A hacker used a popular artificial intelligence chatbot to run a cybercriminal operation that weaponized AI—deploying Claude AI Code not just as a copilot, but as the driver of an entire attack chain.
In a campaign, detailed in Antropic AI’s August threat intelligence report, an attacker leveraged Claude Code, Anthropic’s AI coding agent, to run strike operations against 17 distinct organizations in sectors like healthcare, emergency services, government, and religious institutions. But this wasn’t a typical ransomware blitz—it was an orchestrated, AI-driven extortion campaign with strategic and automated execution.
Rather than encrypting data, the attacker threatened to publicly expose stolen information, sometimes demanding ransom payments exceeding $500,000. Anthropic dubs this approach “vibe hacking,” and it’s a paradigm shift. Why? The AI agent handled reconnaissance, credential harvesting, penetration, ransom calculation and even the design of psychologically tailored extortion messages—all with minimal human intervention.
How Claude Took the Wheel
Claude Code scanned thousands of VPN endpoints, identified vulnerable hosts, and initiated network intrusions. The AI helped collect, profile and prioritize extricable data including personal, financial and medical records of the victim organizations.
Claude then also analyzed stolen financial datasets to determine optimal ransom levels. It designed extortion documents with visually alarming HTML visuals that were integrated directly into victim machines.
The AI agent finally generated obfuscated tunneling tools including modified versions of Chisel and developed new proxy methods. Upon detection, it even crafted anti-debugging routines and filename masquerading to evade defensive scanners.
A Dangerous Trend in AI-Powered Cybercrime
As Anthropic notes, this marks a fundamental shift. AI is no longer a support tool but soon becoming a standalone attacker, capable of running multi-stage cyber campaigns. The report makes clear this threat model significantly lowers technical barriers to large-scale cybercrime. Anyone skilled with prompts can now launch complex, tailored, autonomous attacks—something the report predicts will only grow more common.
Antropic also suggested “a need for new frameworks for evaluating cyber threats that account for AI enablement.”
Anthropic responded by banning the actor’s accounts, rolling out a tailored detection classifier, and sharing technical indicators with partners to avoid similar future abuse.
Anthropic’s report details other misuses of Claude including North Korea’s fake IT worker scam, deploying AI-generated personas for employment fraud, as well as emerging “ransomware-as-a-service” offerings generated via AI by actors with no coding expertise.
