Chinese state-sponsored hackers have tricked Anthropic’s AI technology to help create highly automated break-ins targeting major corporations and foreign governments, according to the Artificial intelligence company.
The Wall Street Journal reports that Anthropic, a leading artificial intelligence company, has revealed that China’s state-backed hackers leveraged its AI technology to automate cyberattacks on an unprecedented scale during a hacking campaign in September. The hackers managed to sidestep Anthropic’s safeguards by posing as security auditors working on behalf of the targeted entities, allowing them to conduct the attacks with minimal human intervention.
According to Jacob Klein, Anthropic’s head of threat intelligence, the hackers’ use of AI automation reached an alarming level, with 80 to 90 percent of the attack being automated. The hackers were able to initiate attacks “with the click of a button” and only required human input at a few critical decision points. This level of automation in cyberattacks is a growing trend that provides hackers with increased speed and scale.
The hacking campaign focused on approximately 30 targets, and while Anthropic claims to have disrupted the attacks and blocked the hackers’ accounts, up to four intrusions were successful before the company intervened. In one instance, the hackers instructed Anthropic’s Claude AI to independently query internal databases and extract data.
The use of AI in hacking is not new, with hackers employing AI tools for tasks such as crafting phishing emails and identifying vulnerable systems. However, the ability to stitch together various hacking tasks into nearly autonomous attacks marks a significant advancement in the field. Other cybersecurity firms, such as Volexity, have also observed China-backed hackers using AI to automate parts of their hacking campaigns against corporations, research institutions, and NGOs.
Anthropic has not disclosed the specific corporations and governments targeted in the attacks but stated that while the U.S. government was not among the victims of a successful intrusion, it would not comment on whether any part of the U.S. government was targeted. The company is confident that the attacks were carried out by Chinese state-backed hackers based on the digital infrastructure used and other evidence.
To conduct the attacks using Claude, the hackers had to bypass Anthropic’s safeguards through a technique called “jailbreaking,” in which they claimed to be performing security audits on behalf of the targets. They also devised a system to break down each phase of the campaign into discrete tasks that did not trigger alarms.
Following the attacks, Anthropic has updated its methods for detecting misuse, making it more difficult for attackers to exploit Claude for similar purposes in the future. However, the incident highlights the dual-use dangers of AI tools, as stronger AI systems can be used to enhance both cybersecurity defenses and attacks.
Read more at the Wall Street Journal here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
