Even with “advanced” safeguards, AI infrastructure company Anthropic reports that cybercriminals are still exploiting its AI chatbot, Claude, to facilitate extensive cyberattacks.
A “Threat Intelligence” report published on Wednesday by Anthropic’s Threat Intelligence team, which includes members Alex Moix, Ken Lebedev, and Jacob Klein, detailed several instances where criminals leveraged the Claude chatbot, with some ransoms exceeding $500,000.
The chatbot provided not only technical guidance but also executed hacks through “vibe hacking,” enabling attackers with minimal coding and encryption knowledge to conduct assaults.
In February, blockchain security firm Chainalysis predicted that crypto scams might reach unprecedented levels in 2025 as generative AI makes such attacks more scalable and cost-effective.
Anthropic discovered one hacker utilizing Claude for “vibe hacking” to access sensitive data from 17 organizations, including healthcare, emergency services, government, and religious institutions, with ransom requests ranging from $75,000 to $500,000 in Bitcoin.
A simulated ransom note illustrates how cybercriminals exploit Claude for intimidation. Source: Anthropic
The hacker trained Claude to evaluate stolen financial documents, determine suitable ransom amounts, and craft tailored ransom notes to enhance psychological impact.
Although Anthropic subsequently banned the attacker, the situation highlights how AI is enabling even novice coders to execute cybercrimes to an “unprecedented extent.”
“Individuals without the ability to implement basic encryption or comprehend syscall operations are now successfully generating ransomware with evasion techniques [and] employing anti-analysis methods.”
North Korean IT workers also utilized Anthropic’s Claude
Anthropic revealed that North Korean IT personnel have been utilizing Claude to create convincing identities, pass technical coding assessments, and secure remote positions at US Fortune 500 technology companies. They also utilized Claude to craft interview responses for these roles.
Furthermore, Claude was employed to perform the technical duties once hired, with Anthropic noting that these employment schemes aimed to divert profits to the North Korean regime in spite of international sanctions.
Overview of Claude-powered tasks used by North Korean IT staff. Source: Anthropic
A North Korean IT worker was recently counter-hacked, revealing that a group of six shared at least 31 fabricated identities to obtain various documents including government IDs and phone numbers, as well as purchasing LinkedIn and UpWork accounts to disguise their true identities and secure cryptocurrency roles.
Related: Telegram founder Pavel Durov states case is going nowhere, criticizes French government
One of the workers allegedly interviewed for a full-stack engineer position at Polygon Labs, while other indications showed scripted interview answers where they claimed experience at the NFT marketplace OpenSea and blockchain oracle provider Chainlink.
Anthropic stated that their latest report aims to openly address incidents of misuse, contributing to the larger AI safety and security community and enhancing the industry’s defenses against AI misuse.
They emphasized that despite implementing “advanced safety measures” to avert misuse of Claude, malicious actors have consistently found ways to circumvent these protections.
Magazine: Three individuals who unexpectedly became cryptocurrency millionaires… and one who didn’t
