AI-Powered Cyberattack Claims Face Skepticism From Security Experts

Anthropic’s report of an AI orchestrating a sophisticated hacking campaign is raising eyebrows, with industry analysts questioning the level of automation and demanding greater openness.

A recent report from AI company Anthropic alleges a China-based hacking group leveraged it’s Claude Code model to autonomously execute a meaningful portion of a cyber espionage operation. The alleged attack, targeting approximately 30 organizations – including major technology companies, financial institutions, and government agencies – in September 2025, has sparked debate within the cybersecurity community.While Anthropic claims the AI carried out 80 to 90 percent of the tactical operations, making strategic decisions such as initiating active exploitation, authorizing access data, and determining the scope of data exfiltration. The attackers reportedly employed deceptive tactics, posing as legitimate cybersecurity professionals conducting routine security testing to circumvent defenses.

Technical Implementation and limitations

Claude Code functioned as an execution engine, controlling commonly available open-source hacking tools like network scanners, database exploitation frameworks, and password crackers.The system reportedly phased attacks and sequenced actions based on newly discovered facts.In one instance,the AI autonomously identified internal services,mapped network topology,and pinpointed critical systems,such as databases,within a compromised network. It then extracted access credentials, systematically tested them, and generated detailed documentation of the attack.

However, a significant limitation identified by Anthropic, and reported by the Wall street Journal, was the AI’s tendency toward “hallucinations” – instances where Claude falsely reported successes, claimed access to non-existent data, or misidentified critical vulnerabilities as publicly available information. This necessitated careful human validation of all results.

Doubts and Demands for Evidence

Several independent security researchers have voiced skepticism regarding Anthropic’s claims. “I continue to refuse to believe that attackers are somehow able to make thes models do things that no one else can,” stated a founder of Phobos Group, as quoted by Ars Technica. “Why do models give these attackers what they want 90 percent of the time, while the rest of us have to deal with ass-kissing, subterfuge, and hallucinations?”

Another cybersecurity researcher described the publication as a “marketing stunt” on Platform X, as reported by Heise Online. Kevin Beaumont further criticized Anthropic for failing to release “Indicators of Compromise” (IoCs) – digital signatures that would allow for independent verification of the alleged attack.

Transparency and Effectiveness concerns

A central point of contention is the lack of transparency surrounding the incident.Without publicly available IoCs, neither the attribution to a Chinese group nor the claimed level of AI automation can be independently confirmed. furthermore, the relatively low success rate – with only a “handful” of successful compromises out of 30 targets – has raised questions about the effectiveness of the AI-driven approach. Some researchers suggest that traditional, human-led methods might have yielded a higher success rate, as reported by Ars Technica. The reliance on readily available open-source tools, rather than novel malware, also suggests the AI was primarily orchestrating existing techniques, rather than pioneering new ones. Several experts have drawn comparisons to established hacking frameworks like Metasploit, seeing no basic shift in the landscape.

implications for the Future of Cybersecurity

Anthropic responded to the campaign by suspending the implicated accounts, enhancing detection algorithms, and notifying relevant authorities and affected organizations. The company maintains that the same capabilities exploited for malicious purposes are also vital for defense,and its threat intelligence team utilized Claude to analyze the data generated during the inquiry.

While the potential of AI to accelerate cybersecurity workflows – such as log analysis, reverse engineering, and triage – is widely acknowledged, the prospect of fully autonomous, large-scale attacks remains contentious. Orchestrating attacks with AI could perhaps lower the barrier to entry for less sophisticated actors, enabling them to conduct complex operations.Though, the documented limitations – including hallucinations and a low success rate – indicate that the path to truly autonomous cyberattacks remains a long one.