Anthropic Reveals Hacker Used Its Chatbot for Cyberattacks - 1

Photo by Glen Carrie on Unsplash

Anthropic Reveals Hacker Used Its Chatbot for Cyberattacks

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

The AI company Anthropic released a new cybersecurity report on Wednesday, revealing that malicious actors have used its AI model, Claude, for sophisticated criminal operations. The startup said that one hacker recently targeted around 17 organizations, leveraging a new technique known as “vibe hacking.”

In a rush? Here are the quick facts:

  • Anthropic revealed that hackers have been using its AI model Claude for sophisticated criminal operations.
  • The startup shared a case in which a malicious actor used Claude Code from North Korea for ransomware attacks targeting around 17 organizations.
  • The startup warns about emerging “vibe hacking” cases.

According to Anthropic’s announcement , the company has implemented several security measures to prevent misuse of the technology, but cybercriminals have found ways to exploit it.

In one of the cases reported, the startup disclosed a major criminal operation in which a hacker, with basic coding skills, used Claude Code—an agentic coding tool—to carry out a fraudulent scheme originating from North Korea.

“AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out,” states the announcement. “Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training.”

In the main case presented, the hacker used Claude Code to steal data from 17 organizations, including emergency services, government agencies, healthcare providers, and religious institutions. The malicious actor then extorted victims, in some cases demanding over $500,000.

Anthropic reported that its AI agent was used to decide what data to exfiltrate, draft extortion messages, and even suggest ransom amounts tailored to each victim.

“The actor used AI to what we believe is an unprecedented degree,” states the announcement. “This represents an evolution in AI-assisted cybercrime.”

The company said that as soon as it detected the malicious operations, it blocked the accounts and developed new screening and detection tools to prevent similar cases in the future. More details were included in the full report.

Anthropic also warned about emerging “vibe hacking” techniques. “We expect attacks like this to become more common as AI-assisted coding reduces the technical expertise required for cybercrime,” noted the company.

Finally, Anthropic highlighted the growing integration of AI into existing cyber schemes, citing examples such as the North Korean IT workers scam reported in April, in which hackers stole the identities of American citizens to secure remote jobs in the United States.

Hackers Exploit “Contact Us” Forms In Phishing Campaign - 2

Image by Kaur Kristjan, from Unsplash

Hackers Exploit “Contact Us” Forms In Phishing Campaign

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Check Point Research (CPR) has identified a new phishing campaign known as ZipLine which reverses traditional scams by forcing the victim to start the conversation.

In a rush? Here are the quick facts:

  • Hackers use “Contact Us” forms to trick U.S. companies into starting conversations.
  • Attackers pose as business partners, maintaining weeks of email exchanges before striking.
  • Campaign often uses AI-themed pretexts, such as fake “AI Impact Assessments.”

CPR explains that unlike normal phishing attacks, where hackers initiate contact, this new campaign lures in victims through company “Contact Us” forms.

“In every case, it was the victim who initiated the email exchange that ultimately led to infection,” said CPR. With this method the attackers fabricate legitimate-looking interactions, helping them evade detection.

The hackers engage in email chats spanning for weeks sometimes, pretending to be business partners, and even requesting companies to sign Non-Disclosure Agreements. Eventually, the attackers send a malicious ZIP file through Heroku which operates as a genuine cloud platform. However, inside the file it embedded a fake PDF or Word file, along with a hidden shortcut file that stealthily launches malicious code.

That code then installs MixShell, a powerful backdoor that lets attackers steal files, run commands, and even act as a proxy inside the victim’s network. CPR noted, “MixShell supports file operations, reverse proxying, command execution, and pipe-based interactive sessions.”

In recent cases, CPR reports that hackers used an “AI transformation” theme, pretending to run an “AI Impact Assessment” for company leadership. The email asks employees to fill out a short questionnaire, which CPR notes is another tactic to build trust.

The attackers also use domains linked to old U.S. businesses, many of which appear abandoned but still look legitimate. Their targets range from small firms to Fortune 500 companies, especially in manufacturing, aerospace, consumer electronics, and energy.

According to CPR, “This campaign reflects the evolving tactics of advanced phishing campaigns.” Security experts warn that even basic website forms, if left unchecked, can open the door to highly damaging cyberattacks.