The cyberattack that ran itself (and what it means for you)
Last week, Anthropic (the company behind Claude AI) released a report that changes everything about how we think about cyberattacks.
They discovered a Chinese state-sponsored group using AI to execute attacks with 80-90% autonomy. Not "AI-assisted." Fully autonomous operations.
What Happened
The attackers built a framework that used Claude AI to autonomously scan networks, find vulnerabilities, write exploit code, harvest credentials, move laterally, and extract data. Human involvement came down to choosing targets and approving escalations.
The AI ran nonstop across more than 30 simultaneous targets and moved faster than any human team could. The result was multiple successful breaches of major technology companies and government agencies.
But there was one major limitation. Claude sometimes overstated findings or fabricated data. It occasionally claimed to have credentials that did not work or flagged “critical” discoveries that turned out to be public information. The operators had to validate every result. This remains a real obstacle to fully autonomous attacks, but not a barrier to highly effective ones.
The Problem
Traditional security monitoring was built for human attackers. It looks for human patterns: login times, request rates, behavioral anomalies.
But AI doesn't follow human patterns. Humans make 10-20 requests per minute. AI makes multiple per second. Humans work 8-hour shifts. AI operates continuously. Humans make mistakes. AI executes flawlessly.
Traditional detection systems look for human behavior. AI bypasses them completely.
And here's the kicker: The AI harvested credentials and moved through systems using legitimate access. When attacks use authorized credentials through legitimate pathways, traditional security tools can't tell the difference between normal activity and a breach.
What Actually Matters
This isn't about fear. It's about operational reality.
If a well-resourced state actor can use commodity AI tools to execute attacks at this scale, what does that say about your detection capabilities?
The organizations getting ahead of this? They're asking different questions:
Recommended by LinkedIn
Not "Do we have security tools?" but "Would we detect credential harvesting happening at AI speed?"
Not "Do we monitor our network?" but "Can we identify lateral movement that occurs in minutes instead of days?"
Not "Do we have incident response procedures?" but "Are our detection systems built for autonomous attacks or human attackers?"
The Bottom Line
AI-powered attacks are real. They're happening now. And they're only getting more sophisticated.
Anthropic's report proves the fundamental problem: Traditional detection systems look for human behavior, but AI doesn’t follow those patterns.
AI-powered attacks aren't slowing down. They're accelerating.
The organizations that survive are the ones who stop monitoring for yesterday's threats and start preparing for today's reality.
Read the full Anthropic report here: Disrupting the first reported AI-orchestrated cyber espionage campaign \ Anthropic
Nolan Garrett – CEO
Not sure if you're ready for AI-powered attacks?
Let's chat. 15 minutes. We'll discuss your monitoring setup and where your biggest gaps are.
No pitch. Just honest feedback.
I’m seeing this play out every week with our clients. The real shift isn’t just more attacks, it’s the acceleration of the volume. When AI can map a network and pivot in minutes, relying on human-only processes becomes a liability. Staying ahead means tightening the basics and giving your team tools that react as fast as the threats do.