Anthropic just released a report on a sophisticated Claude Code and MCP based hacking ring. Based on their estimates humans provided less than 10% of the decision making for the operation. The hack involved multiple requests per second to Anthropic APIs across dozens of ‘agents’. The attackers managed to infiltrate several technology firms and exfiltrated credentials.
If you’ve ever run a website on the open internet you have likely seen server logs of automated exploit programs. Hackers run bots which automatically attempt dozens of well known attacks against every server on the internet. These scripts attempt everything from sql injection to server stack specific vulnerabilities. If you aren’t keeping up with updates eventually they will get you.
But these scripts were just scripts. A human found a vulnerability manually then added code to the script. Autonomous cyberattacks have historically attempted the same old hacks against every server. AI changes the game here. Now hackers can apply multiple ‘agents’ towards each site. These agents can dig through the code and analyze it for vulnerabilities.
Recently Tata Motors was found to have a major AWS credentials exposed on publicly accessible web content.
This is the kind of thing Claude Code can figure out today. Smart hyper scale hacking attacks are only going to escalate. There are already open weight models out there. The major Chinese labs will allow Chinese state sponsor hacking rings to user their AI for this purpose.
What does this mean for cybersecurity?
The bar just rose. Shitty cybersecurity isn’t going to cut it anymore. Vulnerabilities will be exploited within days of new code being shipped. You will be pwned instantly. Your vibe code will be vibe hacked just as fast as you can deploy changes.