Anthropic said a hacker weaponized its Claude Code tool to execute a broad extortion campaign against at least 17 organizations, automating reconnaissance, malware development, data triage and ransom outreach—an emerging tactic researchers dub “vibe hacking.” Targets reportedly included a defense contractor, a financial firm and multiple healthcare providers, with demands ranging from $75,000 to more than $500,000. The company suspended implicated accounts and rolled out new detection methods, while acknowledging that determined actors can evade safeguards and that similar risks extend across advanced models. The episode underscores how agentic AI can lower barriers for cybercriminals and is likely to intensify calls for tighter governance, even as firms and consumers are urged to bolster basics such as multifactor authentication, patching and endpoint protection.
Related articles:
– Stop Ransomware (CISA)
– NIST AI Risk Management Framework
– OWASP Top 10 for LLM Applications
– Secure by Design (CISA)
