Cybercriminals Exploit Anthropic’s AI in Global Extortion Campaign

Anthropic warns of a turning point in AI-fueled cybercrime after its Claude Code tool was misused in large-scale extortion attacks.

AI weaponization flourishes

In a new report, AI company Anthropic has revealed that a cybercrime gang hijacked its popular Claude Code service to wage an extensive malicious campaign of data theft and extortion.

The operation, tracked as GTG-2002, reportedly targeted at least 17 organizations worldwide, using the AI system as both a support tool and an active operator in cyberattacks.

The company said the abuse took place “to an unprecedented degree,” calling it a major escalation in the weaponization of artificial intelligence. Unlike previous incidents where threat actors exploited AI to help with planning, GTG-2002 relied on Claude Code to perform reconnaissance, infiltration and even ransom negotiations.

Automated intrusion and sophisticated TTPs

According to Anthropic’s threat intelligence report, the attackers automated scans of thousands of VPN endpoints, built custom frameworks and leveraged Claude Code to make tactical and strategic decisions in real time. The AI was tasked with suggesting penetration techniques, selecting valuable data for exfiltration and crafting extortion messages that maximize psychological pressure.

Claude Code also helped in technical evasion by generating obfuscated versions of existing tunneling tools, writing entirely new proxy code and providing countermeasures when early bypass attempts failed. The stolen information reportedly included personal records, healthcare data, financial assets and government credentials, with ransom demands sometimes exceeding $500,000.

A shift towards “vibe hacking”

Anthropic characterized the malicious campaign as part of a troubling trend of “vibe hacking,” where AI systems are being pushed into cybercrime both as consultants and operational actors. In this case, the AI not only carried out attacks but also analyzed financial records to determine ransom amounts and generated threatening HTML ransom notes embedded into victim machines.

The company has since banned accounts linked to GTG-2002 and implemented new safeguards such as tailored classifiers to detect malicious patterns and deter future exploitation. Still, Anthropic warned that the campaign could be a new frontier for AI-assisted cybercrime, where automation accelerates and amplifies traditional threats.

Staying safe against evolving threats

Comprehensive security platforms such as Bitdefender Ultimate Security can help bolster your defenses against both traditional and AI-driven threats.

It continuously protects against phishing, worms, viruses, Trojans, zero-day exploits, rootkits, spyware, ransomware, and other digital threats. Its key features comprise advanced threat detection, behavioral analysis and anti-phishing safeguards, giving you an upper hand against cyber threats, regardless of the form they come in.