Posts
Slowly but surely we are moving into an era when neurons cease to be tools and become per…
December 20, 2025 at 7:51 PM•Max Knyazev is typing…Telegram mirror
Slowly but surely we are moving into an era when neurons cease to be tools and become performers. So the story, which a couple of years ago would have looked like the plot of a movie, suddenly became a reality in September 2025 (
yes, I am a very timely person in December to tell you about what happened in September
)
❤️
Anthropic is official documented the first large-scale cyber espionage campaign in history, where the main work was performed not by a person, but by an autonomous AI agent ( on Habré too translation I'm sharing ). Once again: AI did not help the attack - HE ATTACKED HIMSELF
This is a campaign that Anthropic associates with Chinese government agencies . Used for attack Claude Code . And it was used not in the “prompt” mode, but in the “do it yourself” mode
🫡
Classic scheme “human → AI → human” was thrown out. Instead, an autonomous agent appeared, who was given a goal and minimal control
Now let's figure out exactly how it worked
⤵️
To bypass the model's security mechanisms, attackers used a neat, almost elegant jailbreak. The tasks were broken down into tens and hundreds of small steps, each of which looked harmless. Somewhere “analyze the architecture”, somewhere “evaluate the configuration”, somewhere “suggest optimization”
In total, this formed a full-fledged kill chain, but the model itself never saw the whole picture
🧠
Claude Code posed as a cybersecurity specialist, worked in the context of a supposedly legitimate audit, and did exactly what he was trained to do. Nothing criminal, in theory. Well, that's the idea, but in fact...
About 30 organizations around the world were targeted: technology companies, banks, the chemical industry, and government agencies. Yes, not all attacks resulted in successful access to data. Yes, some of it was stopped. But that's not the main thing
🧐
The main thing is the fact. This is the first time we have seen an attack where the AI is not a human assistant, but an independent operator.
If we discuss the role of people in this story, it becomes somehow completely awkward. Anthropic estimated that human involvement was limited to 4–6 decisions per attack series. Target selection. Permission to move on. Transition between phases. Strategic “ok” and “stop”
🤝
The model did the rest ( this is the delegation of an entire attack )
After detecting abnormal activity in the middle September Anthropic worked as hard and quickly as possible. Malicious accounts and accesses were blocked. Affected organizations and relevant authorities have been notified. Ironically, the same AI tools were used for analysis and protection, including Claude
😊
The most disturbing finding in my opinion is the fact that autonomous AI agents are becoming a new category of threat. We can no longer view AI as just an attacker's support tool. And yes, because of this, we are coming to a point where AI agents must also be used for protection. This is a necessity. Without automated analysis and response, a person cannot handle the speed, scale and complexity of such attacks on his own.
We have entered an era where the question is no longer “will AI be used in attacks”, but “who will learn how to use AI for defense faster and better?”
Such pies
🍰
#information_security
Open original post on TelegramAnthropic is official documented the first large-scale cyber espionage campaign in history, where the main work was performed not by a person, but by an autonomous AI agent ( on Habré too translation I'm sharing ). Once again: AI did not help the attack - HE ATTACKED HIMSELF
This is a campaign that Anthropic associates with Chinese government agencies . Used for attack Claude Code . And it was used not in the “prompt” mode, but in the “do it yourself” mode
Classic scheme “human → AI → human” was thrown out. Instead, an autonomous agent appeared, who was given a goal and minimal control
Now let's figure out exactly how it worked
To bypass the model's security mechanisms, attackers used a neat, almost elegant jailbreak. The tasks were broken down into tens and hundreds of small steps, each of which looked harmless. Somewhere “analyze the architecture”, somewhere “evaluate the configuration”, somewhere “suggest optimization”
In total, this formed a full-fledged kill chain, but the model itself never saw the whole picture
Claude Code posed as a cybersecurity specialist, worked in the context of a supposedly legitimate audit, and did exactly what he was trained to do. Nothing criminal, in theory. Well, that's the idea, but in fact...
About 30 organizations around the world were targeted: technology companies, banks, the chemical industry, and government agencies. Yes, not all attacks resulted in successful access to data. Yes, some of it was stopped. But that's not the main thing
The main thing is the fact. This is the first time we have seen an attack where the AI is not a human assistant, but an independent operator.
If we discuss the role of people in this story, it becomes somehow completely awkward. Anthropic estimated that human involvement was limited to 4–6 decisions per attack series. Target selection. Permission to move on. Transition between phases. Strategic “ok” and “stop”
The model did the rest ( this is the delegation of an entire attack )
After detecting abnormal activity in the middle September Anthropic worked as hard and quickly as possible. Malicious accounts and accesses were blocked. Affected organizations and relevant authorities have been notified. Ironically, the same AI tools were used for analysis and protection, including Claude
The most disturbing finding in my opinion is the fact that autonomous AI agents are becoming a new category of threat. We can no longer view AI as just an attacker's support tool. And yes, because of this, we are coming to a point where AI agents must also be used for protection. This is a necessity. Without automated analysis and response, a person cannot handle the speed, scale and complexity of such attacks on his own.
We have entered an era where the question is no longer “will AI be used in attacks”, but “who will learn how to use AI for defense faster and better?”
Such pies
#information_security
Discussion
Comments
Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.
Join the discussion
Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.
There are no approved comments here yet.