Australia’s cyber risk landscape is shifting rapidly, with a newly disclosed AI-enabled espionage campaign linked to China highlighting how quickly offensive capabilities are advancing – and how unprepared many organisations remain to counter them.
US-based AI developer Anthropic has just revealed that it disrupted what it believes is the first publicly documented case of a largely autonomous cyber operation driven by artificial intelligence. According to the company, a Chinese state-backed group, identified as GTG-1002, used its Claude Code system to conduct reconnaissance, probe for vulnerabilities, harvest credentials and extract sensitive data with minimal human involvement.
Detected in mid-September, the campaign targeted around 30 organisations worldwide, including government agencies, technology firms, financial institutions and chemical manufacturers. While only a handful of attempts resulted in confirmed intrusions, the operation represents a clear escalation in the use of AI for offensive cyber activity. Anthropic’s investigation found that its model performed an estimated 80 to 90 per cent of tactical actions autonomously.
The operators relied on role-play techniques and carefully crafted prompts to convince the AI system it was participating in legitimate defensive testing. Once active, Claude Code mapped networks, generated custom exploit payloads, moved laterally within systems and compiled detailed operational documentation, including summaries of data extracted for intelligence value.
Despite this sophistication, the AI frequently produced false positives and fabricated credentials that required human verification. Even so, the speed of activity – thousands of automated actions per second – demonstrated an operational tempo far beyond human capability.
China’s embassy in Washington rejected the characterisation of the incident in public statements, saying the country opposes all forms of cyberattacks and criticising what it described as unsubstantiated allegations.
The disclosure comes as Australian insurers and their clients confront expanding cyber exposures, increasing claims severity and a sharp rise in ransomware incidents.
Aon’s latest Global Risk Management Survey places cyberattacks and data breaches at the top of Australian business concerns, ahead of regulatory change and economic uncertainty. WatchGuard Technologies recorded more than 5,000 malware events across Australia in August alone, while Sophos found that 78 per cent of local cybersecurity teams are experiencing burnout amid relentless threat volumes and increasing regulatory expectations.
Ransomware activity continues to accelerate. Research from Opentext Cybersecurity shows that 40 per cent of Australian organisations faced at least one ransomware attack in the past year, with one in three choosing to pay. In many cases, ransom amounts exceeded US$250,000, and full restoration of data remained elusive.
Across Australia and New Zealand, Arctic Wolf found that 85 per cent of organisations suffered at least one cyber incident, significantly above the global average. Local organisations were also more likely to pay ransoms, despite using negotiators who rarely obtained meaningful concessions.
Generative AI is now widely used across Australian workplaces, yet governance frameworks remain inconsistent. According to Opentext, 86 per cent of companies permit generative AI use, but only about half have formal policies. Many organisations reported increases in phishing attempts, deepfake impersonations and AI-enabled fraud.
Consumer Protection WA has warned that stolen personal information is fuelling increasingly tailored scam campaigns. Losses from hacking scams in Western Australia have exceeded $1.1 million this year. Data breaches continue to affect large numbers of Australians, with the Office of the Australian Information Commissioner reporting that healthcare and financial services remain among the most affected sectors.
For Australia’s insurance sector, Anthropic’s findings offer an early indication of how cyber risk may evolve as AI capabilities mature. Autonomous attack systems can compress intrusion timelines, increase the scale of breaches and overwhelm defensive tools, all of which have implications for underwriting, claims management and portfolio exposure.
Anthropic has warned that the same features enabling misuse also make AI essential for defenders. The company is urging organisations to adopt AI-enabled threat detection, security operations automation and structured vulnerability management to counter the next generation of attacks.
As boards elevate cyber readiness to a top-three risk priority, investment is shifting toward cloud security, user training and network protection. Yet industry specialists caution that technology alone will not contain the rise in autonomous and semi-autonomous attacks.
For insurers, the evolving threat environment is likely to require:
• Refinement of underwriting models to reflect AI-accelerated attack patterns
• Support for clients in developing AI governance frameworks and incident response plans
• Improved internal cyber resilience, given the increasing likelihood of targeted attacks on the insurance sector
• Closer scrutiny of software vendors and supply-chain partners, as a significant share of ransomware incidents originates from third-party systems
The emergence of autonomous cyber operations marks a turning point. While the GTG-1002 campaign was intercepted, the techniques it demonstrated are expected to proliferate quickly. Australian insurers will need to adapt rapidly – and help clients do the same – before the next wave of AI-driven threats arrives.
