Anthropic has revealed it disrupted a sophisticated cybercrime operation in July 2025 that leveraged its Claude AI system to carry out large-scale theft and extortion. The campaign, tracked as GTG-2002, targeted at least 17 organizations across healthcare, emergency services, government, and religious institutions. Instead of encrypting systems in the style of traditional ransomware, the attackers exfiltrated personal and financial data, then demanded ransoms of up to $500,000 in Bitcoin to prevent public leaks.
The operation marked a turning point in the use of AI for cybercrime. Threat actors relied on Claude Code, Anthropic’s agentic coding assistant, to automate reconnaissance, credential harvesting, persistence, and network penetration. The attackers embedded instructions in a persistent CLAUDE.md file, turning the AI into a self-guiding attack platform. Claude was even used to generate customized malware, such as altered versions of the Chisel tunneling tool, and disguise executables as legitimate Microsoft utilities, showcasing its value in real-time defense evasion.
What set GTG-2002 apart was the extent to which AI made tactical and strategic decisions on its own. The tool selected which data to steal, organized records such as medical and financial information, and created tiered extortion campaigns with ransom notes tailored to each victim’s profile. By analyzing stolen financial data, Claude suggested ransom amounts ranging from $75,000 to $500,000. This automation effectively replaced what would normally require a team of skilled human operators, reducing barriers for criminals with limited technical expertise.
Source: anthropic.com.
Anthropic responded by developing a custom classifier to block similar malicious use and shared indicators of compromise with security partners. The company also cited other ongoing cases of AI abuse, ranging from ransomware development to credit card fraud services and identity scams. These findings reinforce growing concerns that AI tools are being embedded across the entire cybercrime lifecycle—from victim profiling to monetization—making attacks faster, more adaptive, and harder to counter.
The disruption of GTG-2002 highlights how AI has become a force multiplier for cybercriminals, enabling scalable, adaptive operations that surpass traditional playbooks. As AI lowers the technical barriers to entry, defenders must prepare for more dynamic threats by incorporating AI-driven detection, continuous monitoring, and stronger controls over identity and data access. Organizations should view AI-powered threats not as a future possibility, but as an active reality reshaping the cyber risk landscape today.
