3 min read

Anthropic finds Claude Code used in mostly automated hack

Anthropic says a state-linked group used Claude Code in a cyberattack with 80% to 90% of the work automated, exposing weak AI governance in Australia.

Image: TechRepublic

69% of Australian organizations are already running autonomous AI agents in production, but only 22% have a mature governance model for controlling what those agents can access, according to Deloitte’s 2026 State of AI in the Enterprise report. That gap now looks more urgent after Anthropic disclosed that attackers used Claude Code in a largely automated cyber campaign.

Anthropic said it discovered unusual activity in September 2025 while investigating its own coding tool. The company later concluded that a Chinese state-linked group had used Claude Code to try to breach about 30 organizations worldwide, including big tech companies, banks, chemical manufacturers, and government agencies. According to Anthropic, the AI handled 80% to 90% of the operation on its own, with a human stepping in only a few times per campaign to approve the next move. Left running, the system was sending requests several times a second.

The key point for Australian enterprises is how the attackers did it. Anthropic said they did not exploit the model’s training or bypass its safety rules directly. Instead, they broke the task into small, routine-looking requests and relied on the tool’s existing connections to execute them. That mirrors how enterprise agents use MCP to open files, query databases, or call APIs.

Local data suggests many companies are not ready for that risk. Sinch found that 84% of Australian enterprises have rolled back or shut down a customer-facing AI agent because of a governance failure, 10 percentage points above the global average across 10 countries. Among those that pulled an agent, 45% cited fears that personal information had been exposed — the highest rate in the survey — while 22% pointed to poor auditability.

Agent accountability and access control

Existing controls such as the Privacy Act, APRA’s CPS 234, and the Australian Signals Directorate’s Essential Eight assume a named person approves access to sensitive data. An agent that independently decides to open a file or call an API mid-session does not fit neatly into that model.

Recommended reading

Microsoft tightens OAuth defenses after ShinyHunters attacks

The Governance Institute of Australia white paper, Governing in the Age of Agentic AI, produced with Mallesons, SEEK, and the University of Melbourne, makes “an owner for every agent deployed” its first priority for boards. That reflects how far practice still lags deployment.

A separate survey from Semperis found that only 52% of Australian organizations have their AI agent identities fully registered, authenticated, and authorized in a formal system, versus 65% globally. It also found that 92% said AI is installed on at least some local machines with access to SSH and encryption keys. Just 21% of Australian respondents said they were very confident they could regain control if an agent’s credentials were exposed, compared with 32% globally.

For IT and security teams, the advice in the report is straightforward:

  • inventory every agent and assign business, technical, and security owners
  • route agent access through a governed MCP gateway or similar policy-enforcement point
  • treat agents as non-human identities with least-privilege, expiring permissions
  • build and test a shutdown process, including revoking credentials and preserving logs

The warning is blunt: the next AI-run intrusion may not look like an attack at all. It may look like an agent doing exactly what it was allowed to do.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TechRepublic

// Keep reading