The writer is professor of digital ethics and defence technologies at the Oxford Internet Institute and a member of the Ministry of Defence AI ethics advisory panel
This month, artificial intelligence start-up Anthropic published a report that marked a watershed moment in cyber security. For the first time, a largely autonomous cyber attack had been conducted by an AI system. The operation, which occurred last September, was attributed to GTG-1002, a hacking group linked to the Chinese government.
The details of the attack merit close attention. Anthropic says that hackers used its agentic coding agent Claude Code to automate nearly the entire attack cycle. Once prompted, the AI identified and exploited vulnerabilities in high-value targets, from major technology companies to government agencies.