WASHINGTON — U.S. Senators Maggie Hassan (D-NH) and Joni Ernst (R-IA) are urging National Cyber Director Sean Cairncross to take action after Chinese state-sponsored hackers reportedly used artificial intelligence (AI) systems to conduct cyberattacks. Anthropic, a major AI company, recently reported that its Claude Code tool was used to design cyberattacks against major technology companies, financial institutions, and government agencies across several countries. This marks the first known cyberattack executed with minimal human intervention. Senators Hassan and Ernst are pushing National Cyber Director Cairncross to take action to prepare the government to respond to this new type of threat.
“We write regarding a recent report by Anthropic stating that, in September 2025, Chinese state-sponsored hackers successfully directed the company’s AI system to autonomously conduct a sophisticated cyberattack campaign against 30 entities,” Senators Hassan and Ernst wrote to National Cyber Director Sean Cairncross. “Given your office’s role in countering cyberattacks against the U.S. government, we urge you to continue coordinating with Congress and other federal agencies to address this emerging national security threat.”
“The emerging threat to U.S. cybersecurity posed by foreign adversaries deploying autonomous AI systems requires a robust response from your office and other federal agencies… We appreciate your consideration of this issue, and continued work to ensure that the government and people of the United States are protected from cyberattacks,” concluded the Senators.
Click here or see below for the full letter Senators Hassan and Ernst sent:
Dear Director Cairncross,
We write regarding a recent report by Anthropic stating that, in September 2025, Chinese state-sponsored hackers successfully directed the company’s AI system to autonomously conduct a sophisticated cyberattack campaign against 30 entities, including government agencies in multiple countries. According to Anthropic, this was “the first documented case of a cyberattack largely executed without human intervention at scale.” Given your office’s role in countering cyberattacks against the U.S. government, we urge you to continue coordinating with Congress and other federal agencies to address this emerging national security threat.
In September 2025, a well-resourced foreign organization used Claude Code, an advanced agentic AI coding tool from Anthropic, to design cyberattacks against major technology corporations, financial institutions, chemical manufacturing companies, and government agencies across multiple countries. Anthropic’s report on these attacks states “with high confidence” that this foreign organization was “a Chinese state-sponsored group.” In this sophisticated cyber campaign, the Claude AI system executed 80 to 90 percent of the operation without any human involvement and at speeds that are “physically impossible” for human hackers.
Further, these autonomous AI cyberattacks were successful against several targeted entities. In one case, “the threat actor induced Claude to autonomously discover internal services, map complete network topology across multiple IP ranges, and identify high-value systems including databases and workflow orchestration platforms.”
The emerging threat to U.S. cybersecurity posed by foreign adversaries deploying autonomous AI systems requires a robust response from your office and other federal agencies.
Accordingly, we request responses to the following questions by January 9, 2026.
We appreciate your consideration of this issue, and continued work to ensure that the government and people of the United States are protected from cyberattacks.
###