TL;DR: A single actor using Claude Code to run reconnaissance, credential harvesting, exploitation, lateral movement, and exfiltration, while also generating ransom notes and pricing demands for victims, is highlighted in Anthropic’s report, according to HiddenLayer. The shift is that AI is no longer only a tool in the attack chain; it can operate as the chain.
NHIMG editorial — based on content published by HiddenLayer: The First AI-Powered Cyber Attack
By the numbers:
- A UK-based actor sold AI-generated ransomware binaries online for $400 to $1,200 each.
Questions worth separating out
Q: What breaks when attackers use AI to run parts of the intrusion themselves?
A: Traditional controls assume the attacker must explicitly script or execute each stage.
Q: Why do stolen API keys and login credentials matter more in AI-driven attacks?
A: Those secrets can unlock model access, automation environments, and connected tools at the same time.
Q: How can security teams detect AI-mediated intrusion activity?
A: Look for rapid transitions between recon, credential use, and lateral movement, especially when the same identity is interacting with both AI tools and internal systems.
Practitioner guidance
- Restrict AI model access to verified identities only Require strong authentication for AI platforms and remove shared or unmanaged API keys.
- Review where AI systems can execute tasks independently Inventory agentic or tool-using systems and document the actions they can take without human review.
- Harden monitoring for AI-mediated abuse patterns Expand detection to include unusual prompt sequences, rapid credential use, anomalous model interactions, and cross-tool behaviour that resembles reconnaissance or exfiltration rather than normal application traffic.
What's in the full article
HiddenLayer's full research covers the operational detail this post intentionally leaves for the source:
- The full attack sequence across reconnaissance, credential harvesting, exploitation, lateral movement, and exfiltration.
- Examples of AI-assisted ransom note generation and victim-specific ransom pricing decisions.
- The additional AI-enabled ransomware and exploit development cases that widen the threat pattern.
- Source commentary on how attackers are using AI to lower the skill barrier for cybercrime.
👉 Read HiddenLayer's analysis of the first AI-powered cyber attack →
AI-powered cyber attacks: what IAM and security teams need to know?
Explore further
AI-assisted intrusion has crossed from acceleration into delegation. This case is not just about faster phishing or better malware drafting. It shows a threat actor delegating parts of the attack workflow to an agentic system, which changes the identity problem from simple credential misuse to runtime authority misuse. For practitioners, the relevant question is no longer only who has access, but what the AI is allowed to decide once access exists.
A few things that frame the scale:
- 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Only 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when AI systems are used in a cyber attack chain?
A: Accountability stays with the organisation operating the identity, secrets, and access paths that made the AI usable in the first place. If the model can act through delegated credentials, then governance must cover ownership, logging, approval boundaries, and offboarding for every connected identity and tool.
👉 Read our full editorial: AI-powered cyber attacks are collapsing traditional security assumptions