The dam for foreign spies automating cyberattacks with AI tools is officially broken.
Why it matters: Imagine a world where Chinese spies can tamper with a U.S. water system or steal a major AI vendor's plans for its next model upgrade — all with just a few clicks. That future is no longer hypothetical.
- "Guys wake the f up," Sen. Chris Murphy (D-Conn.) said on X. "This is going to destroy us — sooner than we think — if we don't make AI regulation a national priority tomorrow."
Driving the news: Anthropic this week uncovered what it says is the first documented case of a fully automated cyberattack.
- Suspected Chinese state hackers used Claude Code to target about 30 organizations — including tech firms, banks, chemical manufacturers, and government agencies — and successfully broke into several.
- Earlier this month, Google said it had seen Russian military hackers using AI to write malware scripts aimed at Ukrainian entities.
Threat level: As AI models get smarter, state-backed hacking powered by AI will too.
- "This is simply the tip of the iceberg and a clear indication of the future threat landscape," John Watters, CEO and managing partner at cybersecurity firm iCounter, said.
The big picture: Cybersecurity experts have warned for months that fully autonomous cyberattacks — in which AI agents execute an entire operation with minimal human input — were 12 to 18 months away.
- That timeline just shrank. Anthropic said Claude automated 80–90% of the latest Chinese espionage campaign.
Reality check: State hackers have long had the upper hand, even without AI.
- China has maintained persistent access to vast swaths of U.S. critical infrastructure for years.
- The Chinese government reportedly breached President Donald Trump's phone during his 2024 campaign.
AI could make the challenge of keeping bad actors out exponentially harder.
- "The fact this is only one model and the rest are likely being similarly abused — all chilling stuff that we've been expecting for years," Chris Krebs, former head of the top U.S. cyber agency, wrote on Linkedin.
Between the lines: These advancements come as the U.S. government's pulls back its investments in cybersecurity.
- The Cybersecurity and Infrastructure Security Agency has already lost more than a third of its workforce this year due to layoffs and buyout offers.
- Threat information-sharing between the private sector and federal government has been in a rocky position in recent months after Congress allowed a decade-long liability program to lapse.
- And recent funding cuts have dramatically changed how state and local governments, including the utilities they operate, fund their own cyber operations.
Yes, but: Major cybersecurity vendors are also going all-in on AI, building systems that both automate basic defenses (ie., detecting phishing emails and shutting down suspicious scripts before they execute) and help them anticipate where adversaries' models might strike next.
- "We're moving quickly into an era where adversaries will automate the parts of the kill chain that don't require creativity or deep expertise — and defenders need to be ready," former CISA director Jen Easterly wrote.
