By Melania Watson
Publication Date: 2025-11-25 01:54:00
According to recent findings, a Chinese state-backed group has deployed an artificial intelligence agent to automate most stages of a cyberattack. The methods used compressed weeks of manual labor into seconds and signaled a fundamental shift in the speed and scope of offensive cyber operations.
Threat of automation
In the attack, dubbed the GTG-1002 campaign, the group exploited known vulnerabilities and orchestrated open-source tools using a Claude-based AI agent. For years, companies have relied on a window of opportunity between the discovery of a vulnerability and its exploitation. This time window has now been reduced to zero, making traditional patch cycles significantly less effective.
During the campaign, the AI agent automated reconnaissance, exploit writing, lateral movement, and exfiltration. These actions, which previously took human attackers days or weeks to complete, were carried out at machine speed, giving companies little opportunity to respond beforehand…
