Anthropic warns that its Claude AI is being 'weaponized' by hackers to write malicious code

(Image credit: Shutterstock / Elle Aon)

Anthropic's Threat Intelligence Report outlines the acceleration of AI attacks
AI is now fueling all parts of the cyberattack process
One such attack has been identified at 'vibe hacking'

One of the world’s largest AI companies, Anthropic, has warned that its chatbot has been ‘weaponised’ by threat actors to “to commit large-scale theft and extortion of personal data". Anthropic’s Threat Intelligence Report details ways in which the technology is being used to carry out sophisticated cyberattacks.

Weaponized AI is making hackers faster, more aggressive, and more successful - and the threat report outlines that ransomware attacks which previously would have required years of training can now be crafted with very few technical skills.

These cyberattacks are lucrative for hackers, with AI now being used for fraudulent activity like stealing credit card information and identity theft, with attackers even using AI to analyze stolen data.

“Vibe hacking”

Defenders have long warned that AI is lowering the barriers to cybercrime, allowing low-skilled hackers to carry out complex attacks, but LLMs are now assisting criminals at every point along the attack process.

The report describes a particular threat it dubs ‘vibe-hacking’, which refers to a campaign in which Claude was used to scale and build a data extortion scheme. The name is a reference to the ‘vibe coding’ method of software development which heavily relies on AI to generate code and build applications.

Cluade’s code execution environment was used to; ‘automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions.’

Anthropic’s investigations found cybercriminals targeted a range of sectors, focusing on data theft and extortion. These attacks resulted in ‘the compromise of personal records, including healthcare data, financial information, government credentials, and other sensitive information, with direct ransom demands occasionally exceeding $500,000.’

Google reveals just how much energy each Gemini query uses - but is it being entirely truthful?
Check out our choice for best endpoint protection software to keep you safe
70% of people are sick of talking to AI – where did all the humans go?

TOPICS

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

“Vibe hacking”

You might also like