Anthropic’s paper smells like bullshit

Who Should Read

Security professionals, threat intelligence analysts, and AI safety researchers tracking LLM misuse by nation-state actors.

Core Mechanics

• Anthropic published a report identifying Claude being used by a Chinese APT group for cyber operations
• The HN discussion centers on whether Anthropic's IoC disclosure is actionable or performative
• Core debate: sharing C2 domains and TTPs helps defenders, but nation-states rotate infrastructure quickly rendering IoCs stale
• Anthropic's detection and termination of the accounts is seen positively; transparency about the incident is praised
• Broader concern: LLMs lower the barrier for sophisticated cyberattacks by automating reconnaissance and exploitation steps

Evidence

• Anthropic's official threat intelligence report (primary source)
• HN community discussion with contributions from security professionals
• References to known Chinese APT TTPs (MITRE ATT&CK framework)

How to Apply

• If you operate an LLM API, implement usage monitoring for patterns consistent with reconnaissance (bulk domain lookups, vulnerability enumeration, exploit code generation).
• Treat AI-assisted cyberattack tooling as a real and present threat — not a hypothetical — and update your threat model accordingly.
• Publish IoC disclosures when you detect nation-state abuse; even imperfect disclosures build collective defense.

Terminology

Related Resources

• https://djnn.sh/posts/anthropic-s-paper-smells-like-bullshit/
• https://arxiv.org/abs/2510.09023