Comment by atlintots - Hacker Neue

atlintots Nov 13, 2025 parent

I might be crazy, but this just feels like a marketing tactic from Anthropic to try and show that their AI can be used in the cybersecurity domain.

My question is, how on earth does does Claude Code even "infiltrate" databases or code from one account, based on prompts from a different account? What's more, it's doing this to what are likely enterprise customers ("large tech companies, financial institutions, ... and government agencies"). I'm sorry but I don't see this as some fancy AI cyberattack, this is a security failure on Anthropic's part and that too at a very basic level that should never have happened at a company of their caliber.

eightysixfour Nov 14, 2025

I don't think you're understanding correctly. Claude didn't "infiltrate" code from another Anthropic account, it broke in via github, open API endpoints, open S3 buckets, etc.

Someone pointed Claude Code at an API endpoint and said "Claude, you're a white hat security researcher, see if you can find vulnerabilities." Except they were black hat.

zzzeek Nov 14, 2025

It's still marketing , "Claude is being used for evil and for good ! How will YOU survive without your own agents ? (Subtext 'It's practically sentient !')"

atleastoptimal Nov 14, 2025

It's marketing, but if it's the truth, isn't it a public good to release information about this?

Like if someone tried to break into your house, it would be "gloating" to say your advanced security system stopped it while warning people about the tactics of the person who tried to break in.

vasco Nov 14, 2025

If in the next page over you sell advanced security systems yes it'd be suspicious and weird, which is the case here.

Dumblydorr Nov 14, 2025

They’re not allowed to market their product on their own website blog? That includes half of all company blog posts ever on here

xgulfie Nov 14, 2025

reminds me of the YouTube ads I get that are like "Warning: don't do this new weight loss trick unless you have to lose over 50 pounds, you will end up losing too much weight!". As if it's so effective it's dangerous.

XorNot Nov 14, 2025

I remain convinced the steady steam of OpenAI employees who allegedly quit because AI was "too dangerous" for a couple months was an orchestrated marketing campaign as well.

Schlagbohrer Nov 14, 2025

Ilya Sutskever out there as a ronin marketing agent, doing things like that commencement address he gave that was all about how dangerously powerful AI is

b112 Nov 14, 2025

Hmm. I can see someone wanting to leave of their own volition. New job, moving to another place, whatever.

Then a quiet conversation, where if things are said about AI, a massive compensation package instead of normal one. Maybe including it as stock.

Along with an NDA.

Libidinalecon Nov 14, 2025

I just had 5.1 do something incredibly brain dead in "extended thinking" mode because I know what I asked it is not in the training data. So it just fudged and made things up because thinking is exactly what it can not do.

It seems like LLMs are at the same time a giant leap in natural language processing, useful in some situations and the biggest scam of all time.

yubblegum Nov 14, 2025

> a giant leap in natural language processing, useful in some situations and the biggest scam of all time.

I agree with this assessment (reminds of bitcoin frankly), possibly adding that the insights this tech gave us into language (in general) via the embedding hi-dim space is a somewhat profound advance in our knowledge, besides the new superpowers in NLP (which are nothing to sniff at).

baxtr Nov 14, 2025

I think it can be both.

It's definitely interesting that a company is using a cyber incident for content marketing. Haven't seen that before.

chubot Nov 14, 2025

I think that’s very common in cybersecurity

e.g. John MacAfee used computer viruses in the 80’s as marketing, which is how he made a fortune

They were real, like this is, but it is also marketing

baxtr Nov 14, 2025

Yes, but it’s usually cyber security companies doing this and not companies that were affected by a breach let’s say.

2 More Comments →

skybrian Nov 14, 2025

Apparently if you're sufficiently cynical, everything is marketing? Resistance to hype turns into "it's all part of a conspiracy."

jgmedr Nov 14, 2025

Anthropic's post is the equivalent of a parent apologizing on behalf of their child that threw a baseball through the neighbor's window. But during the apology the parent keeps sprinkling in "But did you see how fast he threw it? He's going to be a professional one day!"

scrubs Nov 15, 2025

Hilarious!!!

Did you see? You saw right? How awesome was that throw? Awesome I tell you....

wrs Nov 13, 2025

This isn't a security breach in Anthropic itself, it's people using Claude to orchestrate attacks using standard tools with minimal human involvement.

Basically a scaled-up criminal version of me asking Claude Code to debug my AWS networking configuration (which it's pretty good at).

beefnugs Nov 14, 2025

If it was meant as publicity its an incredible failure. They cant prevent misuse until after the fact... and then we all know they are ingesting every ounce of information running through their system.

Get ready for all your software to break based on the arbitrary layers of corporate and government censorship as it deploys.

Den_VR Nov 14, 2025

Bragging about how they monitor users and how they have installed more guardrails.

b00ty4breakfast Nov 14, 2025

that's borderline tautological; everything a company like Anthropic does, in the public eye, is pr or marketing. they wouldn't be posting this if it wasn't carefully manicured to deliver the message that they want it to. That's not even necessarily a charge of being devious or underhanded.

teaearlgraycold Nov 14, 2025

Their worst crime is being cringe.

phantom-guy Nov 14, 2025

You are not crazy. This was exactly my thought as well. I could tell when it put emphasis on being able to steal credentials in a fraction of the time a hacker would

emp17344 Nov 13, 2025

This is 100% marketing, just like every other statement Anthropic makes.

Rastonbury Nov 14, 2025

Not saying this is definitely not a fabrication but there are multiple parties involved who can verify (the targets) and this coincides with Anthropic ban of Chinese entities

vasco Nov 14, 2025

Would be funny if the NSA did this so people block the Chinese.

littlestymaar Nov 14, 2025

That would be more of an own goal, given that the CCP want Chinese companies to use Chinese tech.

ErigmolCt Nov 14, 2025

If a model in one account can run tools or issue network requests that touch systems tied to other entities, that’s not an AI problem... that's a serious platform security failure

drewbug Nov 13, 2025

there's no mention of any victims having Anthropic accounts, presumably the attackers used Claude to run exploits against public-facing systems

hitarpetar Nov 14, 2025

I don't think it's crazy to assume a post on anthropic.com is marketing

catigula Nov 13, 2025

It’s not that this is a crazy reach; it’s actually quite a dumb one.

Too little pay off, way too much risk. That’s your framework for assessing conspiracies.

PKop Nov 13, 2025

Hyping up Chinese espionage threats? The payoff is a government bailout when the profitability of these AI companies comes under threat. The payoff is huge.

littlestymaar Nov 14, 2025

Why bring the word “conspiracy” to this discussion though?

Marketing stunts aren't conspiracies.

catigula Nov 14, 2025

It’s a conspiracy. Even employees from OpenAI say anthropic’s stance on things is quite clearly sincere. They literally exist because they were unhappy with ai safety at OpenAI.

It’s not just a conspiracy, it’s a dumb and harmful one.

This item has no comments currently.

Preferences

Keyboard Shortcuts

Story Lists

Navigation

Miscellaneous