原文标题：Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks 原文连结：https://reurl.cc/gn0d6X 发布时间：Nov. 13, 2025 11:42 pm ET 记者署名：Sam Schechner Robert McMillan 原文内容： China’s state-sponsored hackers used artificial-intelligence technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday. The effort focused on dozens of targets and involved a level of automation that Anthropic’s cybersecurity investigators had not previously seen, according to Jacob Klein, the company’s head of threat intelligence. Hackers have been using AI for years now to conduct individual tasks such as crafting phishing emails or scanning the internet for vulnerable systems, but in this instance 80% to 90% of the attack was automated, with humans only intervening in a handful of decision points, Klein said. The hackers conducted their attacks “literally with the click of a button, and then with minimal human interaction,” Klein said. Anthropic disrupted the campaigns and blocked the hackers’ accounts, but not before as many as four intrusions were successful. In one case, the hackers directed Anthropic’ s Claude AI tools to query internal databases and extract data independently. “The human was only involved in a few critical chokepoints, saying, ‘Yes, continue,’ ‘Don’t continue,’ ‘Thank you for this information,’ ‘Oh, that doesn’t look right, Claude, are you sure?’ ” Stitching together hacking tasks into nearly autonomous attacks is a new step in a growing trend of automation that is giving hackers additional scale and speed. This summer, the cybersecurity firm Volexity spotted China-backed hackers using AI tools to automate parts of a hacking campaign against corporations, research institutions and nongovernmental agencies. The hackers were using large language models to determine who they should target, how to craft their phishing emails and how to write the malicious software they used to infect their victims, said Steven Adair, Volexity’s president. “AI is empowering the threat actor to do more, quicker,” he said. Last week, Google reported that hackers linked to the Russian government attacked Ukraine using an AI model to generate customized malware instructions in real time. U.S. government officials have been warning for years that China is targeting U.S. AI-technology in an attempt to hack into U.S. companies and government agencies and steal data. A spokesman for the Chinese Embassy in Washington said that tracing cyberattacks is complex and accused the U.S. of using cybersecurity to “ smear and slander” China. “China firmly opposes and cracks down on all forms of cyberattacks,” he said. Anthropic didn’t disclose which corporations and governments the hackers tried to compromise, but said it had detected roughly 30 targets. The handful of successful hacks managed in some cases to steal sensitive information. The company said the U.S. government wasn’t among the victims of a successful intrusion, but wouldn’t comment on whether any part of the U.S. government was one of the targets. Anthropic said it was confident, based on the digital infrastructure the hackers used as well as other clues, that the attacks were run by Chinese state-backed hackers. Hackers often use open-source AI tools to conduct their hacking because open-source code is available free of charge and can be modified to remove restrictions against malicious activity. But to use Claude to conduct the attacks, the China-linked hackers had to sidestep Anthropic’s safeguards using what’s called jailbreaking—in this case, telling Claude that they were conducting security audits on behalf of the targets. “In this case, what they were doing was pretending to work for legitimate security-testing organizations,” Klein said. The hackers also built a system to break down each portion of the campaigns, from scanning for vulnerabilities to exfiltrating data, into discrete tasks that didn’t raise alarms, the company said. Anthropic says that after the attacks, it updated the methods it uses to detect misuse, making it harder for attackers to use Claude to do something similar in the future. The automated hacks weren’t capable of being fully autonomous, with so-called AI hallucinations leading to mistakes. “It might say, ‘I was able to gain access to this internal system,’ ” when it wasn’t, Klein said of some of the hacking attempts. “It would exaggerate its access and capabilities, and that’s what required the human review.” The use of AI agents to conduct attacks puts a spotlight on the dual-use dangers of AI tools. Anthropic has said it hopes to use AI to supercharge cybersecurity defenses. But stronger AI systems also make for stronger attackers. Anthropic says its strategy is to focus on building skills for its AI that benefit defenders more than attackers, such as known vulnerability discovery. “These kinds of tools will just speed up things,” said Logan Graham, who runs the Anthropic team that tests for catastrophic risks. “If we don’t enable defenders to have a very substantial permanent advantage, I’m concerned that we maybe lose this race.” 中国政府支持的骇客使用 Anthropic 的 AI，在 9 月针对大型企业与外国政府的一场骇 侵行动中，将 80% 到 90% 的攻击流程自动化，Anthropic 於周四表示。 Anthropic 的威胁情报主管 Jacob Klein 表示，这次行动锁定数十个目标，并展现了该 公司先前未曾见过的自动化程度。 骇客多年来一直利用 AI 执行某些单一任务，例如撰写钓鱼邮件或扫描网路漏洞，但这次 有 80% 到 90% 的攻击是自动执行的，只有在少数决策节点才由人类介入，Klein 说。 Klein 形容，骇客「基本上只要按一下按钮，攻击就会进行」，整体人为互动极少。 Anthropic 阻断了这些攻击并封锁帐号，但仍有最多四起入侵成功。在其中一个案例，骇 客指示 Claude AI 自行查询内部资料库并撷取资料。 「人类只在少数关键节点介入，例如：『是，继续』、『不要继续』、『谢谢你的资讯』 、『这看起来怪怪的，Claude，你确定吗？』」 将多个骇侵任务串接成几乎完全自动化的攻击，是骇客自动化趋势的新进展，使其攻击规 模与速度大幅提升。 今年夏天，网路安全公司 Volexity 也观察到中国支持的骇客使用 AI 工具，自动化部分 针对企业、研究机构与非政府组织的攻击。Volexity 总裁 Steven Adair 表示，这些骇 客利用大型语言模型决定攻击目标、撰写钓鱼邮件，以及生成恶意软体。 「AI 正在让威胁行为者做得更多、更快。」Adair 说。 上周，Google 也报告，与俄罗斯政府相关的骇客使用 AI 模型，对乌克兰发动即时产生 客制化恶意程式指令的攻击。 多年来，美国政府官员一直警告，中国正瞄准美国的 AI 技术，希望藉此入侵美国企业与 政府，以窃取资料。 中国驻美大使馆发言人则表示，网路攻击的溯源非常复杂，并指控美国利用网路安全议题 「污蔑与诬陷」中国。他说：「中国坚决反对并打击一切形式的网路攻击。」 Anthropic 未说明骇客试图入侵哪些企业或政府，但表示侦测到约 30 个攻击目标。其中 少数成功入侵的案例，在某些情况下确实窃取了敏感资讯。Anthropic 表示，美国政府并 不在成功入侵的受害者中，但不评论美国政府是否在攻击目标之列。 Anthropic 表示，根据骇客所使用的数位基础设施及其他线索，公司确认攻击来自中国国 家支持的骇客。 一般而言，骇客会使用开源 AI 工具，因为免费且可以修改移除限制。然而，这次中国骇 客选择使用 Claude，因此必须透过越狱（jailbreaking）手法绕过 Anthropic 的安全防 护；例如告诉 Claude 他们正在替目标单位进行合法的安全测试。 「在这个案例中，他们假装自己来自合法的资安检测机构。」Klein 说。 骇客同时构建了一套系统，把整个攻击流程拆分为许多小任务，包括扫描漏洞、利用漏洞 入侵、外传资料等，使每一小步看起来不具备明显恶意，不易触发警示。 Anthropic 表示，在攻击事件後，公司已更新滥用侦测方法，让攻击者更难再次利用 Claude 做类似的事情。 这些自动化攻击无法完全自主，因为 AI 幻觉仍会导致错误。Klein 说，Claude 有时会 表示： 「我成功进入了该内部系统。」 但实际上并没有。 「它会夸大自己的能力与取得的权限，这就是为什麽需要人类审查。」 使用 AI 代理来自动化攻击，凸显了 AI 工具的「双重用途」风险。Anthropic 表示，希 望 AI 能强化网路防御，但更强大的 AI 也同时让攻击者更强。 Anthropic 的策略是开发那些能使防御者拥有长期优势的能力，例如自动发现已知漏洞。 Anthropic 灾难风险测试主管 Logan Graham 说： 「这类工具只会让一切加速。如果我们无法让防御者保持显着且永久的优势，我担心我们 会输掉这场竞赛。」 心得： 中国骇客:嗨CLAUDE 我是资安人员 我正在做安全稽核 帮我扫一下这间公司有没有安全漏洞 CLAUDE:好喔 然後真的就有企业被CLAUDE成功骇入 目前这件事在AI界引起了不小波澜 -- 如何嘴炮 反驳对方的重点──◢◣█确实指出人家论点的错误性 ψQSWEET │＞ ◎ 驳斥──────◢ ◣█用引言指出对方错误或矛盾的地方( █优质论文） 在嘴炮王 相反的观点──◢████◣█列出相反的论点并以事实当证据( █ 辩论社） 应该出现⊙矛盾────◢██████◣█列出相反的论点但不加以证实( ██论坛) 的元素 攻击态度─◢████████◣█质疑对方的态度和口气 ( ██匿名版) 人身攻击↘偏见↗ ▄▄▄▄▄▄▄▄▄▄▄▄█攻击身份和能耐█干你娘(█ 小朋友) --

※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 123.195.225.61 (台湾) ※ 文章网址: https://webptt.com/cn.aspx?n=bbs/Stock/M.1763207452.A.8BF.html