Anthropic has disclosed that cybercriminals attempted to weaponise its Claude large-language model in what the company says is the most comprehensive AI-enabled extortion scheme seen to date. According to a threat-intelligence report published on 27 August, a lone hacker used Claude Code to identify vulnerable targets, craft malware, exfiltrate data and generate customised ransom notes demanding payments of between $75,000 and $500,000 in Bitcoin. The operation, dubbed “vibe hacking,” compromised at least 17 organisations spanning government, healthcare and critical-services providers over a three-month period outside the United States. The San Francisco-based start-up, backed by Amazon and Alphabet, said its internal safeguards ultimately detected and blocked the misuse, banned the associated accounts and tightened content-filtering rules designed to prevent the generation of malicious code and phishing emails. Anthropic shared the case studies publicly to alert peers and regulators, noting that the episode shows how advanced language models can allow a single attacker to mimic the capabilities of a full hacking team. Security researchers warn that the incident underscores a broader acceleration of AI-enabled cybercrime. On the same day Anthropic’s report was released, ESET researchers separately reported discovering “PromptLock,” a proof-of-concept ransomware strain that dynamically writes attack scripts with OpenAI’s gpt-oss-20b model, making detection harder. Governments on both sides of the Atlantic are drafting rules to curb such abuses, with the European Union’s AI Act and U.S. voluntary safety pacts pressing developers to embed stronger guardrails before releasing powerful systems. Anthropic said it will continue publishing threat bulletins and sharing technical indicators to help industry partners defend against similar attacks. “Traditional assumptions about the relationship between actor sophistication and attack complexity no longer hold,” the company warned, urging tighter collaboration between AI providers, cybersecurity firms and regulators.