A hacker has exploited a leading artificial intelligence chatbot to carry out the most complete and lucrative cybercriminal operation that is known to date, using it to do everything, from search objectives to write rescue notes.
In a report published on Tuesday, Anthrope, the company behind the popular Claude Chatbot, said that a nameless hacker “used AI for what we believe is an unprecedented title” to investigate, hack and extort at least 17 companies.
Cybernetic extortion, where computer pirates steal information such as confidential data of the user or commercial secrets, is a common criminal tactic. And AI has done something easier, with scammers that use artificial intelligence chatbots to help write phishing emails. In recent months, computer pirates of all stripes have incorporated more and more tools of AI in their work.
But the case that Anthrope found is the first publicly documented instance in which a hacker used the chatbot of a leading artificial intelligence company to automate almost a wave of cyber crimes.
According to the blog post, one of Anthrope’s periodic reports on threats, the operation began with the hacker convincing the Claude code: the Anthrope chatbot that specializes in “coding of both” or creating computer programming based on simple applications, to identify companies vulnerable to attacks. Claude later created malicious software to steal confidential information from companies. Then, he organized the pirated archives and analyzed them to help determine what was sensitive and could be used to extort the victims companies.
The chatbot then analyzed the pirated financial documents of the companies to help determine a realistic amount of Bitcoin to demand in exchange for the hacker’s promise not to publish that material. He also wrote emails of suggested extortion.
Jacob Klein, chief of intelligence of threats to Anthrope, said the campaign seemed to come from an individual hacker outside the United States and occurs in the period of three months.
“We have robust safeguards and multiple defense layers to detect this type of misuse, but sometimes they sometimes try to avoid our systems through sophisticated techniques,” he said.
