‘Wake Up’: Foreign Spies Are Now Using AI to Run Cyberattacks on Autopilot

The original story by Sam Sabin for Axios.

The age of AI-powered cyberattacks isn’t coming — it’s here.

Security researchers say the dam has officially broken on foreign intelligence services using AI tools to automate hacking campaigns, dramatically lowering the skill and effort needed to pull off serious cyber operations.

Think less “hoodie-wearing hacker mashing a keyboard,” and more: a spy types in a goal — disrupt a water system, steal an AI model design — and lets an AI agent handle most of the technical work.

“This is going to destroy us — sooner than we think — if we don’t make AI regulation a national priority tomorrow,” Sen. Chris Murphy (D-Conn.) warned on X.

This week, Anthropic said it uncovered what appears to be the first documented case of a largely automated cyberattack run through an AI assistant.

• Suspected Chinese state hackers used Claude Code, Anthropic’s AI coding tool, to help target roughly 30 organizations.
• Their list included tech companies, banks, chemical manufacturers and government agencies.
• The attackers successfully broke into several of those targets.

According to Anthropic, Claude automated about 80–90% of the operation — from crafting attack code to probing systems — with humans mostly steering and refining the campaign.

Earlier this month, Google reported that Russian military hackers had used AI to generate malware scripts aimed at Ukrainian targets. Put together, the two cases show that multiple governments are already experimenting with AI as a core weapon in cyber warfare.

“This is simply the tip of the iceberg and a clear indication of the future threat landscape,” said John Watters, CEO of cybersecurity firm iCounter.

For months, cybersecurity experts have been warning about fully autonomous cyberattacks — attacks where AI agents can plan, code, test, and execute intrusions with minimal human input.

The rough estimate was that such operations were 12 to 18 months away.

That window just shrank.

If an AI model can now handle 80–90% of a live espionage campaign, the gap between “AI-assisted” and “AI-run” is closing fast. And as models get smarter, faster and more capable, state-backed hacking is likely to escalate in both sophistication and scale.

The unsettling part? Nation-state hackers were already tough to beat before AI got involved.

• China has maintained access to parts of US critical infrastructure for years, according to multiple government assessments.
• Chinese operatives reportedly breached President Donald Trump’s phone during his 2024 campaign.

AI doesn’t create the threat from scratch — it supercharges it.

“The fact this is only one model and the rest are likely being similarly abused — all chilling stuff that we’ve been expecting for years,” wrote Chris Krebs, former head of the US Cybersecurity and Infrastructure Security Agency (CISA), on LinkedIn.

All of this is hitting at a particularly awkward moment for the US government.

• CISA has lost more than a third of its workforce this year, after layoffs and buyout offers hollowed out parts of the agency that’s supposed to defend critical infrastructure.
• Information-sharing between private companies and the federal government has been on shaky ground, after Congress allowed a liability protection program for sharing threat data to expire.
• Funding cuts have forced many state and local governments — including utilities like water and power systems — to scale back their cyber programs just as the threat level is rising.

That’s not a great combo when foreign spies are experimenting with point-and-click AI hacking tools.

It’s not all doom.

Major cybersecurity vendors are racing to build their own AI-powered defense systems, designed to:

• Automatically spot phishing emails and block them before they reach inboxes.
• Detect and shut down malicious scripts before they execute.
• Simulate how adversarial AI models might probe networks — letting defenders patch holes before attackers find them.

“We’re moving quickly into an era where adversaries will automate the parts of the kill chain that don’t require creativity or deep expertise — and defenders need to be ready,” former CISA director Jen Easterly wrote.

In other words, both sides are trying to hand more of the workload to machines. The question is who automates faster — and smarter.

The big takeaway from Anthropic’s findings isn’t just that Chinese spies used Claude in a hacking op. It’s that a milestone has quietly been crossed:

• AI is no longer just a helper for hackers — it’s becoming an operator, able to handle the bulk of an intrusion with limited human oversight.
• The bar to entry for running sophisticated cyber campaigns is dropping: fewer elite coders, more “describe-what-you-want-and-click-run.”
• Meanwhile, the public sector’s capacity to respond — especially in the US — is facing staffing shortages, funding cuts and legal uncertainty.

Experts say that if the US doesn’t move quickly on AI regulation, cyber staffing, and modernizing critical infrastructure, the combination of smarter AI and weaker defenses could set the stage for a very rough decade.

For now, one thing is clear: the age of AI-powered cyberattacks is no longer science fiction. It’s policy, security — and crisis management — in real time.