A Recent Cyberattack Nearly Ran Itself. Proactive Defenders are Already Preparing for the Next One
In November of 2025, a Chinese state-sponsored hacking group orchestrated a cyberattack against 30 institutions using Claude, Anthropic’s frontier artificial intelligence (AI) model, for 80 to 90 percent of the work. The humans involved in the attack mostly supervised as the AI autonomously cased targets, stole login credentials, tunneled deep into connected systems, and even wrote its own notes so a second team could pick up where it left off.
The question now for corporate leaders is no longer whether their organizations will be targeted by these types of attacks, but whether they will be ready when they are. That preparation requires rethinking security from the ground up, integrating digital threat monitoring and physical infrastructure—personnel, facilities, and crisis response—into a single, continuously managed system.
How We Got Here
Before recent AI breakthroughs, cyberattacks depended on the number of skilled coders an attacker could levy. The manpower and hacking expertise available to malicious actors set ceilings on both the quality and quantity of attacks. These ceilings created a rough parity between offense and defense. Both were resource-intensive and expertise-dependent. Few people had the technical knowledge to either initiate or defend against a sophisticated cyberattack, preserving a rough equilibrium.
When models with some coding capabilities were first introduced a few years ago, the bar of expertise was lowered. But the technology’s limitations restricted how effective such attacks could be. At that point, models struggled with multi-step processes and sustained, context-aware reasoning. In 2025, more capable models, including Claude Code, were introduced, allowing threat actors to effectively vibe-hack with the right prompt, even with little technical coding experience.
Recent developments in technology have led to the proliferation of agentic AI, further lowering the bar for would-be attackers. Agentic models can now orchestrate and execute rather than just assist with clearly defined tasks. An operator can point at a target, and the AI can break down the mission into sub-tasks, farm them to sub-agents, and reassemble a sophisticated attack chain. Agentic models can search the Web, expertly code, and carry out data entry for malicious actions, implementing the very solutions they propose for problems.
Agentic models can now orchestrate and execute rather than just assist with clearly defined tasks.
The human skill involved is directed less towards carrying out the cyberattack and lies more in convincing the AI model to ignore its safety controls, which are intended to limit criminal use of the technology. To jailbreak the model and bypass these controls, operators frame prompts that look innocuous in isolation or tell models that they are involved in security checks and routine penetration testing.
Acceleration Isn’t Slowing Down
As Global Guardian’s 2026 Worldwide Threat Assessment outlines, AI is a force multiplier for cyber threat actors in their attacks on corporations. Vibe hacking lowers the expertise barriers for malicious actors and makes attacks more efficient. Deploying agentic AI requires less time and less effort, freeing bandwidth for more attacks. And attacks are more sophisticated and effective as models receive new training data and feedback from the aggregate behavior of millions of everyday users.
The pace of technological development is accelerating rapidly. While vibe-hacking began in early 2025, Anthropic predicts that by the end of 2025 models could carry out full-scale attacks nearly autonomously. Even more troubling is that the technology is still on the steep part of an exponential curve. Nearly unlimited capital investment and national security competition between the U.S. and China mean that innovation will race ahead unabated.
Anthropic’s newest model, Mythos, previews the near-future cybersecurity risks. Anthropic deemed the model too dangerous for public release because it is so capable of finding and exploiting security flaws. Instead, the company shared access to Mythos with some 40 organizations that provide technologies supporting critical global infrastructure, like financial services or cybersecurity systems. Much like in chess, where computers can now think of moves that no human would conceive, Mythos is able to catch software vulnerabilities and code bugs in the world’s most secure Web infrastructure, owned by national governments and influential organizations, that humans would be unlikely to spot.
For companies wanting to protect their assets, privacy, and competitive advantage, the structural problem is difficult to overcome. Most companies view security as a non-revenue-generating asset. State-backed threat actors, on the other hand, view attacks as their primary mission. Agentic AI compounds that asymmetry, making cyberattacks easier and cheaper, requiring limited expertise. While one malicious operator with the right framework can now do what used to require an entire team of experienced hackers, the defense side hasn’t had the same incentive to scale.
The Threat Doesn’t Stop at the Firewall
Threats posed by cyberattacks are not confined to cyberspace. In the 21st century, security is a delicate balance between the physical and digital realms. Digital systems like building access controls, logistics networks, executive communications, and operational infrastructure have physical correlations. Physical systems like personnel movement, facility access, and supply chain logistics have digital correlations.
A breached access system could lead to an unlocked door. A disgruntled employee with top secret security clearance and access to vital intellectual property can get past the strongest cybersecurity safeguards. A hacked executive’s location data can turn a data breach into a personal security emergency. Each of these scenarios illustrates the same challenge: fragmented security leaves organizations exposed when threats cross physical and digital boundaries.
Building an Integrated Defense
Organizations need infrastructure and talent that integrates physical and cyber security into one continuous security apparatus. The weakest links in most organizations aren’t their firewalls. They’re the unlocked doors, predictable routines, and unfollowed security protocols that make human-dependent systems susceptible to social engineering and exploitation.
Crisis response planning has to account for scenarios where the cyber breach produces a physical emergency, and vice versa. These are not simply IT questions.
At the same time, AI must be adopted defensively. Security teams need to be using the same tools attackers are, including AI-assisted threat detection and vulnerability assessment. Whatever is available to the attacker has to be available to the defender. But keep in mind: AI integrated into your defensive systems also creates new exposure to intrusion if misconfigured or compromised.
It comes down to planning and having the right systems and teams in place. At AI attack speeds, a reactive posture is untenable. Organizations need pre-built contingencies for scenarios they haven’t fully imagined yet, which means engaging partners whose primary job is thinking about those scenarios in advance and building defenses against them.
The arms race in cybersecurity will not end anytime soon. There will always be adversaries whose entire job is getting through your defenses. The question is whether your team and partners are treating security as a primary activity or as a line item. The organizations with the best chance of securing their people, assets, and operations are the ones planning now.
Joe Chafetz is an intelligence analyst at Global Guardian.
© Global Guardian
