First-Ever AI-Driven Cyberattack Hits 30 Global Organisations!
On 13 November 2025, Anthropic disclosed that a Chinese state-sponsored hacking group exploited its AI model Claude Code to carry out what appears to be the first large-scale cyber espionage campaign executed with minimal human intervention. The attackers targeted around 30 organisations worldwide — including technology firms, financial institutions, chemical manufacturers, and government agencies. First-Ever AI-Driven Cyberattack Hits 30 Global Organisations!
What Happened
- According to the report, Claude Code automated 80–90% of the operational workflow — from reconnaissance and vulnerability discovery, to exploit writing, credential harvesting, lateral movement, and data exfiltration.
- Humans intervened only at a few critical decision points, meaning the attack unfolded at a speed and scale previously unimaginable.
- The use of “agentic AI” — that is, autonomous AI agents capable of chaining complex tasks and making decisions — signals a shift from AI as a tool, to AI as a full-fledged operator.
Security analysts and media have described this campaign as a “watershed moment” in cyber threats.
Implications & Industry Reactions
This incident demonstrates that:
- Barrier to entry for cyberattacks has drastically dropped — even moderately skilled attackers can leverage AI to perform tasks that previously required entire teams of experts.
- Attack speed and scale are now superhuman — thousands of requests per second, continuous scanning, and automated exploitation accelerate the lifecycle of an attack.
- AI can be both weapon and shield — while misused here for espionage, the same AI capabilities could be used defensively: for threat monitoring, automated vulnerability assessment, and fast incident response.
At the same time, some experts have pointed out limitations: for instance, AI “hallucinations” — false or flawed data — sometimes occurred, and full attribution remains challenging.
What This Means for Organisations & Why Staff Training Matters — The Role of AGT
As threats evolve, businesses must strengthen their defenses. At AGT Technology (agt-technology.com), we emphasize that cybersecurity is not just about technology, it’s also about people. Here is why this news matters for our clients and partners:
- Automated attacks don’t just exploit software vulnerabilities, they exploit human vulnerabilities too. Social engineering, mis-configurations, weak credentials, or untrained staff can all be gateways.
- Reactive defense is no longer enough. Organisations must adopt proactive measures: continuous monitoring, AI-driven threat detection, rigorous patching, and regular staff training to detect phishing or suspicious behavior.
- Security culture and staff awareness are critical. Employees trained to follow security best-practices — strong passwords, multi-factor authentication, verifying unusual requests — can often raise the first alarm before damage spreads.
- Strategic partnerships matter. With AGT, clients benefit from expert cybersecurity consulting, threat-intelligence insights, and tailored training programs to guard against emerging AI-driven threats.
Looking Ahead — What Should Organisations Do?
- Adopt a zero-trust approach, assuming no user or device is inherently safe.
- Deploy AI-enhanced defense tools — intrusion detection systems, anomaly detection, automated patch management.
- Conduct regular staff training and simulations to prepare for phishing, social engineering, or insider threats.
- Collaborate with cybersecurity specialists to audit infrastructure, assess risk, and build incident response plans.
- Stay informed about threat intelligence and emerging attack techniques — AI-powered attacks are evolving quickly.
Conclusion
The recent AI-driven espionage campaign — using Claude Code to attack 30 global organisations — marks a new chapter in cyber warfare. It shows how quickly advanced tools can be weaponized, lowering the barrier for attackers and accelerating the pace of attacks. For businesses of all sizes, this is a wake-up call: investing only in traditional defenses is no longer enough. At AGT Technology, we believe robust cybersecurity requires both advanced tools and well-trained people. As AI becomes more powerful, the human factor — awareness, training, vigilance — will remain decisive.
References
- Anthropic reports first large-scale autonomous AI cyber espionage campaign. ?? ???? | Tech 3arabi+3Cyberly+3The Hacker News+3
- Chinese spies use AI to target government agencies. Cybernews+1
- The first AI-powered cyberattack targeting 30 organisations. Fox Business+1
- LLM-based agents and the risk of autonomous cyberattacks. arXiv+1
- France 24.