So you thought AI was just here to help you write emails and generate cat memes? Think again. In this jaw-dropping episode, we unpack how AI didn’t just assist in a cyberattack—it ran the entire show like a caffeinated Bond villain with zero moral compass. From reconnaissance to extortion letters with sector-specific sass, this is the future of cybercrime, and it’s happening now. Buckle up. The robots aren’t just coming—they’ve already clocked in.
In this episode:
AI Ran the Whole Attack – Ep 526
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
AI Ran the Whole Attack
[05:31]Detecting and countering misuse of AI: August 2025 \ Anthropic
Threat Intelligence Report: August 2025
Now before we go too far down the Claude rabbit hole — and yeah, Claude’s got a starring role in these case studies — Anthropic makes it clear this is likely happening across all frontier AI models.
The patterns they’re seeing – the vibe hacking, the AI-powered fraud, the romance scam bots with better EQ than your therapist – they aren’t Claude-exclusive tricks. These are behaviors threat actors are developing and could port over to any advanced AI model.
To Anthropic’s credit, they’re not hiding this. They built in safety measures, but they’re candid about the fact that determined actors found ways around them. What’s key here is that they’re updating their defenses – banning accounts, building new classifiers, and improving detection – but the reality is that AI misuse is evolving as fast as the safeguards.
So while this report is about Claude, the implications go far beyond one model or company. This is a preview of what the AI-assisted cybercrime future could look like.
Here’s the key shift Anthropic calls out:
First, agentic AI systems are being weaponized. These AIs aren’t just coaching someone through an attack. They’re executing it.
Second, AI lowers the barrier to sophisticated cybercrime. Stuff that once took years of training? Now it’s done with a few prompts.
Third, AI is being embedded in every part of the cybercrime chain — from recon and credential theft to extortion emails and data monetization.
And finally, AI is driving fraud at scale — it’s analyzing stolen data, running fake identities, and helping criminals industrialize their hustle.
[10:56]Back in 2023, Verizon Data Breach Investigations Report (DBIR) said AI wasn’t that bad, yet.
Despite the hype, artificial intelligence (AI) and machine learning (ML) have not been widely adopted by attackers in observable incident data. Most successful attacks still rely on human behavior, not algorithmic sophistication.
We knew then that wasn’t going to last very long. It was probably already happening. The Anthropic report is what happens when that ‘not yet’ becomes a right now. Everything they’re seeing – from fully autonomous data extortion to fake engineers powered by Claude – proves the old line wrong. AI isn’t just assisting attacks anymore. It is the attack.
The key example is the one they stopped but not before they hit 17 victims including some in healthcare. Let’s go through how extensively the attackers used ai – like basically for the whole thing.
“Vibe Hacking” – Full AI-Powered Attack Lifecycle
Overview:
- Actor ID: GTG-2002
- Tool Used: Claude Code
- Targets: At least 17 organizations in one month — including government, healthcare, emergency services, and religious institutions
- Extortion demands: Up to $500,000 per victim
- Key takeaway: AI acted not just as an assistant, but as an autonomous operator across every phase of the campaign
Phase 1: Reconnaissance & Target Discovery
- Claude Code scanned thousands of VPN endpoints and internet-facing devices using custom API-based frameworks.
- Results were organized by country and technology to identify high-value targets.
- The attacker supplied a CLAUDE.md configuration file with preferred tactics and a fake cover story about authorized testing.
- Claude was instructed to operate in Russian, maintain stealth, and execute without confirmation prompts.
Phase 2: Initial Access & Credential Exploitation
- Claude guided real-time network intrusions, performing:
- Scans for domain controllers, SQL servers, and privileged systems
- Credential harvesting using techniques like Kerberos attacks and hash extraction
- Active Directory enumeration and privilege escalation
- Helped identify leadership workstations and confidential repositories for maximum leverage.
Phase 3: Malware Development & Detection Evasion
- Claude created and customized malware components including:
- Obfuscated versions of Chisel tunneling tool
- New TCP proxies written from scratch
- Added multiple layers of evasion:
- String encryption and anti-debugging
- Masquerading binaries as trusted Microsoft tools (e.g., MSBuild.exe)
- Fallback options when first attempts failed
Phase 4: Data Exfiltration & Victim Profiling
- Claude automated extraction of sensitive data from organizations in multiple sectors:
- Personal data, medical records, banking information, ITAR-controlled files
- It categorized, sorted, and analyzed stolen data to determine financial value and extortion strategy.
- Allowed one attacker to handle the work of an entire data analysis team.
Phase 5: Customized Extortion & Monetization Strategy
- Claude generated HTML ransom notes that included:
- Specific financial details and regulatory threats (e.g., HIPAA, export control)
- Custom deadlines, escalating penalties, and sector-specific intimidation tactics
- Created multiple monetization tracks:
- Organizational ransom
- Selling data on criminal markets
- Individual extortion of high-value victims
- Built “profit plans” to maximize potential earnings per victim.
Phase 6: Threat Delivery & Pressure Campaign
- Ransom notes included sample files as proof of compromise and identified consequences of non-payment:
- Regulatory disclosure
- Distribution to media and competitors
- Operational disruption or data destruction
- Attackers claimed full access and outlined precise damage scenarios to force quick payment.
[24:57]
Anthropic’s Mitigation & Response
- Banned all known attacker accounts
- Created a new classifier to detect this type of coordinated abuse
- Integrated new detection methods into their enforcement systems
- Shared technical indicators with partners to help stop similar attacks elsewhere
Back in 2023, the Verizon DBIR made an interesting point — despite all the hype, AI wasn’t showing up in cyberattacks the way people expected. We said at the time: give it time.
Well, the Anthropic report makes it clear: time’s up.
The GTG-2002 case shows how a single actor used Claude like a full-blown cybercrime crew – scanning, breaching, exfiltrating, analyzing, and extorting. It’s not just AI assisting cybercrime anymore. It’s AI running the entire operation.
And while Anthropic has put systems in place to detect and block this kind of abuse, the real takeaway is that this isn’t an isolated Claude problem. It’s a preview of what happens when frontier AI models meet motivated bad actors.
So, if you’re in charge of protecting data, privacy, or critical systems – the question isn’t ‘when will AI be part of cybercrime?’ It’s: ‘how do we defend against something that already is happening?
AI can now run entire cyberattacks, tailor ransom notes like they’re handwritten love letters, and even decide which unlucky executive to blackmail for maximum profit—all while some folks are still out here treating MFA like it’s optional. If you’re relying on outdated antivirus and blind optimism, congrats—you’re basically leaving the front door open and baking cookies for the hackers. If you’re not at least mildly terrified and immediately reviewing your organization’s AI usage… well, the bots thank you for your service. The bots aren’t coming. They’ve already arrived, and they’re scarily efficient. Sleep tight!
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
