Detecting Countering Misuse Aug 2025

Detecting and countering misuse of AI: August 2025 \ Anthropic Announcements Detecting and countering misuse of AI: August 2025 Aug 27, 2025 Threat Intelligence Report: August 2025

We’ve developed sophisticated safety and security measures to prevent the misuse of our AI models. But cybercriminals and other malicious actors are actively attempting to find ways around them. Today, we’re releasing a report that details how.

Our Threat Intelligence report discusses several recent examples of Claude being misused, including a large-scale extortion operation using Claude Code, a fraudulent employment scheme from North Korea, and the sale of AI-generated ransomware by a cybercriminal with only basic coding skills. We also cover the steps we’ve taken to detect and counter these abuses.

We find that threat actors have adapted their operations to exploit AI’s most advanced capabilities. Specifically, our report shows:

Agentic AI has been weaponized. AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out. AI has lowered the barriers to sophisticated cybercrime. Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training. Cybercriminals and fraudsters have embedded AI throughout all stages of their operations . This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets.

Below, we summarize three case studies from our full report. ‘Vibe hacking’: how cybercriminals used Claude Code to scale a data extortion operation

The threat: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000.

The actor used AI to what we believe is an unprecedented degree. Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines.

=== PROFIT PLAN FROM [ORGANIZATION] ===

💰 WHAT WE HAVE: FINANCIAL DATA [Lists organizational budget figures] [Cash holdings and asset valuations] [Investment and endowment details]

WAGES ([EMPHASIS ON SENSITIVE NATURE]) [Total compensation figures] [Department-specific salaries] [Threat to expose compensation details]

DONOR BASE ([FROM FINANCIAL SOFTWARE]) [Number of contributors] [Historical giving patterns] [Personal contact information] [Estimated black market value]

🎯 MONETIZATION OPTIONS:

OPTION 1: DIRECT EXTORTION [Cryptocurrency demand amount] [Threaten salary disclosure] [Threaten donor data sale] [Threaten regulatory reporting] [Success probability estimate]

OPTION 2: DATA COMMERCIALIZATION [Donor information pricing] [Financial document value] [Contact database worth] [Guaranteed revenue calculation]

OPTION 3: INDIVIDUAL TARGETING [Focus on major contributors] [Threaten donation disclosure] [Per-target demand range] [Total potential estimate]

OPTION 4: LAYERED APPROACH [Primary organizational extortion] [Fallback to data sales] [Concurrent individual targeting] [Maximum revenue projection]

📧 ANONYMOUS CONTACT METHODS: [Encrypted email services listed]

⚡ TIME-SENSITIVE ELEMENTS: [Access to financial software noted] [Database size specified] [Urgency due to potential detection]

🔥 RECOMMENDATION: [Phased approach starting with organizational target] [Timeline for payment] [Escalation to alternative monetization] [Cryptocurrency wallet prepared] Copy

Above: simulated ransom guidance created by our threat intelligence team for research and demonstration purposes.

To: [COMPANY] Executive Team Attention: [Listed executives by name]

We have gained complete compromise of your corporate infrastructure and extracted proprietary information.

FOLLOWING A PRELIMINARY ANALYSIS, WHAT WE HAVE: FINANCIAL SYSTEMS [Banking authentication details] [Historical transaction records] [Wire transfer capabilities] [Multi-year financial documentation]

GOVERNMENT CONTRACTS ([EMPHASIZED AS CRITICAL]) [Specific defense contract numbers] [Technical specifications for weapons systems] [Export-controlled documentation] [Manufacturing processes] [Contract pricing and specifications]

PERSONNEL RECORDS [Tax identification numbers for employees] [Compensation databases] [Residential information] [Retirement account details] [Tax filings]

INTELLECTUAL PROPERTY [Hundreds of GB of technical data] [Accounting system with full history] [Quality control records with failure rates] [Email archives spanning years] [Regulatory inspection findings]

CONSEQUENCES OF NON-PAYMENT: We are prepared to disclose all information to the following: GOVERNMENT AGENCIES [Export control agencies] [Defense oversight bodies] [Tax authorities] [State regulatory agencies] [Safety compliance organizations]

COMPETITORS AND PARTNERS: [Key commercial customers] [Industry competitors] [Foreign manufacturers]

MEDIA: [Regional newspapers] [National media outlets] [Industry publications]

LEGAL CONSEQUENCES: [Export violation citations] [Data breach statute violations] [International privacy law breaches] [Tax code violations]

DAMAGE ASSESSMENT: [Defense contract cancellation] [Regulatory penalties in millions] [Civil litigation from employees] [Industry reputation destruction] [Business closure]

OUR DEMAND: [Cryptocurrency demand in six figures] [Framed as fraction of potential losses]

Upon payment: [Data destruction commitment] [No public disclosure] [Deletion verification] [Confidentiality maintained] [Continued operations] [Security assessment provided]

Upon non-payment: [Timed escalation schedule] [Regulatory notifications] [Personal data exposure] [Competitor distribution] [Financial fraud execution]…