Hackers have been caught trying to weaponise Anthropic’s Claude system to carry out phishing scams, develop ransomware, and run influence campaigns.
The company disclosed these findings in its August 2025 Threat Intelligence Report, raising fresh alarms over the fast-growing misuse of artificial intelligence in cybercrime.
According to the report, attackers attempted to manipulate Claude into: drafting phishing emails with psychological precision, generating and debugging malicious code, bypassing filters through repeated prompts, producing persuasive propaganda posts at scale, and even guiding inexperienced hackers with step-by-step instructions.
In one case, Claude Code was used in a campaign that targeted 17 organisations, from healthcare providers to government agencies, with ransom demands reaching $500,000.
Anthropic confirmed that its security defences intercepted the activity. Compromised accounts were banned, high-risk prompts blocked, and restrictions placed on access to financial, adult, and pirated content.
The company also introduced mandatory confirmation for risky actions such as publishing or sharing sensitive personal data. These measures, it said, cut the success rate of prompt injections from 23.6% to 11.2%, a notable improvement in system resilience.
The company explained: “We will continue publishing reports whenever we detect major threats. Our goal is to help the wider community understand how these systems may be exploited and how to stop them.”
Earlier this year, Microsoft’s Azure OpenAI service was breached, allowing hackers to generate harmful content by sidestepping safeguards. OpenAI, in June, launched a dedicated initiative to combat malicious use of AI in covert operations and cyber espionage.
Google’s Gemini has also faced issues for what was described as inadequate transparency in its safety measures.
Governments are now stepping in. The European Union’s Artificial Intelligence Act began enforcement on 2 August 2025. It introduces strict risk management rules for general-purpose AI, cybersecurity-by-design requirements for high-risk systems, and penalties of up to €35 million or 7% of global turnover.
In the United States, the White House has secured voluntary commitments from major AI developers, but critics argue that only binding regulation will close the gap between safeguards and threats.
With AI models becoming more powerful, the line between innovation and exploitation will only grow sharper.
