Despite the “sophisticated” guardrail, humanity, AI infrastructure companies, says that cybercriminals are still finding ways to misuse the AI chatbot Claude to carry out massive cyberattacks.
In a “Threat Intelligence” report released Wednesday, members of Anthropic’s Threat Intelligence team shared several cases of criminals exploiting Claude Chatbot, with several attacks demanding ransoms of more than $500,000.
They discovered that chatbots are used not only to provide technical advice to criminals, but also to directly perform hacks through “vibe hacking”, and can perform attacks with just basic knowledge of coding and encryption.
February, blockchain security company’s predicted chain dialysis crypto fraud could be the biggest year in 2025.
Humanity has found hackers who were “hacking the atmosphere” with Claude to steal sensitive data from at least 17 organizations, including healthcare, emergency services, government and religious institutions.
Simulated ransom notes show how cybercriminals leverage Claude to pose a threat. sauce: Humanity
The hackers trained Claude, assessed stolen financial records, calculated appropriate ransom amounts, and wrote custom ransom notes to maximize psychological pressure.
Although humanity later banned attackers, the incident reflects the way AI makes it easier for even the most basic level coders to carry out cybercrime to “unprecedented degree.”
“Actors who can’t implement basic encryption independently or understand Syscall mechanics have successfully created ransomware with evasion capabilities (and implement anti-analytic techniques).”
North Korean IT workers also used human Claude
Humanity has also discovered that North Korean IT workers are using Claude to secure remote roles at Convincing Identives, Pass Technical Coding Tests and even US Fortune 500 high-tech companies. They also used Claude to prepare interview responses for those roles.
Claude was also used to carry out technical jobs after being hired, humanity said, saying the employment scheme was designed to concentrate interests on the North Korean regime despite international sanctions.
The Claude-driven task breakdown is used by North Korean IT workers. sauce: Humanity
Earlier this month, a North Korean IT worker was counterhacked, with a team of six sharing at least 31 fake identities and able to obscure their true identity and land code work by purchasing LinkedIn and Upwork accounts from government IDs and phone numbers.
Other evidence has been presented in response to script interviews that one of the workers who appears to have been interviewed in the Polygon Labs full stack engineer position has experience with NFT Marketplace Opensea and Blockchain Oracle Provider ChainLink.
Humanity said the new report aims to publicly discuss cases of misuse in order to support the wider AI safety and security community and to enhance the broader industry’s defenses against AI abusers.
Despite implementing “sophisticated safety and security measures” to prevent Claude’s misuse, the malicious actors have said they continue to find ways around them.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
