Anthropic has released a detailed report documenting an intrusion campaign in which an AI system executed nearly the entire attack lifecycle with minimal human oversight.

A state-sponsored actor used Claude Code to automate reconnaissance, exploit development, credential harvesting, lateral movement, and data extraction — with human operators stepping in only at a few decision points.

What stands out is that the operation relied on standard, widely available tools executed at machine speed. This shifts how organisations need to think about modern intrusion risk.

What Happened

In Anthropic’s technical report, the threat actor (GTG-1002) impersonated employees of a cybersecurity firm inside the LLM to bypass model guardrails. By presenting themselves to Claude Code as legitimate internal staff and framing each request as routine engineering work, they avoided safety checks designed to block harmful actions.

By breaking malicious goals into small, benign-looking tasks and shaping each prompt as part of an internal audit or engineering workflow, they manipulated Claude Code into performing harmful operations.

Key findings include:

• 80–90% of the intrusion workflow was performed by AI

• Thousands of operations were executed per second

• ~30 organisations were targeted

• Claude handled reconnaissance, exploitation, credential harvesting, and data triage

• Human operators intervened only 4–6 times per target

Anthropic’s public summary — Disrupting AI Espionage — reinforces the conclusion: this was not AI “assisting” an attacker. It was an AI system running the intrusion autonomously. Independent analysis, such as SecureWorld’s coverage, reached similar conclusions.

Why This Matters

This development challenges several core assumptions behind how organisations assess and maintain security.

1. Machine-speed intrusions shrink detection windows

Human-paced attacks leave traces. AI-driven automation does not. Thousands of reconnaissance, exploitation, and privilege-escalation actions can occur in seconds.

2. The barrier to sophisticated attacks has dropped

The campaign relied heavily on commodity tools. Once workflows like this propagate, smaller actors will be able to run operations previously limited to state-level capabilities.

We covered this broader shift — how generative AI expands both offensive and defensive capabilities — in our full guide: How Can Generative AI Be Used in Cybersecurity

3. Periodic testing is misaligned with continuous threats

Annual pentests and quarterly scans cannot model machine-paced intrusion cycles. Point-in-time visibility leaves long defensive gaps that automated attack loops can exploit immediately.

4. AI safety controls can be bypassed through task decomposition

By breaking malicious intent into a series of small, context-shaped tasks, the threat actor manipulated guardrails. Defence cannot rely solely on model-level safeguards.

Lessons for Modern Security Teams

This is not an isolated anomaly — it’s an indicator of the operational shift underway. Security teams should adapt in several ways.

Continuous Visibility Over Periodic Checks

Monitor cloud assets, exposed services, credentials, and misconfigurations in real time. Environments change daily; point-in-time assessments cannot keep pace.

Automated Exploit Validation

If attackers can auto-generate and chain exploits, defenders need automated validation pipelines to identify exposures before adversaries do.

Identity-Centric Defence

In the Claude case, AI excelled at credential harvesting and lateral movement. Strengthening identity security is now essential:

• Short-lived credentials

• MFA everywhere

• Privilege segmentation

• Monitoring identity anomalies continuously

Improved Signal-to-Noise Handling

AI agents can generate high-volume reconnaissance noise. Detection systems must evolve to identify meaningful signals rather than simply produce more alerts.

Adversary Simulations Must Include AI-Driven Intrusions

Red-team programs should model loop-based automated attacks, not just human-paced adversaries. This exposes gaps that traditional simulations miss.

Credit to Anthropic

Anthropic handled this discovery responsibly and transparently:

• Early detection

• Detailed forensic analysis

• Coordination with affected partners

• Public, technical reporting

• Strengthening of model guardrails and safety systems

Their openness sets a standard for responsible AI security research and benefits the entire industry.

How Sekurno Is Responding

Our roadmap already aligns with the realities highlighted in the Anthropic report.

Continuous Attack Surface Exposure Monitoring

Replacing slow, periodic assessments with 24/7 visibility into cloud assets, APIs, secrets, and configurations.

Automated Exploit-Validation Workflows

Shortening the gap between exposure and action by validating risks at machine speed.

Identity- and Cloud-Centric Security Advisory

Strengthening identity, segmentation, and telemetry — the areas modern intrusion campaigns target first. AI-driven intrusions are no longer hypothetical. They are an active capability. Defence needs to evolve accordingly.

Want to Reassess Your Exposure?

If you're evaluating how AI-driven intrusion changes your risk profile — or considering the shift from periodic testing to continuous defence — Sekurno can help you build clarity and a modernised security posture.