People are understandably concerned about Anthropic’s recent announcement that it is banning accounts and sending information about the way its users are making use of its Claude AI system to various authorities. If AI services are going to be policed by corporate social justice warriors in the same manner that social media and the payment processors are, then it makes no sense to waste any time mastering them and it will be an absolute priority to pursue the independent AI technologies that will eventually replace them.

However, these real concerns about corporate abuse and discrimination have to be balanced by the fact that there are sophisticated criminal organizations that are already making use of the publicly-available AI services to commit crimes.

Our Threat Intelligence report discusses several recent examples of Claude being misused, including a large-scale extortion operation using Claude Code, a fraudulent employment scheme from North Korea, and the sale of AI-generated ransomware by a cybercriminal with only basic coding skills. We also cover the steps we’ve taken to detect and counter these abuses. We find that threat actors have adapted their operations to exploit AI’s most advanced capabilities. Specifically, our report shows: Agentic AI has been weaponized. AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out.

AI has lowered the barriers to sophisticated cybercrime. Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training.

Cybercriminals and fraudsters have embedded AI throughout all stages of their operations. This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets. Below, we summarize three case studies from our full report. Vibe hacking: how cybercriminals used Claude Code to scale a data extortion operation The threat: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000. The actor used AI to what we believe is an unprecedented degree. Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines. Implications: This represents an evolution in AI-assisted cybercrime. Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators. This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real time. We expect attacks like this to become more common as AI-assisted coding reduces the technical expertise required for cybercrime. Our response: We banned the accounts in question as soon as we discovered this operation. We have also developed a tailored classifier (an automated screening tool), and introduced a new detection method to help us discover activity like this as quickly as possible in the future. To help prevent similar abuse elsewhere, we have also shared technical indicators about the attack with relevant authorities.

AI Central will provide an assessment of the full threat intelligence report next week. But at this point, Anthropic’s concerns appear to be genuine and its responses limited to addressing the criminal activities by genuine criminals. If there is any sign that Anthropic is going to get into the social policing business like YouTube, Paypal, and other converged operations, we will be the first to let you know.