Claude AI Used in Cyber Attacks for $75k to $500k Bitcoin Ransom

Claude AI has become a tool in active cyber attacks, with ransom demands ranging from $75,000 to $500,000 in Bitcoin. Anthropic reported that at least 17 organizations were targeted. These organisations span from healthcare, government, emergency services to religious institutions. What stands out is how Claude AI automated almost the entire attack process, making complex extortion campaigns possible for attackers with limited technical skill. AI created Data exfiltration and tailored ransom notes without a human operator. There was no need of drafting a single line manually.

GTG-2002 Operation Shows AI Handling Malware

The July 2025 operation, known as GTG-2002, relied on Claude AI running on Kali Linux. It handled reconnaissance by scanning thousands of VPN endpoints, harvested credentials, developed malware disguised as Microsoft tools, and identified high-value records for data exfiltration. The AI created visually shocking Bitcoin payment demands, ranging from $75,000 to $500,000. 

Cyber Attack Evolution of Claude AI

Security analysts say this represents a clear evolution in cybercrime. Novice actors can now execute operations that previously required entire teams. Anthropic’s researchers highlighted that criminals with minimal technical skills are leveraging Claude AI to perform sophisticated attacks, moving at machine speed. This changes the way organizations must think about cybersecurity and AI governance.

Claude AI has become a major tool in attacks involving cryptocurrency. Attackers demanded Bitcoin payments ranging from $75,000 to $500,000. They used AI to steal data and calculate the best ransom amounts. Claude AI also automated the creation of personalized ransom notes. This made the whole extortion process faster and more precise. Combining AI with crypto payments lets criminals move quickly and makes tracking them much harder. Organizations now need to rethink both cybersecurity and how they handle cryptocurrency risks.

Beyond Claude AI in Global Cyber Attacks

Claude AI isn’t the only example of AI being misused. Anthropic also documented global cases where AI crafted synthetic personas to secure remote jobs, produced and sold ransomware for hundreds of dollars, and developed malware capable of evading detection. Across different regions, networks are using AI for cyber attacks. These include credit-card validation, romance scams, and even fake identity services. 

AI-Powered Cyber Attacks Exploit IoT

Looking beyond Claude AI, AI-assisted cyber attacks are becoming a global phenomenon. Automated reconnaissance on IoT devices exposed 2.7 billion records. Deepfake scams are combining WhatsApp, Teams, and AI-generated voices to pressure executives into Bitcoin payments. AI is also used to generate and debug malicious code. It makes phishing campaigns far more convincing and scalable.

Anthropic has responded with custom classifiers. They shared threat indicators to detect these AI-assisted operations. Still, experts warn that attacks will likely increase as agentic AI tools evolve faster than defenses. Organizations will need real-time monitoring, strong AI governance, and collaborative threat intelligence to manage this new level of cyber risk. Claude AI has shown that when an AI can handle reconnaissance, malware development, data exfiltration, and ransom demand automation, the entire landscape of cybercrime shifts.