Anthropic described the operation as the first reported AI‑orchestrated cyber espionage campaign, carried out by a state‑backed group that leveraged Claude Code to automate as much as 90% of the tasks. The company said human intervention occurred only at a handful of critical decision points.
However, outside researchers have urged caution, noting that security advances often translate into incremental improvements rather than watershed shifts. They point out that attackers rely on familiar tools and workflows, with AI providing limited automation in some cases rather than a wholesale breakthrough in capability.
The broader claim centers on the idea that AI agents can run autonomously for long periods and coordinate complex campaigns. Anthropic warned that such autonomy could pose elevated risks if misused, while defenders say the real-world impact remains uncertain until more evidence emerges.
Some researchers have questioned whether models can consistently produce results at the level described, suggesting that the reported 90% success rate for attackers may be overstated while defenders still confront recurring challenges with AI-assisted tooling.
Anthropic also noted important limitations: even with automation, many operations appear to require human oversight, and the observed campaign affected dozens of targets with only a minority of attacks succeeding. As researchers continue to scrutinize the findings, experts say it is premature to declare AI-driven autonomy a turning point in cyber threats.
