An attacker turned an AI chatbot into a full-scale criminal operation. The target: at least 17 companies across healthcare, government, and emergency services. The tool: Claude, Anthropic’s advanced AI.
The result is a cybercrime campaign of staggering scope and sophistication.
Anthropic revealed the operation in a report released this week. The bad actor leveraged Claude Code, a chatbot designed to write software from simple prompts, to identify vulnerable targets.
Then, it created malware to steal sensitive files, organized the stolen data, analyzed financial documents, suggested ransom amounts in bitcoin, and even drafted the extortion emails themselves.
“The actor used AI to what we believe is an unprecedented degree,” the report said. “Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks.”
Making Tactical, Strategic Decisions
Anthropic added: “Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts and generated visually alarming ransom notes that were displayed on victim machines.”
These AI models are being used in ways Anthropic has never seen. Threat actors are actively trying to circumvent its safeguards.
The operation shows a dangerous new reality. AI is no longer just a tool for advice. It has become an active participant in crime. Agents with minimal coding skills can now run attacks that once required teams of experienced hackers.
Fraudsters are embedding AI in every stage of their schemes: profiling victims, stealing data, generating ransomware, even building fake identities to extend reach.
Vibe Hacking: AI in Extortion
The report details the most striking case. The hacker didn’t encrypt stolen files in typical ransomware fashion. Instead, Claude helped identify the most sensitive data and craft threats to leak it publicly. Extortion demands reached six figures.
Claude handled reconnaissance, harvested credentials, and made tactical decisions. It analyzed stolen financials to suggest ransom amounts. It generated visually alarming ransom notes for victim systems. Anthropic’s team even simulated a custom ransom note to demonstrate the method.
This is an evolution in AI-assisted cybercrime. These attacks adapt in real time to defenses like malware detection.
How it Was Used
North Korean IT operatives also exploited AI. Using Claude, they created fake identities, aced coding assessments, and even delivered real work once employed by US Fortune 500 tech firms. AI eliminated the need for years of specialized training, letting unskilled operators bypass barriers that once slowed the regime’s scams.
In another case, a cybercriminal used Claude to develop, market, and sell ransomware-as-a-service online. Packages with advanced encryption and anti-detection features went for $400 to $1,200. Without the AI, the criminal likely could not have created functioning malware.
Anthropic’s Response
All implicated accounts have been banned. New detection tools and classifiers have been deployed. Technical indicators have been shared with authorities. Each incident informed improvements to safety measures.
The report warns that AI-enhanced cybercrime will grow. Attacks like these will become more common as AI lowers the bar for technical expertise and amplifies reach.
The Dark Side of AI’s Helpful Nature
“This really isn’t surprising when you think about it,” adds Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4. “Criminals have always been quick to adopt new technologies, and AI tools are no exception – just like the rest of us office workers have integrated AI into our workflows. AI chatbots are fundamentally designed to be helpful and please their users, which makes them vulnerable to manipulation even with guardrails in place.”
Collard says a determined bad actor can often find ways to trick these systems into assisting with unethical activities, as we saw here with Claude being used for everything from identifying targets to writing ransom notes. “It’s essentially the dark side of AI’s helpful nature, the same eagerness to assist that makes these tools so useful for legitimate work can be exploited for criminal purposes.”
Less Time and Effort
Satish Swargam, principal security consultant at Black Duck, said: “Hackers are known to use sophisticated tools to launch cyber-attacks, and Anthropic’s recent report shows how hackers are now using AI chatbots to discover, prepare, and formulate attacks to make them even more effective with less time and effort. Nowadays, even novices can utilise AI chatbots to launch cyberattacks, highlighting how easily this can be done.
“In this case, Swargam says AI security controls have helped in identifying unethical use of AI chatbots, but they are often too late in preventing an attack. “Interestingly, the AI chatbot also helped determine the ransom amount to be demanded from the breached company in exchange for not disclosing the stolen data. Companies should proactively address these vulnerabilities when using AI tools by adopting robust cybersecurity measures such as DLP controls and staying abreast of technological advancements to prevent such scenarios and ensure uncompromised trust in software, especially in today’s regulated and AI-powered world.”
Look Where the Information Goes
Nivedita Murthy, senior security consultant at Black Duck, added: “Attackers using AI to improve their attack methods or increase automation is not surprising. However, in this case, it is interesting to note that Claude Code had a wealth of information on which organizations were vulnerable and where. It also freely gave away this information in the form of an attack vector.”
She says what organizations need to really look into is how much the AI tools they use know about their company and where that information goes. While AI usage has been highly beneficial to all, organizations need to understand that AI is a repository of confidential information that requires protection, just like any other form of storage system. Accountability and compliance are core requirements of doing business. While embracing AI at scale, these two factors need to be kept in mind.”
A Turning Point in the Evolution of Cybercrime
Jamie Akhtar, CEO and Co-founder of CyberSmart, says: “The revelation that cybercriminals have begun using generative AI to automate ransomware campaigns marks a turning point in the evolution of cybercrime. According to Anthropic, attackers have exploited Claude to identify vulnerable organisations, infiltrate networks, exfiltrate sensitive data, and even craft tailored ransom demands all without the deep technical expertise usually required.”
This demonstrates how AI has dramatically lowered the barrier to entry, enabling less-skilled actors to launch highly effective attacks at scale, Akhtar adds. “The fact that targets have included healthcare, emergency services, and government institutions only underscores the severity of this development.
For individuals and organisations, Akhtar says the lesson is clear: “AI-enabled attacks are no longer theoretical but a present and growing risk. To stay safe, businesses must prioritise patching and hardening exposed systems, adopt multi-factor authentication, and train staff to spot even the most convincing phishing attempts. Regular external-attack surface monitoring and the deployment of advanced detection tools can help intercept automated threats before they cause damage. Meanwhile, individuals should be cautious of unexpected communications, keep software updated, and use strong, unique passwords. In the age of AI-powered cybercrime, vigilance and layered defences are essential.”
A Wake-Up Call
Martin Kraemer, Security Awareness Advocate at KnowBe4, calls Anthropic’s report a wake-up call. “We are no longer waiting for AI to disrupt cybercrime. It is happening. Cybercrime as a business is fundamentally changing, fully reaping the efficiency and quality benefits of AI. As a result, we must expect more sophisticated and more widespread attacks.
Kraemer says attackers will tenaciously work with AI to make money from businesses of all sizes, while the AI enables efficiencies of scale where no business can deem itself unappealing to an attacker because of its size, sector, or location. “Attackers exploiting AI automation lowers the threshold of being a viable target that appears on attackers’ radar for any given organization. After all, running a full attack chain got a lot cheaper.”
While this is proof of AI-powered cybercriminal organizations, Kraemer says the next step of evolution is only around the corner. “We are seeing early versions of malware with built-in AI capability. Once criminals have figured out the architecture of running AI inside malware and during deployment at the target organization, AI-powered agentic malware reacts to and evades defense mechanisms will become a reality. The defensive side must implement intelligent, agentic defense agents to combat this challenge asap.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.