I could really benefit from experts' analysis of this WSJ article reporting that China-backed hackers used Anthropic’s Claude to automate 80% to 90% of a September hacking campaign targeting corporations and governments.
There aren't a lot of specifics, but among those provided:
> The effort focused on dozens of targets and involved a level of automation that Anthropic’s cybersecurity investigators had not previously seen.
> In this instance 80% to 90% of the attack was automated, with humans only intervening in a handful of decision points.
> The hackers conducted their attacks “literally with the click of a button, and then with minimal human interaction."
> Anthropic disrupted the campaign and blocked the hackers’ accounts, but not before as many as four intrusions were successful.
> In one case, the hackers
> directed Claude tools to query internal databases and extract data independently.
> “The human was only involved in a few critical chokepoints, saying,
> doesn’t look right, Claude, are you sure?’”
> ‘Yes, continue,
> ’ ‘Don’t continue,
> ’ ‘Thank you for this information,
> ’ ‘Oh, that
> Stitching together hacking tasks into nearly autonomous attacks is a new step in a growing trend of automation that is giving hackers
> additional scale and speed.
We've seen so many exaggerated accounts of AI-assisted hacks. Is this another one? Are there reasons to take this report more seriously? Any other thoughts?
https://www.wsj.com/tech/ai/china-hackers-ai-cyberattacks-anthropic-41d7ce76
