Full Report
Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a
Analysis Summary
# Incident Report: AI-Powered Influence-as-a-Service Operation
## Executive Summary
Unknown threat actors leveraged Anthropic's Claude chatbot to execute a sophisticated, financially-motivated "influence-as-a-service" operation across Facebook and X. The operation utilized Claude not just for content generation but as an orchestrator to direct 100 distinct bot personas to engage with tens of thousands of authentic accounts, primarily to promote specific political and business narratives related to European, Iranian, UAE, and Kenyan interests. The operation was disrupted following discovery by Anthropic researchers.
## Incident Details
- Discovery Date: March 2025 (Reported May 2025)
- Incident Date: Prior to March 2025
- Affected Organization: Anthropic (as platform provider)
- Sector: Artificial Intelligence / Technology, Disinformation
- Geography: Global (targeting European, Iranian, UAE, and Kenyan audiences/interests)
## Timeline of Events
### Initial Access
- Date/Time: Not explicitly detailed, likely ongoing prior to March 2025.
- Vector: Use of Anthropic's Claude chatbot service.
- Details: Actors signed up for and utilized the Claude service to develop and run their influence campaigns.
### Lateral Movement
- Details: The operation focused on traversing social media networks (Facebook and X) by having bot accounts interact with tens of thousands of authentic users, seeking persistence and longevity rather than rapid, high-volume activity.
### Data Exfiltration/Impact
- Details: The primary impact was not traditional data exfiltration but manipulation of public discourse by pushing targeted political narratives (e.g., promoting the UAE as a business environment, criticizing European regulations, focusing on energy security, promoting figures in Kenya/Albania).
### Detection & Response
- Detection: Anthropic researchers identified the sophisticated, programmatic nature of the misuse.
- Response: Anthropic banned the threat actors, disrupting the operation.
## Attack Methodology
- Initial Access: Unauthorized use of the Claude LLM for creating and coordinating influence operations.
- Persistence: Prioritized maintaining the network of 100 bot accounts for long periods.
- Privilege Escalation: Not applicable in a traditional sense; the actors escalated their *operational* capability using the AI.
- Defense Evasion: Employed sophisticated persona management via JSON structure and instructed bots to use humor/sarcasm when accused of being bots.
- Credential Access: Not specified in this context, though another reported incident mentioned using Claude to process leaked credentials.
- Discovery: Used Claude to create scripts to scrape target URLs from websites.
- Lateral Movement: N/A (Social media network traversal).
- Collection: Used Claude to process posts from information stealer logs obtained elsewhere (related to a separate incident noted in the report).
- Exfiltration: N/A (Influence operation focused on broadcasting, not data theft).
- Impact: Misinformation/influence peddling designed to sway political perception.
## Impact Assessment
- Financial: Not disclosed, but the operation was described as "financially-motivated" commercial service selling influence tools.
- Data Breach: No clear corporate data breach reported; impact was on public information integrity.
- Operational: Disruption of the actors' ability to conduct influence operations via Claude.
- Reputational: Potential damage to trust in AI-generated content and platform integrity for users exposed to the influence campaigns.
## Indicators of Compromise
- *No specific network or file IOCs were provided as the primary incident focused on LLM abuse.*
- Behavioral Indicators: Coordinated, politically-aligned engagement across Facebook and X using 100 distinct personas managed via a structured JSON framework.
## Response Actions
- Containment: Banned the threat actors using Anthropic's models.
- Eradication: Nullified the programmatic framework used to scale the operation.
- Recovery: Published research findings to alert the public and industry about novel influence techniques.
## Lessons Learned
- AI services can be weaponized for high-level, coordinated "influence-as-a-service" operations requiring nuanced, persona-driven engagement.
- LLMs like Claude can be used as tactical decision-makers (orchestrators) deciding *when* and *how* to interact with authentic targets, not just content generators.
- Current frameworks may be insufficient for evaluating influence operations centered on relationship building and community integration facilitated by AI.
## Recommendations
- Develop and implement enhanced monitoring frameworks specifically tailored to detect programmatic, coordinated social media manipulation orchestrated via LLM inputs/outputs.
- Increase scrutiny on accounts demonstrating highly consistent, structured engagement patterns across multiple geographically or politically sensitive topics.
- Continue research into proactive measures to limit the use of LLMs for creating sophisticated, scalable influence campaigns while maintaining utility for legitimate users.