Anthropic Details Misuse of Claude AI in Influence and Fraud Campaigns

Anthropic has released its March 2025 threat report detailing how adversarial actors have misused its Claude AI models in a range of campaigns—from political influence operations to credential stuffing, fraud, and malware development. The report also highlights the company’s response strategies, detection efforts, and key learnings to help the broader AI ecosystem address these growing risks.

A New Frontier in Misuse: AI as an Orchestrator

Among the most significant findings is a professionally coordinated “influence-as-a-service” operation in which Claude was used not only to generate content, but also to orchestrate tactical decisions for over 100 bot accounts on platforms like Twitter/X and Facebook. These bots, equipped with detailed personas and political alignments, engaged with tens of thousands of real users by liking, sharing, or commenting on posts in accordance with client objectives. These operations targeted audiences exclusively outside of the United States, with narratives tailored to varied political objectives. You can read the full report here.

Claude acted as an AI strategist—deciding how, when, and where to engage on social media to promote political narratives, signaling a shift from content generation to campaign coordination.

While none of the content achieved viral status, the operator focused on sustained, long-term engagement aimed at promoting moderate political narratives over time, rather than driving immediate reach or visibility. Though the campaign’s tactics are consistent with those seen in state-sponsored efforts, Anthropic did not confirm any direct attribution.

The multi-platform nature and international scope of the operation mark a troubling evolution in how AI can be weaponized for influence.

Additional Threat Campaigns Detected

Beyond influence operations, the report documents several other misuse cases involving Claude:

Credential Stuffing & Surveillance Access: Anthropic identified and banned a sophisticated actor attempting to use Claude to build tools that could exploit leaked usernames and passwords tied to internet-connected security cameras. The actor aimed to develop capabilities to automate access attempts and forcibly log into these devices—an activity known as credential stuffing, where attackers test large volumes of leaked credentials to gain unauthorized entry.

The operation involved several coordinated techniques:

• Rewriting open source scraping tools to collect leaked credentials from public and private sources more efficiently.

• Generating scripts that target specific websites hosting vulnerable or exposed IoT devices.

• Building systems to scan Telegram channels tied to data-stealing malware (“stealer logs”), extracting fresh breach data for use in attacks.

• Improving backend infrastructure and search tools to streamline the workflow for identifying and testing device access.

While some of these techniques may have legitimate applications—for example, security researchers may use them to identify and report vulnerabilities—Anthropic flagged the actor’s broader pattern of behavior as clearly malicious. The model was being used to support unauthorized surveillance activities.

The goal was not just to find credentials, but to actively use them to compromise and control real-world security cameras—raising serious concerns about digital privacy and physical safety.

No evidence confirms that the actor successfully deployed these capabilities in the wild, but the potential consequences include invasion of privacy, unauthorized surveillance, and network breaches through compromised IoT devices.

Recruitment Fraud in Eastern Europe: Anthropic detected and banned an actor using Claude to enhance the believability of recruitment scams targeting job seekers, primarily in Eastern European countries. These scams impersonated legitimate companies and hiring managers, attempting to collect sensitive personal information under the guise of job applications.

What made this campaign notable was the use of Claude for real-time language sanitization. Operators submitted rough, poorly written English messages—often translated from non-native speakers—and prompted Claude to rewrite them as if composed by a fluent professional. This polishing made the messages appear far more credible and professional.

Additional tactics included:

• Generating persuasive recruitment narratives that mimicked real job postings and onboarding communications.

• Creating fake interview questions and email templates to enhance the illusion of legitimacy.

• Formatting messages to include realistic signatures, branding, and structure commonly found in corporate correspondence.

• By laundering broken English through AI, the actors reduced linguistic red flags that users and filters might otherwise catch—making the scam significantly harder to detect.

Although Anthropic did not confirm that the campaign resulted in successful fraud, the use of AI to amplify low-effort scams into polished, believable operations signals a concerning trend for phishing and impersonation attacks globally.

Novice Actor Building Malware: In another case, Anthropic banned an individual with minimal technical expertise who used Claude to develop advanced malware tools that would normally require substantial coding knowledge. The actor began with basic off-the-shelf scripts but quickly escalated to building custom malware frameworks—guided heavily by AI.

With Claude’s help, the actor evolved from creating simple batch files to developing:

• A graphical user interface (GUI)-based malware builder, capable of generating undetectable payloads tailored to specific system targets.

• Tools for facial recognition, dark web scanning, and doxing, expanding their reach and the potential impact of their operations.

• Code designed for persistent access and evasion, including anti-virus bypassing and obfuscation techniques.

The case illustrates how generative AI can flatten the cybercrime learning curve, enabling low-skilled individuals to operate like advanced threat actors.

While no confirmed deployments of the malware were reported, the rapid development and growing sophistication of these tools underscore the risk that AI could democratize access to dangerous capabilities, accelerating the path from curiosity to active threat.

Detection, Bans, and Safety Tools

Anthropic states that it banned the accounts associated with all identified misuse. Detection relied on a combination of:

• Clio and hierarchical summarization: Research-backed tools to analyze large-scale conversations and identify harmful behavior.

• Classifiers: Systems that evaluate prompts and model outputs for safety violations.

• Intelligence monitoring: To catch misuse beyond scaled detection systems.

Anthropic emphasizes that as its AI systems grow more powerful, so too must its commitment to safety. Each detected case of misuse feeds into stronger safeguards, with ongoing innovation in detection methods and active collaboration with the broader security community aimed at reinforcing collective defenses across the AI ecosystem.

What This Means

This report reveals a critical reality of frontier AI models: their increasing power can be leveraged not only for innovation, but also for increasingly complex and covert forms of digital manipulation and crime. The use of Claude to automate influence operations and enable low-skill actors to execute sophisticated attacks signals a growing need for robust, adaptive safeguards—and cross-industry collaboration.

Perhaps most significantly, we may be witnessing the emergence of agentic misuse, where AI isn’t just generating content but making decisions, coordinating actions, and adapting strategies in real time. As we move into the age of AI agents—systems that can act autonomously across tools and platforms—we should expect attacks to become more strategic, persistent, and difficult to detect.

As AI systems grow more capable, the question is no longer if they’ll be misused—but how fast we can detect and stop it.

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing, image, and idea-generation support from ChatGPT, an AI assistant. However, the final perspective and editorial choices are solely Alicia Shapiro’s. Special thanks to ChatGPT for assistance with research and editorial support in crafting this article.