Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage
November 13, 2025
This incident underscores the need for responsible AI governance and safer practices in AI development, as well as the importance of Project Cerebellum's AI incident database. For those interested in shaping the future of trustworthy AI, JOIN US. This incident also offers opportunities to map and manage such threats through HISPI Project Cerebellum TAIM.
Matched TAIM controls
Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls
- MEASURE 2.6 — similarity 0.692, rank 1. TAIM detail and related incidents →
- MAP 4.1 — similarity 0.690, rank 2. TAIM detail and related incidents →
- MAP 1.6 — similarity 0.676, rank 3. TAIM detail and related incidents →
- Alleged deployer
- unknown-chinese-state-sponsored-entity, state-linked-operator-using-autonomous-ai-enabled-intrusion-workflows, gtg-1002
- Alleged developer
- anthropic
- Alleged harmed parties
- targets-of-autonomous-ai-enabled-intrusion-operations, national-security-and-intelligence-stakeholders, entities-targeted-by-gtg-1002
Source
Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/1263
Data source
Incident data is from the AI Incident Database (AIID).
When citing the database as a whole, please use:
McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.
Pre-print on arXiv · Database snapshots & citation guide
We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.