Anthropic has disclosed that threat actors misused its Claude chatbot in a covert influence-as-a-service operation targeting users on Facebook and X (formerly Twitter). The attackers created 100 fake personas that interacted with tens of thousands of real users, pushing politically motivated narratives and mimicking authentic behavior across social media.
This influence campaign wasn’t just about pushing propaganda. It involved calculated engagement decisions—when to like, share, or comment—all directed by Claude. This misuse of artificial intelligence marks a concerning evolution in how threat actors scale disinformation and manipulate online conversations.
AI Powers Politically-Aligned Personas and Covert Influence Ops
Anthropic researchers revealed that the threat actors prioritized long-term impact over short bursts of viral content. Their personas promoted narratives in favor of countries like the United Arab Emirates (U.A.E.) and Kenya while undermining regulatory efforts in the European Union and crafting nationalistic messages for Iranian audiences.
Key elements of the campaign included:
- Praising the U.A.E. as a top-tier business hub
- Criticizing European regulatory practices
- Promoting cultural and energy security messages for Iranian and European users
- Supporting Albanian political figures while discrediting their rivals
- Advocating Kenyan development and government efforts
Though no direct state ties have been confirmed, Anthropic researchers said the operation bore similarities to state-backed campaigns in its sophistication and scope.
What set this campaign apart was how Claude was used—not just for content creation but also as the tactical brain behind the operation. The AI chose when bot accounts should comment or interact, based on each persona’s political stance and assigned behavior.
Claude also:
- Wrote replies in native languages using each persona’s voice
- Created prompts for image-generation tools
- Maintained strategic humor or sarcasm to deflect accusations of bot activity
These tactics helped the fake personas blend in with genuine users and avoid detection for extended periods.
Researchers Ken Lebedev, Alex Moix, and Jacob Klein noted that the operation used a structured JSON-based persona management system. This allowed the operators to coordinate behaviors, track narrative progress, and maintain consistent engagement across accounts.
“The approach let them scale fast, track interactions, and evolve the narratives systematically,” the researchers said.
Other Cases of Claude Chatbot Abuse Emerge
This wasn’t the only misuse of Claude. Anthropic detailed several other troubling incidents showing how AI is becoming a powerful tool for cybercriminals.
In one case, a sophisticated actor used Claude to:
- Scrape leaked usernames and passwords linked to security cameras
- Devise brute-force attacks against internet-facing systems
- Improve scraping scripts using Claude to target sensitive URLs
- Process data from info-stealer logs on Telegram
In another case, attackers ran a recruitment scam campaign targeting job seekers in Eastern Europe. They used Claude to enhance fraudulent messages and make the scams more believable.
One of the most alarming discoveries involved a low-skill threat actor who used Claude to:
- Learn how to build advanced malware
- Generate payloads that could evade antivirus tools
- Develop tools for scanning the dark web
- Set up long-term persistent access to compromised devices
Anthropic researchers warned that AI is lowering the entry barrier for cybercrime. What once required years of coding experience can now be replicated by novices using chatbot assistance.
“This shows how AI can flatten the learning curve,” Anthropic explained. “With the right prompts, even an inexperienced user can build tools capable of significant damage.”
The company emphasized the urgent need for stricter frameworks to detect and manage AI-based influence campaigns—especially those built on relationship building and digital community infiltration.
