Artificial intelligence (AI) is evolving to enable greater levels of autonomy. This is the main feature of the agent, a model that on the ground provides answers to requests, but can plan and execute tasks in the name of the user. A malicious attacker cannot escape this possibility. Malicious attackers leverage this “agent” ability to launch sophisticated, large-scale, and low-cost attack campaigns. Anthropic, an American artificial intelligence research and development company founded by former members of OpenAI (whose executive director is Dario Amodei), recently released a report stating that it has detected “the first documented instance of a large-scale cyberattack carried out without substantial human intervention” and that a “Chinese state-backed” group is responsible.
The attack, described as “unprecedented”, had been warned of in mid-September. “We detected suspicious activity, which upon further investigation turned out to be highly sophisticated espionage. The attackers used this capability. agent Utilize AI as an advisory tool on the ground and as a bell for carrying out the cyber attack itself. ”
The individuals, identified by Anthropic as a Chinese state-backed group “with great credence,” manipulated the company’s AI platform, Claude Code, to “attempt to infiltrate global objective exercises, and in a small number of cases were successful.” As with most of these large-scale attacks, the targets were large technology companies, financial institutions, the chemical industry, and government agencies.
Following the detection of the attack, Antrhopic launched a more than 10-day investigation to assess the scope of the attack, block vulnerable AI accounts, and notify both authorities and directly affected organizations.
Attackers use the advanced capabilities of AI to collect passwords and data, and process and analyze it according to their purposes. “They can now search the web, retrieve data, and perform many other actions that were previously the exclusive domain of human operators,” Anthropic explains. Later, it approved coding capabilities so that the AI itself could develop espionage and sabotage programs.
The program used was the company’s proprietary AI “Claude,” but it was equipped with safeguards to prevent malicious use. “Although extensively trained to avoid harmful behavior, it is managed by breaking down attacks into smaller, seemingly innocuous tasks in order to awaken the platform’s shadows or avoid triggering blocking mechanisms. “Mr. Hiscilon believed to Mr. Claude that[the initiator of the process]was an employee of a legitimate cybersecurity company and was using it for defensive testing,” the authors of the Anthropic report explain.
AI operates autonomously in more than 90% of cases, reducing human intervention from 4% to 6% of key decisions.
“This attack represents an escalation in piracy, which now requires more human intervention,” Antropic concludes. But the company emphasizes that just as AI helped with this attack, it has also developed more sophisticated and efficient tools to prevent it.
In this sense, Billy Leonard, head of Google’s threat intelligence group, highlights attempts to use legitimate AI tools and how the developed safeguards force attackers to rely on illegal models. “While adversaries (pirates) are attempting to use traditional AI platforms, security barriers have led many companies to rely on models available on the black market. These tools are open-ended and can offer significant advantages even to those without advanced technology,” he explained in a note.
In this regard, digital security company Kaspersky has detected a new and sophisticated cyber-attack campaign that disseminates malicious language models and endangers the security of users who rely on them without knowing their nature.
The company has identified a program called. browser venomdistributed through a fake AI assistant called DeepSneak. This replaces the DeepSeek-R1 identity and may also be promoted through ads on Google. “The goal is to trick the user into installing it.” software It is malicious and can redirect web traffic to an attacker-controlled server, allowing them to steal credentials and sensitive information,” the company warns.
Cybercriminals use websites Phishing (Incorrect) They manipulated versions of legitimate installers such as Ollama and LM Studio to disguise the attack and also bypass Windows Defender protections.
“This type of threat shows that language models can be implemented locally, but if they are not sourced from verified sources, they can also be useful but also transform into new risk vectors,” Kaspersky warns.
A report from Leonard’s team at Google identifies the origins of key players in the new campaign in China, North Korea, Russia and Iran. malwarefrom social engineering manifestations and selling AI tools to improving every step of your operations. ”
About The Author
