The question facing security and technology leaders is no longer whether adversaries will deploy AI agents against their environment. Now, those leaders must ask whether their trust architecture, access models and identity systems are ready for a world where breakout time—the time taken for an attacker to move from initial access to lateral movement through a digital system—has vanished, and machine-speed attackers are the default assumption. Anthropic’s 13 November report marked a significant turning point in cybersecurity. Their investigation into the GTG-1002 campaign—assessed with high confidence as a Chinese state-sponsored operation—confirmed that AI-driven espionage is no longer hypothetical or in development. It is active and already targeting large technology firms, financial institutions, chemical manufacturers and government agencies worldwide. Anthropic describes it as the first documented case of a large-scale cyberattack carried out with minimal human involvement. The finding is important, but it should not come as a surprise.
China’s AI use for cyber espionage shifts cyber focus from detection to trust | The Strategist
