pull down to refresh
142 sats \ 25 replies \ @optimism 4h \ on: Researchers question Anthropic claim that AI-assisted attack was 90% autonomous AI
That's a more straightforward way of saying it than I said yesterday. I also don't really believe the story.
It sounds like someone that has literally no idea what they are talking about wrote something, fed it to Claude for sounding better, then the PR person redlined it and made even more fantastic claims, also fed it through Claude, and then they published it.
đ
âWhy do the models give these attackers what they want 90% of the time but the rest of us have to deal with ass-kissing, stonewalling, and acid trips?â
I donât know enough to draw any solid conclusions, but what Dan Tentler said made me suspicious of this report. I do believe there might be some AI-driven automation involved, but jumping from that to claiming it was over 90% autonomous is hard to believe, and I imagine itâs hard to measure anyway. My guess is theyâre working off rough estimates. From the diagram in the report, it looks like there could be some automation in each stage, but the results still get handed back to a human operator, and thatâs where the big question about the real level of automation comes in.
reply
Its worse. code analysis? Like Claude finding 0days? Why doesn't it say "hey Claude discovered some vulns and we reported them to the respective software maintainers"? Because how did Claude get the source code? Did it also hack a MS dev workstation and fetch the code?
reply
Iâm not sure Iâm understanding what youâre saying. Are you saying the attacker had access to the victimsâ source code?
In the report they donât mention who was attacked, they only say that the vulnerabilities identified by the human attacker were exploited.
The operation targeted roughly 30 entities and our investigation validated a handful of successful intrusions.
Initial targets included major technology corporations, financial institutions, chemical manufacturing companies, and government agencies across multiple countries.
Basically, they âjustâ exploited API vulnerabilities using credentials that were found in the earlier phases. At least thatâs how I understood it, I might be wrong.
reply
Major tech corporations, financial institutions, chemical manufacturing companies and government agencies run systems with known RCE and/or SQL injection vulns?
reply
They/we (government entities in the US) are always having our computers updated and restarted so they are constantly addressing it. We also are limited with the number and type of programs, software, and internet connections we can have. Places like the NNSA and National Labs are extremely strict in what outside electronics you can even bring in heck Apple Watches are not allowed there is only one type of Garmin watch you can wear (if you want to wear a smart watch).
Thatâs already beyond what I know!
reply
I've worked with several government departments, fintechs and manufacturers in several countries over the years. This would mean there is a serious regression if they no longer pay attention to infosec and run vulnerable software like that. If its 0days then Anthropic could have saved the day - would be something better to brag about than this fantasy story.
reply
I get what youâre saying, but in this case there was supposedly a human operator who interpreted the data collected by the AI and then directed the attack. What I mean is that those 0-day vulnerabilities might not have been found by the AI, but by the human. But this is just me wondering, I have no idea how it actually went down.
reply
My question/thought is that is Anthropic self reporting to get ahead of it? I mean Chinese hackers are known to be top tier and they have hacked the US time and time again so I feel like if anyone would it would be them.
That being said as well I am surprised Anthropic was able to also detect it.
reply
The threat actorâwhom we assess with high confidence was a Chinese state-sponsored groupâmanipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
reply
I should rephrase what I said.... I am surprised that whoever manipulated the code wasnt able to disguise it better to avoid detection. I also question how long it took them to detect it. They frame it as the quickly identified it (or at least that is how I read it) and that runs counter to how most of this goes. Hell if anything was this possibly done by the group to cause a panic because again it was detected and based on how I am reading it it was quickly detected.
reply
reply
reply
reply
reply
I also question how long it took them to detect it. They frame it as the quickly identified it (or at least that is how I read it) and that runs counter to how most of this goes.
In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign.
Is two months considered fast?
reply
It was 2 months to notify the public but once it was detected these companies notify those 30 entities. They dont really state how long the action could have been taking place. For instance with Brave's research into AI browsers prompt injection attacks the Brave team notifies the company and has waited typically a couple of weeks before releasing the information publicly.
reply