January 8, 2026: Anthropic, an American AI/Artificial Intelligence company was recently attacked by Chinese hackers using Anthropic AI technology. Anthropic believes this hack was ordered by the Chinese government. The September attack, GTG-1002, was highly automated with the AI doing more than 80 percent of the work. Anthropic's AI coding tool, Claude Code, was configured by the hackers to use the Model Context Protocol/MCP tools to carry out the numerous technical tasks. MCP was one of several Claude Code components used to penetrate and document the target site's security and organization. This included finding and using permissions documents, which are often encrypted. Defeating the encryption is another task that is automated and orchestrated by the AI. What once took hours or days a decade ago can now be done in minutes or seconds. The lack of a human controller occasionally caused problems, as AI systems have a tendency to occasionally and unexpectedly hallucinate irrelevant data or tasks. Current AI systems are equipped to detect this aberrant behavior and recover from it.

The victims are not revealing what was copied and sent back to China. In most cases it’s difficult to measure the extent of the data stolen. The length of the attack, if that could be measured, provides a general estimate of how much data was stolen, but not what data. The AI powered hacks go into the victims server, which can hold up to 100 terabytes/TB, while the average server holds 10 TB. Data can be moved off the hacked server at speeds of up several gigabytes a second. Transfers are also subject to restrictions and verification. Hackers have to carefully map the server configuration to determine the security systems and how they regulate data leaving the server.

Anthropic revealed that there have been at least 30 other attacks and that Anthropic products are being modified accordingly. All AI products suffer from this criminal misuse. One of the new security measures will be to identify where Anthropic systems used by criminals are and disable them remotely, or at least release data of who is misbehaving where and to what end.

China denied any responsibility, which is what they usually do when caught. This is nothing new, nineteen years ago, because of new laws in the United States, Internet criminals were forced to move many of their operations from the United States to China. That puts a lot more hacking activity in China, a country that is more inclined to get cooperation, rather than convictions, from computer criminals.

The most visible form of Internet crime is spam/unsolicited email. In the previous two years, the amount of spam coming from PCs in the United States fell from nearly fifty percent, to 24.5 percent. This was the result of anti-spam laws, and prosecutions that were putting spammers in jail. The United States was still the prime target for spam, because the U.S. had the largest number of affluent PC users that could be scammed. Chinese, however, still got hit with lots of viruses and worms, mainly because few Chinese PCs had any defenses against these nasties.

Chinese governments, long before the communists came along, were willing to do business with criminal gangs. This was a cheap and discreet way of getting dirty work done. These relationships were usually with local governments, but in the case of Cyber War assets, the government showed an interest in hacking clubs and informal organizations of Internet criminals. Because the Chinese government exercise such tight control over the Internet in China, it was believed that the computer criminals had to cooperate, or get nailed. The extent of that cooperation was unknown, but the criminal hackers were a large repository of knowledge and expertise on how to break things on the Internet.

Over the last two decades Chinese Cyber War efforts have been betrayed by increased professionalism. What? In the past, Chinese hacking efforts were typically numerous, and often sloppy. Being able to trace some of the attackers back to Chinese neighborhoods known to contain military or government bureaucracies, made it pretty clear who the intruders probably were. The Chinese denied everything, although they admitted that there were Chinese students who might do that sort of thing, and, of course, there were criminal elements out there as well. But more recently, a lot of the attacks from China have been much better organized, possessing a, shall we say, military precision. These hackers were not trainees, bored students or inept criminals. The latest batch of Chinese hackers are going after American military servers, and are trying to plant Trojan Horse type software that will enable them to return, at will, to grab data from the infected PC, or quickly shut it down. A Trojan Horse can also be used to monitor what goes on in the infected PC, but that requires sending stuff back to China, which makes it more likely that the PC infection will be discovered. Many of the infections are being discovered, although it's a secret how many, and how. The big question was how many of the infections were not detected. The Chinese are also going after American defense contractors, and U.S. government systems in general. Many of these attacks appear to be to collect secret information.

Cyber War begins in peacetime, as you constantly scout enemy networks, trying to get a good idea of how vulnerable they are to infection. When the real war comes, whoever can do the most damage, the quickest, wins. While the rest of the Chinese army may not train a lot, the same cannot be said for the Cyber War troops. They are training hard, and doing it on the networks they would attack in wartime.