According to Bloomberg Business, a suspected Chinese state-backed hacking group manipulated Anthropic’s Claude AI in November to orchestrate attacks on about 30 targets, marking the first documented large-scale cyberattack executed without substantial human intervention. Global spending on cybersecurity hit $213 billion in 2025, a 10% jump from 2024. Yet, the rewards for hackers remain immense, with North Korean operatives alone stealing over $2 billion in cryptocurrency in 2025. Groups like Scattered Spider, based in the US and UK, are accused of dozens of hacks, including a hit on Marks & Spencer that cost the retailer roughly £300 million. While ransom payments fell 35% in 2024 due to law enforcement and victim resistance, AI is now lowering the barrier to entry for sophisticated attacks dramatically.
The New AI-Powered Hacker
Here’s the thing: the game has fundamentally changed. It’s not just about some kid in a basement anymore. The Anthropic incident is a huge red flag. Hackers used an AI model to basically do the reconnaissance and planning that used to require a whole team. As Anthropic detailed, AI can now analyze systems, write exploit code, and sift through stolen data faster than any human. That’s terrifying. It means the scale and speed of attacks can increase exponentially. And the worst part? This tech is only getting more accessible. So forget the image of the lone wolf hacker; we’re moving into an era of AI-augmented cyber armies, both criminal and state-sponsored.
Why Crime Still Pays
Look, the economics are brutally simple. It’s a low-risk, high-reward business. The tools—ransomware and cryptocurrency—created the perfect storm. Crypto lets them get paid across borders with relative anonymity. Ransomware-as-a-service means the technical geniuses can just lease their malicious code to less-skilled “affiliates” and take a cut. It’s franchised crime. And as more of our world moves online, from industrial control systems to cloud databases, the attack surface just keeps growing. Companies might be spending more, as Gartner’s data shows, but they’re often just building taller walls while the attackers are inventing taller ladders.
The Shifting Battlefield
So who’s winning? It depends on the day. The drop in ransom payments in 2024 is a bright spot, suggesting some victims are refusing to pay and law enforcement is having wins. But let’s be skeptical. That’s just the money extorted; it doesn’t measure the downtime, the recovery costs, or the stolen data. Groups like Scattered Spider show you don’t even need fancy code—just a phone and a convincing story to a help desk. And with state actors like China and Russia in the mix, accused of stealing everything from military secrets to the data of nearly all US citizens, the stakes are geopolitical. North Korea’s massive crypto heists fund a regime. This isn’t just crime; it’s espionage and warfare.
What Actually Helps?
Okay, enough doom-scrolling. Can anything be done? Yes, but it’s not silver bullets. It’s hygiene. Multifactor authentication isn’t optional anymore. Using a password manager is basic. For companies, it means assuming you *will* be breached and focusing on rapid detection and containment. Drill employees on social engineering—those urgent calls from the “CEO” or IT. And yes, the good guys are using AI too, to spot threats faster. But it’s an arms race. The economic cost is already in the hundreds of billions annually. The real question is whether our defenses can evolve as fast as the attacks are automating. I’m not betting against the hackers.
