Weaponizing AI A new Global Cyber Battlefield Appears

Anthropic PBC, a U.S. artificial intelligence (AI) startup, recently found Chinese State‑sponsored hackers to have manipulated Claude Code, an Anthropic AI orchestration tool, in order to carry out a sophisticated cyber espionage campaign targeting some 30 organizations worldwide.

Investigation found that the situation pointed to an entirely new attack surface that none of the existing security systems was designed to counter. It is believed that this must alter drastically all the existing digital security systems.

When asked why he had robbed banks, William Sutton, a well-known 20th century thief, gave a straightforward answer: ‘Because that's where the money is’. The same logic applies to the AI sphere that is a conglomerate of computing power, data access and automation capability, and economic value. This is what makes the AI segment a coveted target for both criminals and various public and parapublic entities.

The Anthropic case deserves close attention due to what it portends. There is mounting evidence of impostors having learned to bypass AI protective mechanisms using operational manipulation, popularly called hacking, or to run locally placed programs with open-source model code and carefully selected prompts and use them for surveillance.

That capability is developing steadily. Operators improve their user interfaces, integrate runtime environments, merge open source intelligence tools and offer anonymous cloud-based access.

Thus, impostors may inject manipulations and indirect prompts via malicious content on websites, in e-mail messages and files – and then influence responses without compromising the model directly and create steady and clandestine influence channels. Consequently, AI-generated content gets less and less distinguishable from that created by man, which creates a space for even greater manipulation.

How shall we live with all this? The answer may lie not in trying to secure the platforms proper but in implementing metadata systems that track content origin and tag AI-generated materials with their source and history. Future AI security architectures may well be able to implement non-removable watermarks to be applied to all input data generated by a model. Theoretically, such two-sided watermarking will create traceable origin chains that can detect unverified synthetic content injected into the learning pipeline

The practical task of watermarking all input data sources on a large scale seems impossible. The volume of data fed into AI learning pipelines – Web scanning that encompasses billions of documents, images and videos – exceeds the capacity of any centralised watermarking system.

All the above indicates that an era is coming that will require entirely new approaches to cyber security. Instead of regarding AI as a protectable tool, we should probably declare it a disputed area comparable to air, land, sea, outer and cyber space. Artificial intelligence is becoming a battlefield, too.