Table of Contents
In light of the recent blog by Anthropic on AI cyber espionage campaign, CyberMaxx would like to address a few of the questions we’ve received from our clients and provide our insight around this situation.
Was this situation really crossing the threshold of AI-enabled and highly automated/dynamic attack campaigns? And if so, is there really anything we can do in the short term to alter how we’re defending ourselves?
Anthropic asserts that its AI model Claude (Anthropic AI) was used to launch reconnaissance, attack surface mapping, and attack under the guise of an Operator, at scale, while obtaining the results to determine vulnerabilities [conventional attacks followed]. It was this very approach, mimicking an Operator, that enabled Anthropic to disrupt the activity, where the agent was acting as an Operator, executing a series of tasks, in a non-conventional setting, detected by Anthropic. The AI hallucinations were also helping in diagnosing the event, as there were claims of valid configuration for systems that were not in existence, requiring threat actor validation of all results, delaying full-scale attack by the threat group; ultimately revealing their motives.
When thinking about how we defend, what comes to mind is the proverb, “As iron sharpens iron, so one person sharpens another.” Anthropic’s AI did exhibit characteristics of an Operator, which is novel and attributable to AI. However, its role was one of orchestration more than operations, where it gathered results for human interpretation. This is the epitome of what CyberMaxx refers to as augmented intelligence, and the approach we take with our own AI modeling. Therefore, as AI threat vectors are revealed, kind defenses will be established. We are still playing cat and mouse …albeit at greater speed and potentially scale. However, the same AI tools of attack are being used to defend.
How is CyberMaxx thinking about this, and what are our clients saying?
Our clients are similarly inquiring about how legitimate this approach was in setting a novel form of attack, and whether we, as CyberMaxx are prepared to defend. In the first, we have concluded that there is a degree of uniqueness in the approach, but the attack methods were conventional. The application of User Entity Behavior Analytics (UEBA), applied by CyberMaxx will detect for uniqueness in approach, in advance of detection for the threat.
Closing Comments
This event validates the investments CyberMaxx continues to make in UEBA, where detecting anomalies as an indicator of potential threat becomes the best means of thwarting an attack. Supplemented with a continually evolving detection engine for threat identification, it brings together the best means of defense for our clients.
Within their news release [Disrupting the first reported AI-orchestrated cyber espionage campaign \ Anthropic], Anthropic is overstating the use of AI in this attack as a means of bolstering its product suite, while laying claim to the “…first reported AI-orchestrated cyber espionage campaign”. Where it’s uncontestable, this attack incorporated a unique application of Claude (Anthropic AI), invoking the operations associated with a SOC audit, and by the creation of tasks, mimicking an ‘operator’, it would be inaccurate to present this event as fully autonomous, which the mainstream media has presented as such. Human intervention was very much required for task management, interpretation of results, and further action through conventional means of attack for exploiting vulnerable systems. Anthropic comes close to admitting as much, without diminishing their attempts to emphasize the abilities of their AI systems
Quoting directly from Anthropic
“While we only have visibility into Claude usage, this case study likely reflects consistent patterns of behavior across frontier AI models and demonstrates how threat actors are adapting their operations to exploit today’s most advanced AI capabilities. Rather than merely advising on techniques, the threat actor manipulated Claude to perform actual cyber intrusion operations with minimal human oversight.”