Testing AI-Orchestrated Attacks in Practice blog.fraktal.fi/testing-a…
In November 2025, Anthropic published a report documenting what they called “the first reported AI-orchestrated cyber espionage campaign”. The attackers had used Claude Code as an autonomous hacking agent, compromising targets with minimal human intervention. According to Anthropic, the AI performed 80–90% of the campaign work, making thousands of requests while humans only intervened at 4–6 critical decision points.
I wanted to see how this would play out in practice. Not with sophisticated tooling or months of preparation, oh no. Just the obvious, lazy approach: have the AI build everything, then tell it to go. Nation-state espionage operation level this isn’t.
The result? 39 minutes of completely autonomous hacking from a standard user shell to Domain Admin. 5 more minutes to own the entire forest.
