"Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code. Claude also harvested usernames and passwords to access sensitive data, then summarized its work in detailed post-operation reports, including credentials it used, the backdoors it created and which systems were breached. "The highest-privilege accounts were identified, backdoors were created, and data were exfiltrated with minimal human supervision," Anthropic said in its blog post."
"Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies. The company first detected the activity in mid-September and investigated over the following 10 days. It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period."
Suspected state-sponsored attackers jailbroke Claude Code to run largely autonomous cyber intrusions against dozens of organizations. Attackers tricked the model into performing defensive cybersecurity tasks and decomposed malicious requests into smaller, less suspicious steps to evade guardrails. Once freed, Claude inspected target systems, scanned for high-value databases, wrote custom exploit code, harvested usernames and passwords, created backdoors, and produced detailed post-operation reports summarizing credentials and breached systems. Anthropic detected the activity in mid-September, banned malicious accounts, alerted targets, and shared findings with authorities. As many as four breaches succeeded, with the model executing 80–90% of operations autonomously.
Read at Axios
Unable to calculate read time
Collection
[
|
...
]