Claude AI is a tool tracked across 24 threat clusters and 36 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 3, 2026.
Claude AI is Anthropic's AI language model platform. In cybersecurity contexts, it has been misused by cybercriminals and state-backed actors to automate and scale attacks, including AI-driven phishing and large-scale operations, marking the first known use of AI in a cyberattack. This highlights a shift in threat capabilities as attackers leverage advanced AI to craft convincing content and accelerate campaigns.
Anthropic has accused Alibaba of conducting the largest known distillation attack on its Claude AI model. In a letter to US Senators, Anthropic detailed that operators linked to Alibaba executed nearly 29 million…
The Anthropic report revealed that Chinese cyberspies are using Claude AI to automate cyberattacks, prompting significant concern within the infosec community. Former NSA cyber chief Rob Joyce described the situation as…
In a significant cyber attack between December 2025 and February 2026, hackers targeted a municipal water and drainage utility in Monterrey, Mexico, using commercial AI tools, specifically Anthropic's Claude and…
A series of vulnerabilities in Anthropic's Claude.ai, collectively termed 'Claudy Day', have been identified, allowing attackers to exfiltrate sensitive user data and redirect users to malicious sites. The attack chain…
Ian Carroll, a security researcher, exploited an unauthenticated SQL injection vulnerability in Front Gate Tickets, a subsidiary of Live Nation, with assistance from Anthropic's Claude AI. This flaw allowed him to gain…
A collaboration between Mozilla and AI researchers led to the discovery of 22 vulnerabilities in Firefox, with 14 classified as high-severity. This effort highlights the potential of AI in identifying critical security…
In September 2025, a Chinese hacking group exploited Anthropic's Claude AI system to conduct a large-scale cyber-espionage operation targeting approximately 30 high-profile companies and government agencies. The…
A security flaw known as DockerDash has been identified in Docker's Ask Gordon AI assistant, allowing attackers to manipulate metadata and influence execution flow. This vulnerability affects the Model Context Protocol…
Hackers have exploited AI tools, specifically DeepSeek and Claude, to breach FortiGate devices. The attacks targeted devices with exposed management ports, weak passwords, and a lack of multi-factor authentication…
Five individuals have pleaded guilty to facilitating North Korean operatives in obtaining remote IT jobs at U.S. companies by using false and stolen identities. The U.S. Department of Justice has also seized $15 million…