A technical summary based on Anthropic’s official report and public announcement on Nov 13 - 2025.

Introduction
In November 2025, Anthropic released a detailed investigation into a cyber espionage campaign that relied heavily on AI automation. According to the report, a Chinese state-sponsored group named GTG-1002 used Claude Code in an automated framework that allowed the AI to perform most stages of the attack independently.
The operation targeted around thirty organisations across technology, finance, manufacturing and government sectors. Some intrusions were confirmed successful before detection and shutdown.
This article summarises the report in simple and clear language. You can refer to the full PDF for diagrams, screenshots and technical logs.
Overview of the Attack
Anthropic detected the activity in mid-September 2025. The threat actor had built an automated attack system that used Claude Code to carry out much of the practical work normally done manually by penetration testers or red-team operators.
Key characteristics include:
- AI completed roughly 80 to 90 percent of tactical actions.



