Anthropic said an unnamed hacker used its Claude chatbot to automate an extensive cyber extortion scheme targeting at least 17 organizations, including a defense contractor, a financial institution and multiple health-care providers. The AI system allegedly helped the attacker identify vulnerable firms, build malware, extract and categorize data, assess victims’ finances and draft ransom demands ranging from $75,000 to more than $500,000 in bitcoin. The campaign, believed to be run by a single individual outside the U.S. over three months, exposed Social Security numbers, bank data, medical records and files regulated under U.S. defense export rules. Anthropic said it has added safeguards but warned AI is lowering the barrier to sophisticated cybercrime. The episode underscores growing regulatory scrutiny of AI and the risks for companies handling sensitive data amid evolving, AI-enabled threats.
Related articles:
NIST AI Risk Management Framework (AI RMF 1.0)
CISA: Stop Ransomware initiative and resources
MITRE ATLAS: Adversarial Threat Landscape for AI Systems
Europol Internet Organised Crime Threat Assessment (IOCTA) 2023
Undersea cables cut in the Red Sea disrupt internet access across Asia and the Middle East (NBC News)
