intris in: AI cybersecurity attacks

Earlier this October, Anthropic published one of the most important cybersecurity disclosures of the year: a detailed account of a statesponsored threat actor that successfully manipulated Claude Code, their agentic coding assistant, to carry out a multiphase cyber espionage campaign across roughly thirty global organizations. The attackers used Claude Code for reconnaissance, vulnerability validation, credential theft, lateral movement, and even data exfiltration—basically all of the steps needed to hack a software security system.

Anthropic made one thing clear: this was a real, active, AI assisted intrusion affecting companies across technology, finance, chemical manufacturing, and government. They also documented how AI models are increasingly being used to support identity theft, fraud, malware generation, and automated exploitation workflows through multi-step stages.

Although the company clearly disclosed the scale and step-by-step sophistication of the campaign, no specific company victims were publicly named, and there is no verified evidence that any of the affected firms have disclosed themselves. But the message was unmistakable: attackers have already figured out how to co-opt AI agents for high speed, multi-threaded cyberattacks. The threat landscape has fundamentally shifted.

There has always been a fear that AI might one day turn against humanity. But what feels far more urgent (and far less discussed) is the scenario where humans weaponize AI long before AI ever develops any dangerous autonomy of its own.

We spend so much time debating speculative risks of misaligned superintelligence that we have underestimated the simpler, more immediate danger: individuals using AI agents to cause harm, to automate intrusions, or to orchestrate destructive campaigns with little technical skill.

The danger here wasn’t a rogue model; it was a highly capable human attacker using AI as a force multiplier. This shifts the defence conversation completely. It’s no longer enough for enterprises to deploy AI to streamline workflows or increase productivity. They will need AI native defensive systems that can autonomously monitor, interpret, and respond to attacker behavior at the same scale and speed that AI tools now enable. If attackers wield agents to coordinate thousands of micro-actions per second, defenders must have agents capable of reasoning about those actions just as quickly. The next decade of cybersecurity will be defined by how fast enterprises can close the gap.

Anthropic’s report mentions that roughly thirty global organizations were targeted, but does not specify whether they were exclusively enterprise scale or a mix of enterprise and mid-market. Given the industries they mentioned (major tech firms, financial institutions, chemical companies, and government entities) it is likely that most were enterprise class environments. But what matters more is that they were all vulnerable, despite presumably having standard governance, risk, and compliance (GRC) processes in place. And that is where the deeper issue lies.

GRC, in theory, is how an organization governs itself, evaluates risk, ensures security controls are functioning, and stays compliant with regulations. But in practice, much of the GRC workflow is painfully manual and periodic. Internal risk audits, vendor evaluations, access reviews, vulnerability reports, and policy attestations are often done quarterly or annually. Teams update dashboards, fill out spreadsheets, and check boxes to show that controls have been reviewed. All of this creates a slow, backward looking view of risk. This traditional process was designed for a world where attacks happened at human speed.

AI enabled intrusions do not happen at human speed. They happen at machine speed, with agents capable of running dozens of parallel tasks and adjusting tactics autonomously. When an organization’s risk posture is only examined every few months, any active exploit can sit undetected for weeks. Even well resourced teams drown in alert volume, and without constant monitoring or AI based anomaly detection, attackers can move freely. This is likely why the 30+ victims were caught off guard. These enterprise software processes were not faulty, they were simply built for a slower era.

This entire incident also made me wonder about Claude Code itself. Not in a sci-fi way, but in a practical systems-design way. Did the model understand what it was doing? Should AI agents have enough situational awareness to recognize that the task they’re being given is harmful and refuse to execute it? And if so, how far should that autonomy go?

On one hand, giving an AI assistant the ability to think for itself and decline certain instructions could significantly reduce the risk of malicious use. On the other hand, allowing a model to independently decide which tasks to complete introduces its own risks, because now you have a system that not only performs actions but makes judgments about them.

I don’t have a final position on this yet, but it feels like an open question worth debating. As we build more capable agentic systems, do we want them to simply follow instructions, or do we want them to reason morally and procedurally about those instructions? And which version is actually safer?

This raises an important question.

If attackers now have agentic AI tools, which companies are building the defensive stack enterprises will rely on?

Three players stand out. Zania is the newest entrant, positioning itself as an agentic AI platform for governance, risk, and compliance. It raised an $18 million Series A led by NEA with participation from Anthropic’s Anthology Fund and Menlo Ventures. They turn manual, repetitive GRC work into autonomous agents that continuously audit systems, test controls, and reason about risk in real time. Zania is already working with enterprise risk and compliance teams to replace traditional dashboards with a continuous AI teammate that executes full workflows end-to-end.

Tines takes a different approach and is a far more mature platform. After raising a $125 million Series C led by Goldman Sachs in 2025, the company has become one of the most widely used security workflow automation tools in the enterprise. Tines helps security and IT teams automate incident response and operational workflows without code, reducing repetitive work and integrating deeply with existing security stacks.

Dropzone AI focuses directly on security itself. It raised $37 million in a Series B led by Theory Ventures and now serves more than a hundred enterprise customers. Dropzone performs alerts, correlates signals, and accelerates detection timelines. It works to provide continuous, AI-driven threat monitoring.

Okay. So, AI is no longer just a tool we use to work faster or think deeper. It’s being used in all sorts of ways, some more powerful than others.

People are getting very creative and this shows how harmful they can be. Some part of me wishes Anthropic didn’t report this incident so it doesn’t inspire other hackers. But, nonetheless, they are trying to equip people with the knowledge and risk understanding of what’s really out there.

Let’s be techno-optimists and not AI doomers. AI is a tool, and we should try to understand it better to protect ourselves more strongly in preparation for threats like this.

As overwhelming as this revolution feels, it’s also hopeful. It means we are not powerless, but that we can build systems that watch over us in ways that humans alone never could. And this means that defensive cybersecurity companies like Zania, Tines, and Dropzone AI is where the most important innovation will happen next.