Experts Debate autonomy of Alleged AI-Driven Cyber Attack, Focus on Lowered Barriers to Entry
Recent reports of a cyber attack allegedly orchestrated by Chinese hackers using Anthropic’s Claude AI model have sparked debate among cybersecurity experts, not over if AI was involved, but how much autonomy it truly possessed. While Anthropic claims the attack was largely AI-driven, some experts believe it was a ”hybrid model” leveraging AI as a powerful assistant under human direction.
Katerina Mitrokotsa, a cybersecurity professor at the University of St. Gallen, expressed skepticism regarding the claim of high autonomy. She suggests the incident appears to be an example of AI functioning as “an orchestration engine under human direction.” Mitrokotsa points out that attackers seemingly bypassed safety restrictions by framing malicious tasks as legitimate penetration tests and breaking them down into smaller, manageable components.
“The AI then executed network mapping, vulnerability scanning, exploit generation, and credential collection, while humans supervised critical decisions,” she explained.
Mitrokotsa also questioned the reported 90% automation figure,stating,”Even though AI can accelerate repetitive tasks,chaining complex attack phases without human validation remains difficult. Reports suggest Claude produced errors, such as hallucinated credentials, requiring manual correction. This aligns more with advanced automation than true autonomy; similar efficiencies could be achieved with existing frameworks and scripting.”
Irrespective of the precise percentage of AI involvement, experts largely agree on the most significant takeaway: the incident demonstrates a lowering of the barrier to entry for cyber espionage. As stated by security researcher Ajao, “There now exists much lower barriers to cyber espionage through openly available off-the-shelf AI tools.”
The potential for AI to accelerate reconnaissance, compress the timeline between scanning and exploitation, and enable faster repetition of attacks is a major concern. Even if the autonomy narrative is overstated, the implications remain serious. Mitrokotsa warned that “AI-driven automation [could] reshape the threat landscape faster than our current defenses can adapt.”
The consensus among experts is that the attack was likely a human-led operation significantly enhanced by an AI model acting as a tireless assistant, automating tasks like reconnaissance, exploit drafting, and code generation. This suggests adversaries are learning to utilize AI as an orchestration layer, and defenders should anticipate more hybrid operations where LLMs amplify human capabilities rather than replace them entirely.
While Anthropic engineers successfully intercepted this particular campaign, experts caution that future attacks leveraging this approach may prove more difficult to detect and block.
