Sometimes, the cybersecurity world hits a moment that forces everyone to stop and pay attention. Anthropic just published a report that describes the first publicly confirmed cyberattack that was largely orchestrated by AI. The attackers used Claude Code to automate a coordinated intrusion across thirty different companies. This was not a human-guided assault with a little AI sprinkled in. It was an operation where AI did most of the work.
This is the moment many of us in security have been expecting, and it arrived faster than most people thought. It changes the conversation. It changes the stakes. And it should change how every company prepares for the future.
Here are my biggest takeaways.
AI Attacks Will Grow in Speed and Scale
Claude Code carried out a substantial part of this attack without human direction. It scanned networks, analyzed services, found vulnerabilities, built payloads, harvested credentials, moved through internal systems, and even created documentation that operators could pick up later. It did this across multiple organizations at the same time.
No human team can work at that pace. AI works at machine speed and never slows down. That is a new reality. Security programs built entirely around analysts, manual investigation, and traditional workflows will not be able to match the rate at which AI-driven attacks develop.
The Barrier to Launching Serious Attacks Has Dramatically Fallen
There was a time when a campaign like this needed a nation-state with a large and highly skilled offensive team. The introduction of AI changes that equation. With the right setup, a small group or even a determined individual can run an attack that once needed significant resources.
This is one of the most important points in the entire report. We are not just facing stronger attackers. We are facing more attackers. That shift increases volume, unpredictability, and risk for companies of every size.
Defenders Must Adopt AI To Keep Pace
There is no way to protect modern environments when the adversary is running with automated systems, and the defender is still relying on slow, human-only processes. We need to bring AI into detection, investigation, response, automation, enrichment, and everything that happens inside the security operations model.
AI does not replace the human team. It amplifies it. Humans bring judgment, experience, creativity, and ethical oversight. AI brings speed, scale, and the ability to process massive amounts of data instantly. The organizations that learn to combine the two will be the ones that stay ahead of this new wave of threats.
A Positive Signal and a Realistic Closing Thought
There was one encouraging element in the Anthropic report. The attackers struggled with AI hallucinations. Claude Code generated fake credentials, misleading findings, and data that was inaccurate. These errors slowed parts of the attack and introduced friction into their workflow. It reminds us that AI is powerful, but it still requires supervision and is far from foolproof.
The realistic message is that these attacks will continue, and they will evolve. We cannot count on errors forever. What we can do is prepare. We can modernize our security strategies. We can adopt AI thoughtfully across the stack. And we can keep humans in the middle to ensure accountability and control.
This is not a future problem. It is here today. The companies that move quickly will be far better positioned to navigate what comes next. View full video here.
