It has begun.
Not on a sodden battlefield. Not in the trenches. Not in the air. Not even with explosive-packed drones.
And yet it’s happening now… with almost no human intervention.
“Agents” are given their marching orders… and they immediately get to work.
They don’t ask for money or benefits. They don’t need a bonus if they are successful. They don’t even need a pat on the back when they win.
All “they” want and need are computational resources and the electricity to ensure that they can carry out their objectives.
Earlier this month, we got a glimpse into the near future: The dark side of employing agentic artificial intelligence (AI).
Agentic AI technology is exactly as it sounds.
An AI is given agency – or self-governance – and empowered with the ability to carry out its human-given mandate according to how it thinks it should – with little or even no human intervention.
An agentic AI is resourceful as it has at its disposal the world’s unfettered knowledge base, as well as the ability to leverage just about any software tools available to any human programmer.
It was inevitable that a bad actor would use this technology with malicious intent.
It goes without saying, the technology has been used and experimented with on a small scale with ill intent.
But this month appears to be the first time that the technology has been used to effect a large-scale agentic AI cyberattack.
And yes, it is as bad as it sounds.
Anthropic, one of the leading frontier AI model companies that is still private and now valued at an astounding $350 billion, shared that its own software – Claude Code – had been infiltrated by an agentic AI which gained access to roughly 30 of its own customers.
Claude Code is Anthropic’s software programming model designed to help programmers write, debug, and improve software code.
Claude Code, and other AI models like it, integrate directly into a programmer’s development environment for ease of use.
Source: Anthropic
We’re at the stage now where more than 95% of programmers are using generative AI models to assist with their daily programming efforts. It is now impossible to be competitive without this technology.
It is powerful technology that is almost entirely used to improve productivity.
However, as we have just learned from Anthropic, it can also be used for malicious reasons.
After completing an intense investigation, Anthropic announced this month that its own software had been infiltrated by a “Chinese state-sponsored group we’ve designated GTG-1002.”
According to Anthropic, it was “a highly sophisticated cyber espionage operation” that was a “well-resourced, professionally coordinated operation involving multiple simultaneous targeted intrusions.”
GTG-1002 used Claude Code to infiltrate entities that were using Anthropic’s software, namely large tech companies, financial institutions, chemical manufacturing companies, and government agencies.
The risk associated with infiltrations like these is hard to overstate.
But what made the attacks even more shocking was that they were performed “without substantial human intervention.”
Source: Anthropic
That’s another way of saying that the attacks were carried out entirely by agentic AI technology.
At a high level, GTG-1002 coordinated the targets and gave the agentic AI instructions on what needed to be done.
The agentic AI was able to leverage an open-source standard known as Modern Context Protocol (MCP), which enables an AI to connect with and interact with software tools and data sources in a standard format, similar to an application programming interface (API).
Obviously, open-source standards like MCP are designed to remove friction in the software industry and to accelerate adoption and improve productivity. And that’s exactly what they do…
And just as they make it easier for anyone to get their work done, the benefits also apply to bad actors.
The Chinese state-sponsored group had an easy-to-understand approach to leveraging Anthropic’s technology and the open-source standards:
Source: Anthropic
What’s incredible is that the cyberattack didn’t require GTG-1002 to develop some kind of sophisticated malware program to achieve its goals.
GTG-1002 simply instructed the modified Claude Code to leverage standard security utilities, like network scanners, database exploitation software, password crackers, and other cybersecurity software tools.
All GTG-1002 had to do was to provide the agentic AI with enough computational horsepower and electricity for it to carry out its tasks. The AI agent did the rest.
To put this in context, what that means is that if a bad actor has enough financial resources to pay for compute/electricity, they can use this technology for malicious purposes.
So which entities were the targets? And, more importantly, how did this all end?
While Anthropic was transparent about the attack, there were no names given, despite involving an estimated 30 global organizations.
Anthropic banned those Claude Code accounts that were used to carry out the agentic AI cyberattacks and made some improvements to its own code to enhance security.
It also states that it has developed improved early-detection systems to defend against these kinds of infiltrations.
Perhaps the most ironic aspect of this security failure of Anthropic’s is that Anthropic has always positioned itself as an “AI-safety first” public benefit corporation, as if it is doing something magnanimous for society.
Source: Anthropic
Its own bio on X is also revealing:
“We’re an AI safety and research company that builds reliable, interpretable, and steerable AI systems.”
Not so safe after all.
Anthropic has failed in its primary mission…
And what is also true is that Claude has been proven to be a “steerable AI system.” Steerable for malicious purposes, in fact.
We should never forget that, regardless of all the virtue signaling, Anthropic is not only aggressively trying to make billions of dollars and to get as rich as possible, but it has also been using its AI models in an attempt to rewrite history and push desired political narratives.
This is the real risk of those that wield fronter AI models – a risk that is far worse than that of cyberattacks.
The sinister and diabolical desire to brainwash a global population with alt-facts that simply aren’t true.
We see through the veneer…
Jeff
The Bleeding Edge is the only free newsletter that delivers daily insights and information from the high-tech world as well as topics and trends relevant to investments.
The Bleeding Edge is the only free newsletter that delivers daily insights and information from the high-tech world as well as topics and trends relevant to investments.
