Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Anthropic Details AI-Powered Ransomware Program Built By Novices and Sold as a Service
AI and Copilots

Anthropic Details AI-Powered Ransomware Program Built By Novices and Sold as a Service

Tom SmithBy Tom SmithSeptember 9, 20253 Mins Read
Facebook Twitter LinkedIn Email
Share
Facebook Twitter LinkedIn Email

In part one of this special report on AI security, I detailed findings from Anthropic research that summarized many ways attackers are exploiting AI to make it easier to create, launch, and scale attacks, while those attackers are also using AI to accelerate stolen data analysis, false identity creation, and more.

In this second installment, I’m sharing details on one operation’s use of Anthropic Claude to develop and market malware under a ransomware-as-a-service (RaaS) model. In the research and disclosure of details, Anthropic security researchers emphasized that the operation has capitalized on AI to remove traditional technical barriers — and skills for malware development.

That’s a scary prospect for countless companies that represent potential ransomware targets, so it’s important to review closely the details provided by Anthropic, which in this case can serve as a proxy for any software developer that finds its products being misused for financial or other gains.  

Details on this and other attacks were recently published by Anthropic with the goal of helping the AI “supply chain” harden its defenses against these attackers.

Malware Built Without Coding Expertise

Anthropic’s analysis of the malware/ransomware effort opens with a stark acknowledgment: “The most striking factor is the actor’s seemingly complete dependency on AI to develop functional malware” since the operator “does not appear capable of implementing encryption algorithms, anti-analysis techniques, or Windows internal manipulation without Claude’s assistance.”

Technical ineptitude notwithstanding, the group is marketing ransomware packages that include:

  • Core encryption capabilities including a file encryption system, key management, and target selection that details fixed drives and network shares with prioritization of user directories
  • Anti-analysis and invasion techniques including bypass of API hooking (used to intercept or modify API behavior), obfuscation of suspicious API names, and anti-debugging techniques designed to detect and evade analysis
  • Performance and reliability features including multi-threading, dynamic resource management, and error handling
  • Delivery and persistence features including the ability to load malware into legitimate processes and a modular architecture that lets components function independently or on an integrated basis.
  • Anti-recovery features including shadow copy deletion and targeting of mapped network resources — beyond local drives
  • Infrastructure including a decryption utility for ransom payment verification and RSA key generation

Above and beyond the “democratization” of cybercriminal commercial work due to lowered barriers to entry, Antrhopic noted that detection and attribution of malware is more challenging because code that’s been developed reflects AI patterns and outputs, rather than human patterns.

Anthropic also raises alarms that the RaaS model increases the potential for significant financial and operational impacts across industries and could portend an “unprecedented expansion of ransomware operations.”

AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.

Commercialization and Anthropic’s Response

Anthropic notes that the malware “developer” operates through a .onion domain (providing anonymity for operators and users) with a an encrypted, highly secure ProtonMail address. The operator actively markets across multiple forums with video demonstrations and claims that its products are for education and research; it simultaneously advertises on criminal forums. The ransomware packages are being marketed for $400 to $1,200.

Researchers said Antrhopic has responded to the ransomware operation by banning the associated account, while also implementing new methods to detect malware uploads, modification, and generation on Claude.

At least as important, the company publication of this and several other misuses of its AI assistant further the AI industry’s knowledge and understanding of attack methods and tools being exploited. In so doing, Anthropic has added an important resource for vendors, partners, and customers to understand the evolving threat landscape in the AI Era and taken a step to help them fortify their defenses proactively.


Ask Cloud Wars AI Agent about this analysis

 

Interested in Anthropic?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

agent ai Cyber Attack Cyber Security featured governance security
Share. Facebook Twitter LinkedIn Email
Analystuser

Tom Smith

Editor in Chief, analyst, Cloud Wars

Areas of Expertise
  • AI/ML
  • Business Apps
  • Cloud
  • Digital Business

Tom Smith analyzes AI, copilots, cloud companies, and tech innovations for Cloud Wars. He has worked as an analyst tracking technology and tech companies for more than 20 years.

  Contact Tom Smith ...

Related Posts

Marc Benioff, Citing Bible, Says Death of SaaS ‘So Much Nonsense’

September 9, 2025

Benioff Gets Biblical on Death of SaaS, Separate Wheat/Chaff

September 9, 2025

Benioff vs. McDermott: Agentic AI Disruption at Heart of Salesforce-ServiceNow Battle

September 8, 2025

Anthropic Research Lays Out Concrete Ways AI Is Being Exploited to Drive Security Attacks

September 8, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Marc Benioff, Citing Bible, Says Death of SaaS ‘So Much Nonsense’
  • Anthropic Details AI-Powered Ransomware Program Built By Novices and Sold as a Service
  • Benioff Gets Biblical on Death of SaaS, Separate Wheat/Chaff
  • Benioff vs. McDermott: Agentic AI Disruption at Heart of Salesforce-ServiceNow Battle
  • Anthropic Research Lays Out Concrete Ways AI Is Being Exploited to Drive Security Attacks

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks and Reports

The Agentic Enterprise: How Microsoft and Industry Leaders Are Redefining Work Through AI

September 2, 2025

SAP Business Network: A B2B Trading Partner Platform for Resilient Supply Chains

July 10, 2025

Using Agents and Copilots In M365 Modern Work

March 11, 2025

AI Data Readiness and Modernization: Tech and Organizational Strategies to Optimize Data For AI Use Cases

February 21, 2025

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }