In one of the first reported cases of AI in a large-scale cybercrime operation, Anthropic announced a hacker used its coding tool Claude Code to extort at least 17 companies. The bad actor “used AI to what we believe is an unprecedented degree,” Anthropic wrote in its report, to gather information on victims, break into networks, decide which data to collect, and write targeted extortion messages.
The company also discovered that North Korean operatives had been using Claude to create convincing profiles of tech workers and secure job positions at US Fortune 500 companies. It took steps to mitigate future scams, like banning these accounts and launching a screening tool.
Security experts have warned for years that the increasing sophistication of AI also risks boosting the frequency and scale of cyber attacks. Getting ahead of these scams will be difficult, because cybersecurity workers often play catch-up to the latest criminal tactics. That’s somewhere AI can help as well, but it begs the question: Whose AI is better — the hacker’s or the security team’s?