Up next in 10
AI firm Anthropic reports China used its AI to launch worldwide cyberattacks with minimal human involvement, targeting tech companies, financial institutions, and government agencies. #AISecurity #CyberAttack #China #Anthropic #Cybersecurity
Show More Show Less View Video Transcript
0:00
This morning, China is accused of using
0:02
AI to spy on tech companies, financial
0:04
institutions, and government agencies.
0:06
It's all from the AI firm Anthropic,
0:08
which says its own AI software was used
0:10
in the first documented case of a
0:12
worldwide cyber attack with minimal
0:15
human involvement. The AI is doing the
0:17
work. And the only reason we know about
0:18
this is because of anthropic. They chose
0:21
to go public. CBS News contributor Chris
0:23
Krebs is the former head of the federal
0:25
government cyber security agency, and he
0:27
joins us now. Chris, thank you very much
0:29
uh for being here. You texted me about
0:30
this yesterday. You think it's a big
0:32
deal. Uh, tell people what Anthropic is
0:34
and why this is such a big deal.
0:36
Well, look, if you've heard of OpenAI
0:38
and Chat GPT, then you already have a
0:40
good sense of what Anthropic does. Has a
0:42
very popular AI agent known as Claude,
0:45
which was in this case abused, as you
0:48
mentioned, by a Chinese threat actor.
0:49
Claude is a an AI agent. It helps
0:52
organizations with coding, with
0:53
research, with automating certain tasks.
0:56
So what we saw here was as you mentioned
0:59
this Chinese actor that jailbroke that
1:02
overcame the safety guard rails that
1:05
that uh Anthropic had put in place that
1:08
then automated it to go after about 30
1:10
companies globally.
1:11
So is it an isolated incident? Is this a
1:14
one-time thing or a preview of a future
1:16
that's quite dark actually?
1:17
Yeah, I think it's the latter. I think
1:19
that this is a sign of things to come.
1:21
As security experts, we've been talking
1:23
about events and attacks like this for
1:25
close to a decade. And to see it
1:27
actually come into life like this, as I
1:30
sent you the note yesterday, uh it's
1:32
pretty chilling. And there's a lot of
1:34
work we have to do in the near future, I
1:35
think, to to stem the flow.
1:37
So, let's talk about that work. What
1:38
what needs to happen for governments,
1:41
for companies to be prepared to block
1:43
this, to stop it? Well, first I think we
1:45
need to have an an environment in place
1:47
that encourages more organizations like
1:49
Anthropic to share like this. Anthropic
1:52
has a safety first principle that put
1:54
them in a position where they could
1:55
share this information with the public,
1:57
share it with the government, and get as
1:59
much information out there as possible.
2:00
The second thing we need to do is ensure
2:02
that the defenders at potentially target
2:05
organizations that are running security
2:07
organizations have indicators that they
2:10
can pull in and they can look for
2:12
activities to detect and stop attacks.
2:14
And then I think finally we really have
2:16
to make sure that between government and
2:18
industry that there's a safe place to
2:20
come together and talk about these
2:21
events and ensure that we're lifting the
2:23
entire ecosystem. And one place that
2:26
that has a lot of potential uh to invest
2:28
in is the center for AI innovation and
2:31
standards over at the National Institute
2:33
of Standards and Technology. I think
2:34
we've got to go full in because it's
2:36
going to be a long road ahead of us and
2:38
and more bad guys will take advantage.
2:40
Really critical information at an
2:42
important time. Chris Krebs, thank you
2:43
very