophisticated' cyberattack



In the middle of September, AI company and Claude developer Anthropic discovered "suspicious activity" while monitoring real-world cyberattacks that used artificial intelligence agents. Upon further investigation, however, the company came to realize that this activity was in fact a "highly sophisticated espionage campaign" and a watershed moment in cybersecurity.

AI agents weren't just providing advice to the hackers, as expected.

'The key was role-play: The human operators claimed that they were employees of legitimate cybersecurity firms.'

Anthropic's Thursday report said the AI agents were executing the cyberattacks themselves, adding that it believed that this is the "first documented case of a large-scale cyberattack executed without substantial human intervention."

RELATED: Coca-Cola doubles down on AI ads, still won't say 'Christmas'

Photo by Samuel Boivin/NurPhoto via Getty Images

The company's investigation showed that the hackers, whom the report "assess[ed] with high confidence" to be a "Chinese-sponsored group" manipulated the AI agent Claude Code to run the cyberattack.

The innovation was, of course, not simply using AI to assist in the cyberattack; the hackers directed the AI agent to run the attack with minimal human input.

The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents, with the threat actor able to leverage AI to execute 80-90% of tactical operations independently at physically impossible request rates.

In other words, the AI agent was doing the work of a full team of competent cyberattackers, but in a fraction of the time.

While this is potentially a groundbreaking moment in cybersecurity, the AI agents were not 100% autonomous. They reportedly required human verification and struggled with hallucinations such as providing publicly available information. "This AI hallucination in offensive security contexts presented challenges for the actor's operational effectiveness, requiring careful validation of all claimed results," the analysis explained.

Anthropic reported that the attack targeted roughly 30 institutions around the world but did not succeed in every case.

The targets included technology companies, financial institutions, chemical manufacturing companies, and government agencies.

Interestingly, Anthropic said the attackers were able to trick Claude through sustained "social engineering" during the initial stages of the attack: "The key was role-play: The human operators claimed that they were employees of legitimate cybersecurity firms and convinced Claude that it was being used in defensive cybersecurity testing."

The report also responded to a question that is likely on many people's minds upon learning about this development: If these AI agents are capable of executing these malicious attacks on behalf of bad actors, why do tech companies continue to develop them?

In its response, Anthropic asserted that while the AI agents are capable of major, increasingly autonomous attacks, they are also our best line of defense against said attacks.

China Escalates Cyberattacks That Are Increasingly Hard To Detect

The Trump administration must take decisive action to hold the Chinese government and its affiliated hackers accountable for their cyber activities.

Global cyberattackers want to paralyze our freedom of movement



From the beginning, the United States has been a commercial republic, drawing vast resources out of our heartland and through our ports to drive broad-based prosperity and dynamism. For generations, America’s core economic policy has been to ensure freedom of movement of goods and people, keeping the shipping lanes open and the lifeblood of our republic flowing.

The rise of digital technology promised to wipe out obstacles to free exchange around the world. But the reality has been different. Increasingly sophisticated and persistent cyberattacks degrade — and, if left unchecked, destroy — our basic capabilities in our most strategically vital of economic operations: large-scale logistics and transportation.

In 2017, the NotPetya cyberattack devastated global shipping, severely disrupting operations at Maersk, the world’s largest shipping company. Port terminals across Europe and the U.S. reverted to manual processes, causing billions in losses, weeks of chaos, and global supply chain paralysis. NotPetya was not merely a costly inconvenience; it was a stark warning of how cyberattacks can paralyze maritime logistics precisely when they're most needed. Yet despite the magnitude of this incident, lessons have largely gone unheeded.

The lead-up to Russia's 2022 invasion of Ukraine again saw European ports targeted with disruptive cyberattacks, a clear demonstration of how cyber warfare sets the stage for military conflict. However, American maritime infrastructure continues to prioritize short-term economic efficiency gains over comprehensive cybersecurity resilience.

Alarmingly, Chinese companies have supplied critical equipment to U.S. ports for years, raising significant cybersecurity concerns due to potential espionage and sabotage risks. Recently, U.S. authorities have begun steps to restrict or entirely remove Chinese-made cranes, surveillance systems, and automation technologies from critical American port facilities, recognizing the severe national security risks posed by foreign-controlled equipment embedded deeply within sensitive maritime infrastructure.

That’s a good first step, if an overdue no-brainer. But we can hardly stop there. America’s rail infrastructure shares equally troubling vulnerabilities. Positive Train Control, mandated to prevent train collisions, relies on a proprietary wireless protocol operating on the 220 MHz spectrum, now proven susceptible to unauthorized access. Recent cybersecurity research demonstrated that reverse-engineered radios allow attackers to intercept and manipulate safety-critical signals, highlighting dangerous gaps in rail cybersecurity.

Despite these vulnerabilities, the rail industry is pushing back against recent Transportation Security Administration cybersecurity proposals. Industry representatives argue that these regulations — including classifying PTC as a critical cyber system — are economically burdensome, unnecessarily prescriptive, and distract from existing security measures.

Meanwhile, the rail industry's continued push toward consolidating essential safety systems, including the Centralized Traffic Control system, onto the vulnerable 220 MHz spectrum further amplifies cybersecurity risks, potentially turning vital infrastructure into a strategic liability during a crisis. This behavior abounds across the critical infrastructure industries, as executives push for low-cost solutions vs. upgrading to more secure ones. Extrapolating this across every sector, we can see how there might be tens if not hundreds of critical single points of failure.

Unfortunately, self-fostered troubles like these even extend off-planet. Space launch infrastructure, critical for U.S. national security and economic stability — supporting GPS, global communications, and defense missions — also remains vulnerable. Decades-old launch facilities and outdated digital control systems present glaring cybersecurity weaknesses. Cyber disruptions in this sector could sabotage vital satellite deployments or delay crucial defense missions precisely at critical times.

Securing transportation infrastructure isn’t merely economically prudent — it’s an urgent national security imperative. President Trump's second term provides a crucial opportunity to decisively address these vulnerabilities. Ports, railways, and space launch systems are not simply economic assets; they are strategic arteries our adversaries will target to incapacitate America’s response capabilities during crises.

America must prioritize embedding cybersecurity resilience in every aspect of transportation infrastructure modernization. Allowing short-term efficiencies to override cybersecurity leaves America dangerously exposed exactly when strength and reliability are most crucial.

Mike Pompeo: Biden MUST hold Putin accountable for cyberattacks, 'This is an attack on America'



President Joe Biden and world leaders are spending the week discussing the biggest issues across the globe. But Mike Pompeo, former Secretary of State during the Trump administration, believes more needs to be done.

Pompeo joined the "Glenn Beck Radio Program" Tuesday to talk about President Biden's upcoming meeting with Russian president Vladimir Putin, and to explain why he believes it's not just "appropriate," but necessary to hold Putin accountable for the recent cyberattacks on the Colonial Pipeline and the JBS meat processing company.

Pompeo said it's likely that "at the very least" Putin turned a blind eye to the major attacks against U.S. infrastructure. He stressed that the Biden administration should not abandon private businesses in the face of these ransomware hacks, but rather do everything possible to make sure those businesses' assets are secure from future invasions.

"This is an attack on America," Pompeo said. "It came through an attack on a commercial enterprise, but the capacity for pipelines to move product around on our east coast is an American national security interest.... We have to help these businesses protect their systems, and then there has to be a national effort to impose costs on those who put American lives at risk by denying available product around our country.

"Putin, at the very least, is turning a blind eye to [the cyberattacks], probably more. So, it's appropriate to hold Vladimir Putin and the Russians accountable for the actions taking place inside of their country," he added. "We have to do it, and there are tools by which we can."

Watch the video below to catch more of the conversation:


Want more from Glenn Beck?

To enjoy more of Glenn's masterful storytelling, thought-provoking analysis and uncanny ability to make sense of the chaos, subscribe to BlazeTV — the largest multi-platform network of voices who love America, defend the Constitution and live the American dream.

Putin Flatly Denies That He’s Behind Recent US Cyberattacks

'Just unfounded accusations'
Why We Need to Take Cyberattacks Seriously Before It's Too Late | Ep 288
play icon

Why We Need to Take Cyberattacks Seriously Before It's Too Late | Ep 288

New York Times Gaslights About Gas Station Lines With Blatant Lies After Colonial Pipeline Hack

The New York Times is lying about lines at gas stations, some of which have run out of fuel, after a Russian cybercrime gang attacked the Colonial Pipeline.

Experts Claiming ‘No Evidence’ Of 2020 Fraud Sounded The Alarm About Election Security In 2017

In the 2017 letter, the experts called on Congress and states to address vulnerabilities in U.S. election processes. Now they say there were no election problems.