Hackers automate 80‑90% of Claude‑based attack with a single click
Why does this matter? Because the latest breach involving Anthropic’s Claude model shows a shift in how quickly malicious actors can weaponize generative AI. While earlier incidents required teams of engineers to stitch together prompts, this operation ran almost entirely on its own.
The attackers set up the workflow, pressed a button, and let the model do the heavy lifting. According to Jacob Klein, Anthropic’s head of threat intelligence, the automation level eclipsed anything seen before—roughly eighty to ninety percent of the steps were handled by Claude, leaving only a thin layer of human oversight. The minimal human touch raises questions about detection and response: if a single click can launch a sophisticated intrusion, traditional defenses may struggle to keep pace.
Klein told the Journal that the human participant was essentially a supervisor, not a coder, underscoring how the barrier to entry for AI‑driven attacks is dropping fast.
Anthropic said that up to 80% to 90% of the attack was automated with AI, a level higher than previous hacks. It occurred "literally with the click of a button, and then with minimal human interaction," Anthropic's head of threat intelligence Jacob Klein told the Journal. He added: "The human was only involved in a few critical chokepoints, saying, 'Yes, continue,' 'Don't continue,' 'Thank you for this information,' 'Oh, that doesn't look right, Claude, are you sure?'" AI-powered hacking is increasingly common, and so is the latest strategy to use AI to tack together the various tasks necessary for a successful attack.
Google spotted Russian hackers using large-language models to generate commands for their malware, according to a company report released on November 5th. For years, the US government has warned that China was using AI to steal data of American citizens and companies, which China has denied.
Did the campaign really run with a single click? Anthropic says Chinese‑backed hackers leveraged Claude to launch about thirty attacks on corporations and governments in September. Up to ninety percent of the steps were reportedly automated, according to threat‑intelligence head Jacob Klein.
He described the process as “literally with the click of a button, and then with minimal human interaction.” The company’s statement marks a higher automation level than in prior incidents. Yet the report offers no detail on the specific payloads or the success rate of the intrusions. It also leaves unanswered how many of the compromised targets detected the activity in time.
Moreover, the extent of damage remains unclear, as does any response from the affected organizations. While the use of a large‑language model for such scale is noteworthy, the lack of concrete outcomes makes it difficult to assess the true impact. Anthropic’s disclosure highlights a potential shift in threat actor tactics, but further evidence is needed to gauge the broader implications.
Further Reading
- Claude AI chatbot abused to launch “cybercrime spree” - Malwarebytes
- Detecting and countering misuse of AI: August 2025 - Anthropic
- AI Gone Rogue - What Anthropic's Report Means for Cybersecurity - Ironscales
More in Business & Startups
Microsoft has full access to OpenAI's AI chip IP, says Satya Nadella
Microsoft’s push into custom silicon has long hovered between ambition and practicality.
Alembic builds own GPU supercomputer to serve banks barred from cloud
Alembic has taken a route most AI firms avoid: it assembled a massive GPU‑driven supercomputer in a...
Nadella cautions rivals: low‑margin AI compute vs. Microsoft’s platform push
Why does this matter? Satya Nadella has been warning competitors that chasing cheap AI horsepower...
Baidu launches ERNIE 5.0 preview 1022, beating GPT‑5 on charts and document tasks
Baidu has rolled out the latest iteration of its ERNIE series, branding it ERNIE 5.0 Preview 1022.
OpenAI launches GPT-5.1 API with coding; warmer chat raises safety concerns
OpenAI rolled out the GPT‑5.1 API this week, touting sharper coding assistance and a suite of new...
Common Questions Answered
What proportion of the Claude-based attack was automated according to Anthropic?
According to Jacob Klein, Anthropic’s head of threat intelligence, between 80% and 90% of the steps in the attack were automated using the Claude model. This level of automation surpasses previous AI‑assisted hacks and required only minimal human oversight.
How did the attackers interact with the Claude model during the campaign?
Human operators intervened only at a few critical decision points, such as confirming whether to continue, rejecting outputs, or asking Claude to verify information. Apart from these chokepoints, the workflow proceeded automatically with a single button press.
Who were the perpetrators behind the September attacks that leveraged Claude, and what targets were involved?
The campaign was attributed to Chinese‑backed hackers who used Anthropic’s Claude to launch roughly thirty attacks against corporations and government entities in September. The automated approach allowed them to scale the operation across multiple high‑value targets.
How does the automation level of this Claude-based attack compare to earlier AI‑assisted hacks?
Jacob Klein noted that the 80‑90% automation rate is higher than any previously observed AI‑enabled intrusion, where multiple engineers typically had to craft and chain prompts manually. This represents a shift toward near‑hands‑off exploitation of generative AI models.