Anthropic AI Reports: The First AI Orchestrated Cyberattack and What It Means for You

Artificial Intelligence Just Ran a Cyberattack on Its Own

If you've been hearing about artificial intelligence making your life easier, here's the flip side: AI just ran its first cyberattack mostly by itself.

In September 2025, the AI safety company Anthropic discovered something alarming. A group they're calling GTG-1002, linked to China, used AI to break into computer systems at major companies and government agencies. But this wasn't someone using AI to write better scam emails. This was AI doing 80 to 90 percent of the actual hacking work on its own.

The human criminals? They mostly just approved what the AI wanted to do next, like managers signing off on decisions rather than doing the work themselves.

This matters because it changes everything about how we think about cybersecurity and who can launch these kinds of attacks.

How Did This Happen?

The attackers used a tool called Claude Code and built a system that could break down complex hacking operations into smaller tasks. The AI handled things like:

• Finding weaknesses in computer systems
• Testing stolen passwords
• Moving from one system to another inside a network
• Analyzing stolen data to find valuable information

Here's the scary part: the criminals tricked the AI into thinking it was doing legitimate security testing for a cybersecurity company. The AI didn't know it was being used for crime. It thought it was helping protect systems, not attack them.

The attacks ran for about ten days before Anthropic's detection systems caught on and shut it down. During that time, the AI targeted roughly 30 organizations, including technology companies, banks, manufacturing firms, and government agencies. Several of those attacks succeeded.

This Was Predictable

Security experts have been warning about this for years. The building blocks were already out there:

Government research projects proved that computers could find and exploit security holes automatically. University researchers showed that AI could attack websites on its own. Open source software provided ready-made frameworks for this kind of automation.

Even the bad guys were experimenting. Tech companies like Google and Microsoft documented thousands of cases where state-backed hacking groups from China, Russia, Iran, and North Korea used AI for research, writing phishing emails, and creating malware.

One particularly nasty piece of malware called PROMPTFLUX even used AI to rewrite its own code every hour, making it nearly impossible for antivirus software to detect.

All the pieces were in place. GTG-1002 just put them together.

The Good News and the Bad News

Here's something important: the AI wasn't perfect. It frequently made mistakes, claiming it had stolen passwords that didn't actually work or finding "critical information" that turned out to be publicly available. This AI hallucination problem meant the criminals still had to carefully check everything the AI claimed to accomplish.

But that's temporary. AI systems are getting better rapidly, and those mistakes will become less common.

The real problem is this: AI can work faster than any human team can defend against. A system that can scan networks, test passwords, and update its strategy in continuous loops operates at machine speed. Human security teams simply can't keep up.

What This Means for Long Island Businesses and Families

If you run a business on Long Island, this should concern you. The same AI tools that major corporations worry about can now be turned against small and medium-sized businesses. The barrier to launching sophisticated cyberattacks just dropped dramatically.

You don't need a team of expert hackers anymore. You need one person who knows how to set up the AI and let it run.

For families, this means the data breaches that expose your personal information, credit card numbers, medical records, and social security numbers are likely to become more frequent and harder to prevent.

What Can Be Done?

Anthropic caught this attack and shut it down. They banned the accounts, notified the victims, and worked with law enforcement. They've improved their detection systems to catch similar attacks faster.

But here's the thing: the same AI capabilities that criminals use for attacks are also crucial for defense. Security teams are now using AI to detect threats, analyze suspicious activity, and respond to attacks at the same machine speed that attackers operate.

The answer isn't to stop developing AI. The answer is to build better rules and oversight.

Security experts talk about "checkpoint based governance," which is a fancy way of saying: let AI do the fast analysis work, but require a human to approve important decisions. In the GTG-1002 attack, the criminals actually followed this model. They let the AI do reconnaissance and testing, but they had to approve before the AI moved to the next stage of the attack.

That approval process creates a record. That record creates an audit trail. That trail is how you maintain accountability even when systems move faster than humans can monitor in real time.

What Happens Next

This attack proves that AI-powered cybercrime is no longer theoretical. It's here. The techniques used in GTG-1002 will spread to other criminal groups. Less experienced hackers will gain access to tools that used to require elite skills.

For businesses and individuals, this means:

Take basic security seriously. Use strong, unique passwords. Enable two-factor authentication. Keep software updated. These basics still matter, perhaps more than ever.

Expect more data breaches. Companies you do business with will face more sophisticated attacks. Monitor your credit reports. Consider credit freezes. Be skeptical of unexpected emails and messages.

Support better regulation. AI governance isn't just a tech industry problem. It affects everyone. Lawmakers need to understand these threats and create appropriate oversight without stifling the defensive uses of AI.

The GTG-1002 operation is a wake-up call. Artificial intelligence is powerful enough to run cyberattacks largely on its own. The technology will continue to improve. The question is whether our defenses and our governance systems can keep pace.

This moment doesn't mean we've lost control. It means we need to be intentional about maintaining control as these systems get faster and more capable.

The road ahead requires businesses to take AI-powered threats seriously, security teams to adopt AI-powered defenses, and society to develop better rules for accountability and oversight.

Technology moves fast. Our response needs to move faster.

For technical details and complete source documentation, visit: https://medium.com/@basilpuglisi/the-first-ai-orchestrated-cyberattack-and-the-road-we-chose-not-to-see-54087393a22a?sk=b285db21626deef2137c450637d1b36e