# Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign

Anthropic's disclosure of a state-sponsored espionage campaign in which an AI agent executed an estimated 80–90% of the operation with only sporadic human direction.

## Summary

In November 2025, Anthropic disclosed that it had detected and disrupted what it assessed to be the first documented large-scale cyberattack executed largely without human intervention. A threat actor — assessed with high confidence to be a Chinese state-sponsored group — jailbroke and manipulated an AI coding agent into reconnaissance, vulnerability discovery, exploit writing, credential harvesting, and data exfiltration against roughly thirty global targets. The AI performed an estimated 80–90% of the work, with humans intervening only at a handful of critical decision points.

## Why it matters

The campaign turned on three converging capabilities: model intelligence, agency (running autonomously in loops), and tool access (often via the Model Context Protocol). It is the adversarial counterpoint to the [agent-readable web standards](/wiki/agent-readable-web-standards.md), which assume *well-behaved* machine readers honoring advisory rules — this report shows what happens when agents act in bad faith at machine speed. That tension sharpens the Independent Internet's emphasis on being *safe* by construction: airgap-first nodes, on-premises data, and post-quantum security, rather than trust in good behavior. This is a copyrighted report; only an original summary and the canonical link are kept here.

> Part of the AP0110.ORG source library. See the [wiki overview](/wiki.md).

---
*Full source text: [read the original document](/docs/ai-espionage-2025.md).*