reply on: Researchers question Anthropic claim that AI-assisted attack was 90% autonomous \ stacker news ~AI

pull down to refresh

0 sats \ 9 replies \ @Cje95 3h \ parent \ on: Researchers question Anthropic claim that AI-assisted attack was 90% autonomous AI

My question/thought is that is Anthropic self reporting to get ahead of it? I mean Chinese hackers are known to be top tier and they have hacked the US time and time again so I feel like if anyone would it would be them.

That being said as well I am surprised Anthropic was able to also detect it.

10 sats \ 8 replies \ @0xbitcoiner OP 2h

The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.

https://www.anthropic.com/news/disrupting-AI-espionage

100 sats \ 7 replies \ @Cje95 2h

I should rephrase what I said.... I am surprised that whoever manipulated the code wasnt able to disguise it better to avoid detection. I also question how long it took them to detect it. They frame it as the quickly identified it (or at least that is how I read it) and that runs counter to how most of this goes. Hell if anything was this possibly done by the group to cause a panic because again it was detected and based on how I am reading it it was quickly detected.

10 sats \ 4 replies \ @optimism 2h

That's why it so dumb. Everyone knows that the llm service providers read everything. I'd be more worried about someone that runs it from their Mac mini cluster without using Claude

100 sats \ 3 replies \ @Cje95 2h

110% agree! It makes me wonder just they did this and is it because they are scared of something and so this nothing burger kinda give them coverage of hey look we are self reporting blah blah blah and people will just roll with it.

112 sats \ 2 replies \ @optimism 2h

I think its marketing really

100 sats \ 1 reply \ @Cje95 2h

Yeah that would make a ton of sense. It not only separates them from OpenAI with a whole transparency bit but also a hey look our stuff was so good hackers use it.

10 sats \ 0 replies \ @optimism 2h

hey look our stuff was so good hackers use it.

Yep! I think that that's the underlying message they want to get across.

Now, we know that it's not true either. I still have to correct Claude 4.5 a lot and I am always aBsOlUtElY rIgHt.

10 sats \ 1 reply \ @0xbitcoiner OP 2h

I also question how long it took them to detect it. They frame it as the quickly identified it (or at least that is how I read it) and that runs counter to how most of this goes.

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign.

https://www.anthropic.com/news/disrupting-AI-espionage

Is two months considered fast?

0 sats \ 0 replies \ @Cje95 2h

It was 2 months to notify the public but once it was detected these companies notify those 30 entities. They dont really state how long the action could have been taking place. For instance with Brave's research into AI browsers prompt injection attacks the Brave team notifies the company and has waited typically a couple of weeks before releasing the information publicly.