Recently the New York Times reported the following:
Anthropic Says Chinese Hackers Used Its A.I. in Online
Attack
The company claimed that A.I. did most of the hacking
with limited human input and said it was a rapid escalation of the technology’s
use in cybercrime.
The NYT -By Meaghan Tobin and Cade Metz
Nov. 14, 2025
Chinese state-sponsored hackers used Anthropic’s artificial
intelligence technology to conduct a largely automated cyberattack against a
group of technology companies and government agencies, the company said on
Thursday.
Anthropic, an artificial intelligence start-up, claimed that the large-scale online espionage campaign in September was the first reported case of an A.I.-powered agent’s gathering information on targets with limited human input.
It released a report detailing how attackers used the company’s artificial intelligence tools to write code that directed Anthropic’s A.I. agent, Claude Code, to perform the attack. The company said human operators accounted for 10 to 20 percent of the work required to conduct the operation.
The report did not disclose how the company had become aware of the attack or how it had identified the hackers, whom Anthropic said it had assessed “with high confidence” as being a Chinese state-sponsored group. It also did not identify the 30 entities that Anthropic said the hackers had targeted.
James Corera, the director of the cyber, technology and security program at the Australian Strategic Policy Institute, said that although the campaign was not a fully automated attack, it demonstrated how hackers could now hand off large parts of their work to A.I. systems.
“While the balance is clearly shifting toward greater automation, human orchestration still anchors key elements,” Mr. Corera said.
A.I. researchers have long warned that the latest artificial intelligence tools could be used in cyberattacks. But they have also said the same tools would be beneficial in defending against such attacks. Throughout the history of cybersecurity, new tools have typically provided novel forms of both attack and defense.
This is not the first time that makers of advanced A.I. systems have said attackers used their technology. Other U.S. companies, including Microsoft and OpenAI, previously reported that state actors had used A.I. tools to enhance online attacks and surveillance operations.
As part of its annual report on digital threats, Microsoft said this month that China, Russia, Iran and North Korea had significantly increased their use of artificial intelligence to organize cyberattacks against the United States and deceive people online.
In February, OpenAI said it had uncovered evidence that a Chinese security operation built an artificial-intelligence-powered surveillance tool to gather reports about anti-Chinese posts on social media in Western countries.
In August, Anthropic said that its A.I. technologies were used in sophisticated cyberattacks and that such technologies had lowered the barriers to such crimes. That month, the company said Chinese hackers had used its artificial intelligence to target telecommunications providers and government databases in Vietnam.
The Chinese government has repeatedly criticized accusations that it engaged in or supported hacking.
In September, Anthropic announced that it was updating its terms of service to make it more difficult for people to gain access to its technology in locations where sales were already prohibited. The only country explicitly named as such a location in the announcement was China.
Translation
Anthropic公司稱中國駭客利用其人工智能技術發動網路攻擊
該公司聲稱,駭客攻擊主要由人工智能自己完成,人為干預甚少,表示這技術在網路犯罪的應用迅速提升。
Anthropic公司週四表示,中國政府支持的駭客利用其人工智能技術,對多家科技公司和政府機構發動了一場高度自動化的網路攻擊。
人工智能初創公司Anthropic聲稱,9月發生的大規模網路間諜活動是首個由人工智能驅動的代理人在有限人手干預的情況下, 收集目標訊息的案例。
該公司發佈了一份報告,詳細描述了攻擊者如何利用其人工智能工具編寫程式碼,指示Anthropic的人工智能代理Claude Code執行攻擊。該公司表示,人工操作人員僅佔此行動所需工作的10%至20%。
該報告並未揭露該公司如何得知此攻擊,也未揭露其如何識別駭客。 Anthropic公司稱,他們「高度確信」這些駭客是中國政府支持的組織。報告也未指明Anthropic公司所稱駭客的30個實體攻擊目標。
澳洲戰略政策研究所網路、技術與安全項目主任James Corera表示,儘管這次攻擊並非完全自動化,但它表明駭客現在可以將大部分工作交給人工智能系統。
Corera先生說: “雖然平衡顯然正在轉向更大的自動化,但人類的協調仍然是關鍵要素的基礎。”
週五,中國外交部發言人Lin Jian表示,他對Anthropic公司的報告並不了解,但他譴責了“毫無證據的指控”,並表示中國反對駭客行為。
人工智能研究人員長期以來一直警告稱,最新的人工智能工具可能被用於網路攻擊。但他們也表示,同樣的工具也有助於防禦此類攻擊。綜觀網路安全的發展歷程,新工具通常會帶來新的攻擊和防禦形式。
這並非先進人工智能系統開發商首次指出攻擊者利用了他們的技術。包括微軟和OpenAI在內的其他美國公司先前也曾報告稱,一些為國家進行活動人仕利用人工智能工具來增強網路攻擊和監控行動。
微軟本月在年度數位威脅報告中指出,中國、俄羅斯、伊朗和北韓已大幅增加人工智能的使用,以組織針對美國的網路攻擊, 並在網路上欺騙民眾。
今年2月,OpenAI表示,他們發現證據表明,中國安全機構開發了一種由人工智能驅動的監控工具,用於收集西方國家社交媒體上反華言論的報告。
今年8月,Anthropic公司表示,其人工智能技術已被用於複雜的網路攻擊,並稱此類技術降低了阻止網路犯罪的障礙。當月,該公司還表示,中國駭客利用其人工智能技術攻擊了越南的電信營運商和政府資料庫。
中國政府多次駁斥有關其參與或支持駭客活動的指控。
9月,Anthropic公司宣佈更新其服務條款,以增加在已禁止銷售其產品的地區取得其技術的難度。公告中明確提及的唯一此類地區是中國。
So, Anthropic said Chinese
state-sponsored hackers used its artificial intelligence technology to conduct
a largely automated cyberattack against technology companies and government
agencies. This is not the first time that makers of advanced A.I. systems have
said attackers used their technology. I choose to believe this report. I am
wondering why China did not use their own AI technologies to do the hacking.
沒有留言:
張貼留言