Despite its “sophisticated” safeguards, Anthropic says criminals are still finding ways to exploit its Claude AI chatbot for large-scale cyberattacks.
In a Threat Intelligence report published Wednesday, Anthropic researchers Alex Moix, Ken Lebedev, and Jacob Klein detailed several cases in which attackers misused Claude, with some incidents involving ransom demands exceeding $500,000.
According to the report, hackers relied on Claude not only for technical guidance but also to directly execute attacks through a method called “vibe hacking.” This approach uses AI-driven social engineering to manipulate emotions, trust, and decision-making, enabling criminals with only basic coding or encryption skills to launch complex operations.
Anthropic highlighted one case where a hacker used Claude to target at least 17 organizations, including healthcare providers, emergency services, government bodies, and religious institutions, demanding ransoms ranging from $75,000 to $500,000 in Bitcoin.
The findings echo earlier warnings. In February, blockchain security firm Chainalysis predicted that 2025 could mark a record year for crypto scams, fueled by generative AI making such attacks more scalable and cost-effective.
The attacker went as far as training Claude to analyze stolen financial records, determine ransom demands, and draft customized ransom notes designed to heighten psychological pressure on victims.
Although Anthropic eventually banned the hacker, the case underscores how AI is enabling even low-skill criminals to conduct cyberattacks at an unprecedented scale.
Hacking the Job Market: North Korea’s AI-Assisted Schemes
Anthropic also discovered that North Korean IT workers had been using Claude to fabricate convincing identities, pass technical assessments, and even secure remote positions at U.S. Fortune 500 tech companies. The chatbot was further employed to help them prepare interview responses and later perform the actual coding work once hired.
According to the report, these schemes were designed to funnel profits back to the North Korean regime in violation of international sanctions. Earlier this month, a counter-hack exposed one such operation: a six-person team managing at least 31 fake identities, complete with forged government IDs, phone numbers, and purchased LinkedIn and Upwork accounts, all aimed at disguising themselves and landing crypto-related jobs.
