When AI Becomes A Cybercriminal’s Best Friend
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
Last week, AI giant Anthropic said it had uncovered three particularly alarming uses of its Claude tool: a large-scale extortion operation, a fraudulent employment scheme from North Korea and AI-generated ransomware.
Its assessment was stark: “Agentic AI has been weaponized. AI models are now being used to perform sophisticated cyberattacks, not just advise on how to carry them out.”
Cybersecurity experts have long feared AI agents would drastically increase the scale of digital crime. It’s now being borne out in reality.
In an “unprecedented” extortion case, Anthropic said the hacker used Claude Code to automate reconnaissance on 17 different organizations by gathering employees’ usernames and passwords to find a way onto target networks. Claude did plenty of malicious work on its own: it decided what data to steal and how much ransom to demand to make based on victims’ financial information. It even came up with the language used to threaten to release the pilfered data if the company didn’t pay up.
Anthropic also found that North Koreans had used Claude to create convincing fake people who could pass coding tests in job interviews at major American technology companies. Once they secured jobs, Claude would then carry out technical tasks.
Finally, the company also learned its AI was used by someone with minimal technical skills to code up ransomware packages, which were then sold online to other cybercriminals for up to $1,200.
Benevolent hackers have caught onto AI’s power too. Various offensive and defensive-focused companies are looking to AI agents to find ways into company networks on behalf of defense and intelligence agencies to gather data on foreign governments, or to help their customers’ IT teams figure out where their weaknesses lie.
One of the more prominent companies in this new era of AI-powered hacks is XBOW, whose AI tries to find vulnerabilities in commonly-used software. Its software rose to the top of HackerOne’s leaderboard for identifying such bugs earlier this year. In August, it said OpenAI’s GPT-5 model, when integrated into XBOW’s agent, led to a “significant leap in performance” and helped find “vastly more exploits.” If XBOW and competitors can get such powerful tools into the hands of defenders before criminals, it may help prevent new, AI-powered attacks from happening.
With both cyber defenders and criminals making use of these new AI tools, it’s clear we’ve entered a new cybersecurity arms race pitting AI vs. AI. Only time will tell which side will emerge victorious.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
THE BIG STORY:
Chinese Hackers May Have Stolen Data On ‘Nearly Every American’
A hacking group known as Salt Typhoon, believed to be sponsored by the Chinese government, has hacked into as many as 200 American organizations, including major telecoms companies like AT&T and Verizon, according to the FBI.
Last week, intelligence agencies from the western world identified three organizations that allegedly assisted in the attacks: Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology.
“We are deeply concerned by the irresponsible behaviour of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale,” said Dr Richard Horne, chief executive of the U.K.’s National Cyber Security Centre, a branch of the GCHQ signals intelligence agency.
Stories You Have To Read Today
WhatsApp users have been encouraged to update the messaging app after a warning that a vulnerability “may have been exploited in a sophisticated attack against specific targeted users.” It specifically targeted users of the iOS and Mac versions of the app, and experts have suggested the attacks could’ve been launched by a spyware vendor.
One such surveillance company, Paragon Solutions, just had its $2 million contract with Immigration Customs Enforcement reactivated, according to independent reporter Jack Poulson. ICE had been ordered to put the work with Paragon on hold after the Biden administration sought to explore whether it’d breached rules on acquiring spyware.
Winner of the Week
Cloudflare claims to have stopped a record distributed denial of service attack in recent weeks. It measured in at 11.5 terabits per second (Tbps), beating the previous record of 7.3 Tbps.
Loser of the Week
Cybersecurity giant Palo Alto Networks has suffered a data breach. It was one of hundreds of victims whose Salesforce information has been taken thanks to another hack at sales automation platform Salesloft. That breach allowed hackers to steal authentication tokens for a Drift chat agent that was integrated with Salesforce, allowing access to many customers’ data, Bleeping Computer reports.
More On Forbes