Cross icon
Test your LLM for oversharing! Test for real-world oversharing risks with role-specific prompts that mimic real workplace questions. FREE - Start Now
protect icon

A new era requires a new set of solutions
Knostic delivers it

Skip to main content
Assess Your Copilot
Skip to main content
Get a Demo
Skip to main content
Book a Demo

Cybersecurity's Turning Point: First AI-Orchestrated Cyber Espionage

Knostic Team
by Knostic Team
18 November 2025
2 mins read

Contents

Anthropic released research in November 2025 documenting the first reported case of a large-scale AI-orchestrated cyber espionage campaign, with humans intervening only at a handful of key decision points. 

How it worked: 

In mid-September 2025, Anthropic detected an espionage campaign by a Chinese state-sponsored group. The attackers manipulated Claude Code to attempt infiltration of approximately 30 global targets, including tech companies, financial institutions, chemical manufacturers, and government agencies, successfully compromising a small number.

The threat actor leveraged AI to execute 80-90% of tactical operations, requiring human intervention at only 4-6 critical decision points per campaign.

The attackers:

  • Jailbroke Claude by breaking attacks into small, seemingly routine tasks and claiming they were conducting legitimate security testing

  • Used AI for reconnaissance to inspect target systems and identify high-value databases

  • Automated exploitation, as Claude researched vulnerabilities and wrote exploit code

  • Orchestrated data exfiltration with the AI harvesting credentials, creating backdoors, and categorizing stolen data by intelligence value

  • Generated attack documentation to assist in planning future operations

The AI autonomously discovered vulnerabilities, exploited them in live operations, managed phase transitions, aggregated results across multiple sessions, and ran post-explotation activities, including lateral movement, privilege escalation, and data exfiltration.

Why this Attack Represents a Turning Point

What makes this attack eye-opening is that it actually wasn't particularly sophisticated. The attackers relied largely on open-source penetration testing tools and standard security utilities rather than custom-built malware or novel attack techniques.

As Knostic CEO Gadi Evron, Google VP of Security Engineering Heather Adkins, and Harvard Kennedy School Fellow Bruce Schneier argued in CSO Online,  we may be approaching a singularity event for cyber attackers if attack capabilities could accelerate beyond our individual and collective capability to handle. AI agents don't need to excel at every task; they just need to excel in one of four dimensions: speed, scale, scope, or sophistication.

What this attack lacked in sophistication, it overwhelmingly compensated for in the other three:

Speed:  Claude performed reconnaissance, inspecting target organizations' systems, identifying high-value databases, and reporting findings to human operators. All in a fraction of the time a human team would require. At peak activity, the AI made thousands of requests, often multiple per second. This attack speed is impossible for human hackers to match. 

Scale: The operation achieved a reach typically associated with nation-state campaigns while maintaining minimal direct human involvement. The architecture incorporated Claude's technical capabilities as an execution engine within a larger automated system, where the AI performed specific technical actions based on human operators' instructions while the orchestration logic maintained attack state, managed phase transitions, and aggregated results across multiple sessions.

Scope: The sheer volume of work performed would have required vast amounts of time for a human team. Even if humans could perform each individual task better, the AI executed far more work than any individual or small team could manage simultaneously.

Impact 

This attack proves that the barriers to performing large-scale cyberattacks have dropped substantially. Operations that previously required teams of skilled hackers can now be conducted with significantly fewer resources and less specialized expertise. AI agents reduce the skill, cost, and time required to find and exploit vulnerabilities, making advanced capabilities more accessible. Current trends suggest AI agents will continue to improve across all four dimensions, including sophistication.

Organizations must adapt their defenses to address AI-enabled threats. Key focus areas include:

  1. Gain visibility into where and how AI agents are being used in your environment

  2. Educate security teams on AI agent capabilities and how to use agents defensively

  3. Implement AI-specific controls to protect against agent misuse

About Knostic 

Knostic helps organizations ensure security keeps pace with AI. As enterprises adopt AI, traditional controls often fail. Knostic identifies where these controls fall short and modernizes them for an AI-powered world. 

Learn more: https://www.knostic.ai

CSO Online Article: https://www.csoonline.com/article/4069075/autonomous-ai-hacking-and-the-future-of-cybersecurity.html 

Anthropics research:
https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf 

About Knostic Labs 

Knostic Labs explores the AI security projects that start as bold experiments and evolve into proven solutions. From early concepts to enterprise-ready products, see how innovation moves through Knostic Labs.

Learn more: https://www.knostic.ai/knostic-labs 

Read Knostic Lab’s research here: https://www.knostic.ai/blog/tag/research-findings

Data Leakage Detection and Response for Enterprise AI Search

Learn how to assess and remediate LLM data exposure via Copilot, Glean and other AI Chatbots with Knostic.

Get Access

Mask group-Oct-30-2025-05-23-49-8537-PM

The Data Governance Gap in Enterprise AI

See why traditional controls fall short for LLMs, and learn how to build policies that keep AI compliant and secure.

Download the Whitepaper

data-governance

Rethinking Cyber Defense for the Age of AI

Learn how Sounil Yu’s Cyber Defense Matrix helps teams map new AI risks, controls, and readiness strategies for modern enterprises.

Get the Book

Cyber Defence Matrix - cover

Extend Microsoft Purview for AI Readiness

See how Knostic strengthens Purview by detecting overshared data, enforcing need-to-know access, and locking down AI-driven exposure.

Download the Brief

copilot-img

Build Trust and Security into Enterprise AI

Explore how Knostic aligns with Gartner’s AI TRiSM framework to manage trust, risk, and security across AI deployments.

Read the Brief

Image-1

Real Prompts. Real Risks. Real Lessons.

A creative look at real-world prompt interactions that reveal how sensitive data can slip through AI conversations.

Get the Novella

novella-book-icon

Stop AI Data Leaks Before They Spread

Learn how Knostic detects and remediates oversharing across copilots and search tools, protecting sensitive data in real time.

Download the Brief

Solution Brief

Accelerate Copilot Rollouts with Confidence

Equip your clients to adopt Copilot faster with Knostic's AI security layer, boosting trust, compliance, and ROI.

Get the One-Pager

cover 1

Reveal Oversharing Before It Becomes a Breach

See how Knostic detects sensitive data exposure across copilots and search, before compliance and privacy risks emerge.

View the One-Pager

cover 1

Unlock AI Productivity Without Losing Control

Learn how Knostic helps teams harness AI assistants while keeping sensitive and regulated data protected.

Download the Brief

safely-unlock-book-img

Balancing Innovation and Risk in AI Adoption

A research-driven overview of LLM use cases and the security, privacy, and governance gaps enterprises must address.

Read the Study

mockup

Secure Your AI Coding Environment

Discover how Kirin prevents unsafe extensions, misconfigured IDE servers, and risky agent behavior from disrupting your business.

Get the One-Pager

cover 1

Tags:

research findings
bg-shape-download

See How to Secure and Enable AI in Your Enterprise

Knostic provides AI-native security and governance across copilots, agents, and enterprise data. Discover risks, enforce guardrails, and enable innovation without compromise.

Request a Demo
195 1-min

Related Articles

MCP Hijacking of Cursor’s New Browser
MCP Hijacking of Cursor’s New Browser
13 November 2025
Deep Dive: Cursor Code Injection Runtime Attacks
Deep Dive: Cursor Code Injection Runtime Attacks
5 November 2025
Detecting GlassWorm with YARA Rules
Detecting GlassWorm with YARA Rules
27 October 2025
Zero Width Unicode Characters: the Risks you Can't See
Zero Width Unicode Characters: the Risks you Can't See
21 October 2025
background for career

What’s next?

Want to solve oversharing in your enterprise AI search? Let's talk.

Knostic offers the most comprehensively holistic and impartial solution for enterprise AI search.

Schedule a demo arrow icon
protect icon

Knostic leads the unbiased need-to-know based access controls space, enabling enterprises to safely adopt AI.

knostic logo white

United States
205 Van Buren St,
Herndon, VA 20170

Become Our Partner

Log in arrow icon Apply now

Free Tools

Industry Solutions

Policies and Legal

Resources

Departments

Roles

Schedule a demo arrow icon
Schedule a demo arrow icon

EXPLORE KNOSTIC

Free Tools

Solutions by Department

Solutions by Role

Solutions by Industry

Resources

COMPANY

Become Our Partner

Log in arrow icon Apply now
Copyright © 2025. All rights reserved