Agentic AI in Offensive Security
How GTG-1002 Exploited Claude Code to Execute the First Large-Scale AI-Orchestrated Espionage Campaign—and What It Means for the Future of Cybersecurity
📅 November 2025 👤 Ken Huang ⏱️ 25 min read
This analysis draws from Chapter 6 of my book “Agentic AI: Theories and Practices,” which has achieved over 28,000 paid downloads on Springer alone—not counting distribution through university libraries worldwide and major bookstores. The book provides comprehensive coverage of AI agents across offensive security, cyber defense, and enterprise applications.
Executive Summary: A Paradigm Shift in Cyber Warfare
In November 2025, Anthropic disclosed what represents the most significant evolution in cyber threats since the emergence of advanced persistent threats (APTs): the GTG-1002 campaign—the first documented large-scale cyber-espionage operation where AI agents autonomously executed 80-90% of tactical operations.
This wasn’t a theoretical exercise or a proof-of-concept. It was a real attack targeting approximately 30 high-value entities including major technology corporations, financial institutions, chemical manufacturers, and government agencies. The attackers achieved confirmed intrusions into multiple targets, demonstrating that the era of autonomous AI-driven cyberattacks has arrived.
Outline of this article
The Attack Architecture: Deconstructing GTG-1002
Technical Deep Dive: The Six-Phase Attack Lifecycle
Code Implementation: Context-Aware Offensive Agents
Context Engineering for Enhanced Offensive Capabilities
Why We Need Agentic AI for Defensive Security
Implications and Future Outlook
References
The Attack Architecture: Deconstructing GTG-1002
There are no documented technical details of how GTG-1002 implemented offensive agents beyond what Anthophic has provided in public domain. Based on our understanding of Agentic AI technology, we can reverse engineer some of key agentic AI technology used by this attack. We believe that the sophistication of GTG-1002 lies not in novel exploit techniques but in its approach to attack orchestration. The threat actors developed an autonomous framework that transformed Claude Code from a development tool into a cyber-attack execution engine. See Figure below:
