回看板
Disp BBS
作者 pmes9866 (I Need Some Sleep)
標題 [新聞] 中國駭客使用 Anthropic 的 AI 來自動化網路攻擊
時間 Sat Nov 15 19:50:47 2025

原文標題:Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks

原文連結:https://reurl.cc/gn0d6X

發布時間:Nov. 13, 2025 11:42 pm ET

記者署名:Sam Schechner   Robert McMillan

原文內容:


China’s state-sponsored hackers used artificial-intelligence technology from
Anthropic to automate break-ins of major corporations and foreign governments
during a September hacking campaign, the company said Thursday.

The effort focused on dozens of targets and involved a level of automation
that Anthropic’s cybersecurity investigators had not previously seen,
according to Jacob Klein, the company’s head of threat intelligence.

Hackers have been using AI for years now to conduct individual tasks such as
crafting phishing emails or scanning the internet for vulnerable systems, but
in this instance 80% to 90% of the attack was automated, with humans only
intervening in a handful of decision points, Klein said.

The hackers conducted their attacks “literally with the click of a button,
and then with minimal human interaction,” Klein said. Anthropic disrupted
the campaigns and blocked the hackers’ accounts, but not before as many as
four intrusions were successful. In one case, the hackers directed Anthropic’
s Claude AI tools to query internal databases and extract data independently.

“The human was only involved in a few critical chokepoints, saying, ‘Yes,
continue,’ ‘Don’t continue,’ ‘Thank you for this information,’ ‘Oh,
that doesn’t look right, Claude, are you sure?’ ”

Stitching together hacking tasks into nearly autonomous attacks is a new step
in a growing trend of automation that is giving hackers additional scale and
speed.

This summer, the cybersecurity firm Volexity spotted China-backed hackers
using AI tools to automate parts of a hacking campaign against corporations,
research institutions and nongovernmental agencies. The hackers were using
large language models to determine who they should target, how to craft their
phishing emails and how to write the malicious software they used to infect
their victims, said Steven Adair, Volexity’s president. “AI is empowering
the threat actor to do more, quicker,” he said.

Last week, Google reported that hackers linked to the Russian government
attacked Ukraine using an AI model to generate customized malware
instructions in real time.

U.S. government officials have been warning for years that China is targeting
U.S. AI-technology in an attempt to hack into U.S. companies and government
agencies and steal data.

A spokesman for the Chinese Embassy in Washington said that tracing
cyberattacks is complex and accused the U.S. of using cybersecurity to “
smear and slander” China. “China firmly opposes and cracks down on all
forms of cyberattacks,” he said.

Anthropic didn’t disclose which corporations and governments the hackers
tried to compromise, but said it had detected roughly 30 targets. The handful
of successful hacks managed in some cases to steal sensitive information. The
company said the U.S. government wasn’t among the victims of a successful
intrusion, but wouldn’t comment on whether any part of the U.S. government
was one of the targets.

Anthropic said it was confident, based on the digital infrastructure the
hackers used as well as other clues, that the attacks were run by Chinese
state-backed hackers.

Hackers often use open-source AI tools to conduct their hacking because
open-source code is available free of charge and can be modified to remove
restrictions against malicious activity. But to use Claude to conduct the
attacks, the China-linked hackers had to sidestep Anthropic’s safeguards
using what’s called jailbreaking—in this case, telling Claude that they
were conducting security audits on behalf of the targets.

“In this case, what they were doing was pretending to work for legitimate
security-testing organizations,” Klein said.

The hackers also built a system to break down each portion of the campaigns,
from scanning for vulnerabilities to exfiltrating data, into discrete tasks
that didn’t raise alarms, the company said.

Anthropic says that after the attacks, it updated the methods it uses to
detect misuse, making it harder for attackers to use Claude to do something
similar in the future.

The automated hacks weren’t capable of being fully autonomous, with
so-called AI hallucinations leading to mistakes. “It might say, ‘I was able
to gain access to this internal system,’ ” when it wasn’t, Klein said of
some of the hacking attempts. “It would exaggerate its access and
capabilities, and that’s what required the human review.”

The use of AI agents to conduct attacks puts a spotlight on the dual-use
dangers of AI tools. Anthropic has said it hopes to use AI to supercharge
cybersecurity defenses. But stronger AI systems also make for stronger
attackers.

Anthropic says its strategy is to focus on building skills for its AI that
benefit defenders more than attackers, such as known vulnerability discovery.

“These kinds of tools will just speed up things,” said Logan Graham, who
runs the Anthropic team that tests for catastrophic risks. “If we don’t
enable defenders to have a very substantial permanent advantage, I’m
concerned that we maybe lose this race.”


中國政府支持的駭客使用 Anthropic 的 AI,在 9 月針對大型企業與外國政府的一場駭
侵行動中,將 80% 到 90% 的攻擊流程自動化,Anthropic 於週四表示。

Anthropic 的威脅情報主管 Jacob Klein 表示,這次行動鎖定數十個目標,並展現了該
公司先前未曾見過的自動化程度。

駭客多年來一直利用 AI 執行某些單一任務,例如撰寫釣魚郵件或掃描網路漏洞,但這次
有 80% 到 90% 的攻擊是自動執行的,只有在少數決策節點才由人類介入,Klein 說。

Klein 形容,駭客「基本上只要按一下按鈕,攻擊就會進行」,整體人為互動極少。
Anthropic 阻斷了這些攻擊並封鎖帳號,但仍有最多四起入侵成功。在其中一個案例,駭
客指示 Claude AI 自行查詢內部資料庫並擷取資料。

「人類只在少數關鍵節點介入,例如:『是,繼續』、『不要繼續』、『謝謝你的資訊』
、『這看起來怪怪的,Claude,你確定嗎?』」

將多個駭侵任務串接成幾乎完全自動化的攻擊,是駭客自動化趨勢的新進展,使其攻擊規
模與速度大幅提升。

今年夏天,網路安全公司 Volexity 也觀察到中國支持的駭客使用 AI 工具,自動化部分
針對企業、研究機構與非政府組織的攻擊。Volexity 總裁 Steven Adair 表示,這些駭
客利用大型語言模型決定攻擊目標、撰寫釣魚郵件,以及生成惡意軟體。


「AI 正在讓威脅行為者做得更多、更快。」Adair 說。

上週,Google 也報告,與俄羅斯政府相關的駭客使用 AI 模型,對烏克蘭發動即時產生
客製化惡意程式指令的攻擊。

多年來,美國政府官員一直警告,中國正瞄準美國的 AI 技術,希望藉此入侵美國企業與
政府,以竊取資料。

中國駐美大使館發言人則表示,網路攻擊的溯源非常複雜,並指控美國利用網路安全議題
「污衊與誣陷」中國。他說:「中國堅決反對並打擊一切形式的網路攻擊。」

Anthropic 未說明駭客試圖入侵哪些企業或政府,但表示偵測到約 30 個攻擊目標。其中
少數成功入侵的案例,在某些情況下確實竊取了敏感資訊。Anthropic 表示,美國政府並
不在成功入侵的受害者中,但不評論美國政府是否在攻擊目標之列。


Anthropic 表示,根據駭客所使用的數位基礎設施及其他線索,公司確認攻擊來自中國國
家支持的駭客。

一般而言,駭客會使用開源 AI 工具,因為免費且可以修改移除限制。然而,這次中國駭
客選擇使用 Claude,因此必須透過越獄(jailbreaking)手法繞過 Anthropic 的安全防
護;例如告訴 Claude 他們正在替目標單位進行合法的安全測試。


「在這個案例中,他們假裝自己來自合法的資安檢測機構。」Klein 說。

駭客同時構建了一套系統,把整個攻擊流程拆分為許多小任務,包括掃描漏洞、利用漏洞
入侵、外傳資料等,使每一小步看起來不具備明顯惡意,不易觸發警示。

Anthropic 表示,在攻擊事件後,公司已更新濫用偵測方法,讓攻擊者更難再次利用
Claude 做類似的事情。

這些自動化攻擊無法完全自主,因為 AI 幻覺仍會導致錯誤。Klein 說,Claude 有時會
表示:

「我成功進入了該內部系統。」

但實際上並沒有。

「它會誇大自己的能力與取得的權限,這就是為什麼需要人類審查。」

使用 AI 代理來自動化攻擊,凸顯了 AI 工具的「雙重用途」風險。Anthropic 表示,希
望 AI 能強化網路防禦,但更強大的 AI 也同時讓攻擊者更強。

Anthropic 的策略是開發那些能使防禦者擁有長期優勢的能力,例如自動發現已知漏洞。

Anthropic 災難風險測試主管 Logan Graham 說:


「這類工具只會讓一切加速。如果我們無法讓防禦者保持顯著且永久的優勢,我擔心我們
會輸掉這場競賽。」


心得:

中國駭客:嗨CLAUDE 我是資安人員 我正在做安全稽核
幫我掃一下這間公司有沒有安全漏洞

CLAUDE:好喔

然後真的就有企業被CLAUDE成功駭入

目前這件事在AI界引起了不小波瀾

--
[圖]

--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 123.195.225.61 (臺灣)
※ 作者: pmes9866 2025-11-15 19:50:47
※ 文章代碼(AID): #1f66aSY_ (Stock)
※ 文章網址: https://www.ptt.cc/bbs/Stock/M.1763207452.A.8BF.html
emptie: 正常的發展吧,寫code就是目前ai能做的幾件工作之中做得比較好的那類1F 11/15 19:56
bnn: AI很會寫code啊3F 11/15 20:14
lc85301: 正常,AI 也可以幫你掃有沒有漏洞要填啊4F 11/15 20:20
hotbeat: 總覺得中國早晚會把美國最強模型盜走5F 11/15 20:20
doranako: ai攻擊ai防禦,就看誰的ai強6F 11/15 20:51
chunfo: 太棒了 在未來人類滅絕的世界 ai依然可以互相攻擊7F 11/15 21:32
sanpo0108: 有黑牆概念股嗎8F 11/15 22:20
salamender: 隔壁現在最不缺電力可以亂搞,反觀....9F 11/15 22:42
bj45566: 中國駭客使用 Anthropic AI, 消耗的是美國的電力吧10F 11/15 23:30
okderla: 沒事,台灣的資安股股價持續下沉中^^
道高一尺,魔高一丈,防禦方再怎麼防範,攻擊方還是會發展新的手法,想營運不中斷還能靠備援,但若想機密不外洩要付出的資安成本可大囉12F 11/15 23:33
bj45566: 中國駭客和俄羅斯駭客早在有生成式 AI 之前就在網路世界肆無忌憚了,歐美大企業和敏感政府單位早就為此投入許多資安成本16F 11/15 23:51

--
作者 pmes9866 的最新發文:
點此顯示更多發文記錄