It’s no longer a hypothetical: Anthropic has discovered a hacker using its AI chatbot to plan and execute a large-scale data extortion campaign that targeted 17 organizations last month. “This threat actor leveraged Claude’s code execution environment to automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations across government, healthcare, emergency services, and religious institutions,” Anthropic said on Wednesday. A defense contractor was also affected. Although Claude was built with safeguards to prevent such misuse, the hacker bypassed the guardrails by uploading a configuration file to the AI that “included a cover story claiming network security testing under official support contracts while providing detailed attack methodologies and target prioritization frameworks,” Anthropic found. During the campaign, the hacker first used Claude to scan for vulnerable networks at "high success rates" befo...