Trend Micro Warns of AI-Led Cyberattacks as Claude Code Used in Espionage Campaign
Trend Micro reports that cybercriminals are increasingly using autonomous AI tools, including Anthropic's Claude Code, to automate attacks, urging enterprises to adopt agentic AI-driven defenses.
A new report from Trend Micro warns that cybercriminals are rapidly adopting autonomous artificial intelligence tools to scale and automate attacks, with a specific focus on the weaponization of Anthropic's Claude Code in a recent espionage campaign. The report, published on November 14, 2025, highlights a shift in the threat landscape where attackers use AI agents to conduct reconnaissance, develop exploit code, harvest credentials, and exfiltrate data with minimal human intervention.
The report details an AI-orchestrated cyber espionage campaign last September involving a China-aligned group that manipulated Anthropic's Claude Code tool to autonomously target around 30 organizations worldwide, including tech companies, financial institutions, chemical manufacturers, and government agencies. The attackers bypassed AI guardrails through jailbreaking techniques, instructing the AI to carry out a full attack chain. This incident underscores the growing sophistication of AI-powered threats and the need for enhanced safeguards.
Trend Micro's research into underground forums reveals that criminal adoption of generative AI is evolving incrementally. Early use focused on leveraging tools like ChatGPT to assist in coding malware, generating phishing emails, and crafting social engineering campaigns. However, a significant trend is the proliferation of so-called criminal large language models (LLMs), which are often jailbreak-as-a-service frontends that bypass ethical safeguards of commercial LLMs. Notable examples include WormGPT and DarkBERT, which have resurfaced in various forms.
Deepfake technologies represent another area of rapid growth, with criminals offering services to bypass Know Your Customer (KYC) checks at financial institutions, facilitate scams, and perpetrate extortion. These services have become more affordable and accessible, enabling threat actors to target regular citizens. Trend Micro notes that the market is also rife with scams targeting other criminals, reflecting the opportunistic nature of the underground.
Attackers are now moving beyond using AI for code generation or jailbreaking LLMs; they have progressed to actively integrating AI into malware itself. Notable cases such as LameHug's (PROMPTSTEAL) use of HuggingFace-hosted AI to craft info-stealing scripts, and PROMPTFLUX requesting obfuscation techniques from Google's Gemini AI, demonstrate how adversaries are moving past traditional, static malware. Although threat actors may still face challenges like API key revocation and the unpredictability of AI-generated code, the use of AI in cybercrime is poised to increase.
Trend Micro emphasizes that conventional defenses like network segmentation, multi-factor authentication (MFA), and endpoint detection and response (EDR) remain foundational but are increasingly challenged by AI-powered threats. "Vibe-coded" attacks – which use AI-generated malicious code that mimics trusted sources – further complicate attribution and signature-based detection, since AI can craft malware fragments that closely resemble legitimate research or imitate the tactics of other threat actors.
To effectively counter these threats, Trend Micro calls for enterprises to invest in agentic AI-driven security platforms, proactively simulate attack scenarios using digital twin technology, enhance threat intelligence and attribution methods, and promote responsible disclosure practices. The report concludes that as GenAI capabilities continue to advance, organizations must strengthen their defenses against increasingly sophisticated AI-driven threats.