The results of AI-assisted hacking aren’t as impressive as many might have us believe.Researchers from Anthropic said they recently observed the “first reported AI-orchestrated cyber espionage campaign” after detecting China-state hackers using the company’s Claude AI tool in a campaign targeting dozens of targets. Outside researchers are much more measured in describing the significance of the discovery.Anthropic published the reports on Thursday here and here. In September, the reports said, Anthropic discovered a “highly sophisticated espionage campaign,” carried out by a Chinese state-sponsored group, that used Claude Code to automate up to 90 percent of the work. Human intervention was required “only sporadically (perhaps 4-6 critical decision points per hacking campaign).” Anthropic said the hackers had employed AI agentic capabilities to an “unprecedented” extent.“This campaign has substantial implications for cybersecurity in the age of AI ‘agents’—systems that can be run autonomously for long periods of time and that complete complex tasks largely independent of human intervention,” Anthropic said. “Agents are valuable for everyday work and productivity—but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks.”
pull down to refresh
related posts
142 sats \ 25 replies \ @optimism 3h
That's a more straightforward way of saying it than I said yesterday. I also don't really believe the story.
It sounds like someone that has literally no idea what they are talking about wrote something, fed it to Claude for sounding better, then the PR person redlined it and made even more fantastic claims, also fed it through Claude, and then they published it.
reply
100 sats \ 14 replies \ @0xbitcoiner OP 2h
😂
I don’t know enough to draw any solid conclusions, but what Dan Tentler said made me suspicious of this report. I do believe there might be some AI-driven automation involved, but jumping from that to claiming it was over 90% autonomous is hard to believe, and I imagine it’s hard to measure anyway. My guess is they’re working off rough estimates. From the diagram in the report, it looks like there could be some automation in each stage, but the results still get handed back to a human operator, and that’s where the big question about the real level of automation comes in.
reply
157 sats \ 13 replies \ @optimism 2h
Its worse. code analysis? Like Claude finding 0days? Why doesn't it say "hey Claude discovered some vulns and we reported them to the respective software maintainers"? Because how did Claude get the source code? Did it also hack a MS dev workstation and fetch the code?
reply
100 sats \ 12 replies \ @0xbitcoiner OP 2h
I’m not sure I’m understanding what you’re saying. Are you saying the attacker had access to the victims’ source code?
In the report they don’t mention who was attacked, they only say that the vulnerabilities identified by the human attacker were exploited.
Basically, they ‘just’ exploited API vulnerabilities using credentials that were found in the earlier phases. At least that’s how I understood it, I might be wrong.
reply
33 sats \ 11 replies \ @optimism 2h
Major tech corporations, financial institutions, chemical manufacturing companies and government agencies run systems with known RCE and/or SQL injection vulns?
reply
100 sats \ 1 reply \ @Cje95 1h
They/we (government entities in the US) are always having our computers updated and restarted so they are constantly addressing it. We also are limited with the number and type of programs, software, and internet connections we can have. Places like the NNSA and National Labs are extremely strict in what outside electronics you can even bring in heck Apple Watches are not allowed there is only one type of Garmin watch you can wear (if you want to wear a smart watch).
reply
0 sats \ 0 replies \ @optimism 1h
Yeah. I haven't heard about any CISA people getting laid off either.
reply
0 sats \ 8 replies \ @0xbitcoiner OP 2h
That’s already beyond what I know!
reply
33 sats \ 7 replies \ @optimism 1h
I've worked with several government departments, fintechs and manufacturers in several countries over the years. This would mean there is a serious regression if they no longer pay attention to infosec and run vulnerable software like that. If its 0days then Anthropic could have saved the day - would be something better to brag about than this fantasy story.
reply
100 sats \ 6 replies \ @0xbitcoiner OP 1h
I get what you’re saying, but in this case there was supposedly a human operator who interpreted the data collected by the AI and then directed the attack. What I mean is that those 0-day vulnerabilities might not have been found by the AI, but by the human. But this is just me wondering, I have no idea how it actually went down.
view all 6 replies
0 sats \ 9 replies \ @Cje95 1h
My question/thought is that is Anthropic self reporting to get ahead of it? I mean Chinese hackers are known to be top tier and they have hacked the US time and time again so I feel like if anyone would it would be them.
That being said as well I am surprised Anthropic was able to also detect it.
reply
10 sats \ 8 replies \ @0xbitcoiner OP 1h
reply
100 sats \ 7 replies \ @Cje95 1h
I should rephrase what I said.... I am surprised that whoever manipulated the code wasnt able to disguise it better to avoid detection. I also question how long it took them to detect it. They frame it as the quickly identified it (or at least that is how I read it) and that runs counter to how most of this goes. Hell if anything was this possibly done by the group to cause a panic because again it was detected and based on how I am reading it it was quickly detected.
reply
10 sats \ 4 replies \ @optimism 1h
That's why it so dumb. Everyone knows that the llm service providers read everything. I'd be more worried about someone that runs it from their Mac mini cluster without using Claude
reply
100 sats \ 3 replies \ @Cje95 57m
110% agree! It makes me wonder just they did this and is it because they are scared of something and so this nothing burger kinda give them coverage of hey look we are self reporting blah blah blah and people will just roll with it.
reply
112 sats \ 2 replies \ @optimism 49m
I think its marketing really
reply
100 sats \ 1 reply \ @Cje95 45m
Yeah that would make a ton of sense. It not only separates them from OpenAI with a whole transparency bit but also a hey look our stuff was so good hackers use it.
view all 1 replies
10 sats \ 1 reply \ @0xbitcoiner OP 1h
Is two months considered fast?
reply
0 sats \ 0 replies \ @Cje95 1h
It was 2 months to notify the public but once it was detected these companies notify those 30 entities. They dont really state how long the action could have been taking place. For instance with Brave's research into AI browsers prompt injection attacks the Brave team notifies the company and has waited typically a couple of weeks before releasing the information publicly.
reply