Anthropic's AI Threat Report: Real Attacks, Simulated Competence & The Future of Defense
AI Security Podcast23 Okt 2025

Anthropic's AI Threat Report: Real Attacks, Simulated Competence & The Future of Defense

Anthropic's August 2025 AI Threat Intelligence report is out, and it paints a fascinating picture of how attackers are really using large language models like Claude Code. In this episode, Ashish Rajan and Caleb Sima dive deep into the 10 case studies, revealing a landscape where AI isn't necessarily creating brand new attack vectors, but is dramatically lowering the bar and professionalizing existing ones.

The discussion covers shocking examples, from "biohacking" attacks using AI for sophisticated extortion strategies , to North Korean IT workers completely dependent on AI, simulating technical competence to successfully gain and maintain employment at Fortune 500 companies . We also explore how AI enables the rapid development of ransomware-as-a-service and malware with advanced evasion, even by actors lacking deep technical skills .

This episode is essential for anyone wanting to understand the practical realities of AI threats today, the gaps in defense, and why the volume might still be low but the potential impact is significant.


Questions asked:

(00:00) Introduction: Anthropic's AI Threat Report(02:20) Case Study 1: Biohacking & AI-Powered Extortion Strategy(08:15) Case Study 2: North Korean IT Workers Simulating Competence with AI(12:45) The Identity Verification Problem & Potential Solutions(16:20) Case Study 3: AI-Developed Ransomware-as-a-Service (RaaS)(17:35) How AI Lowers the Bar for Malware Creation(20:25) The Gray Area: AI Safety vs. Legitimate Security Research(25:10) Why Defense & Enterprise Adoption of AI Security is Lagging(30:20) Case Studies 4-10 Overview (Fraud, Scams, Malware Distribution, Credential Harvesting)(35:50) Multi-Lingual Attacks: Language No Longer a Barrier(36:45) Case Study: Russian Actor's Rapid Malware Deployment via AI(43:10) Key Takeaways: Early Days, But Professionalizing Existing Threats(45:20) Takeaway 2: The Need for Enterprises to Leverage AI Defensively(50:45) The Gap: Security for AI vs. AI for Security


Resources discussed during the interview:

Anthropic - Threat Intelligence Report August 2025

Episoder(51)

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

Is an AI agent's identity a workload or an action? Ashish spoke to Elie Bursztein, Distinguished Research Scientist and co-author of Google SAIF (Secure AI Framework) about how it is neither and that ...

29 Apr 47min

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and C...

22 Apr 46min

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

In this episode, Ashish and Caleb discuss the internet-breaking preview of Project Mythos, an unreleased AI model from Anthropic that has shown an unprecedented, terrifying ability to reason through c...

18 Apr 1h 3min

Are AI Security Startups Faking It? How to Separate Signal from Noise

Are AI Security Startups Faking It? How to Separate Signal from Noise

With over 70 startups claiming to have built the perfect "AI SOC Analyst" or "AI Threat Hunter," how do you separate the real products from the vaporware? Recorded live at Decibel RSAC Founder Festiva...

15 Apr 47min

How Lovable Manages 100+ Daily Changes, Vibe Coding & Shadow AI

How Lovable Manages 100+ Daily Changes, Vibe Coding & Shadow AI

What does it actually look like to run security inside one of Europe's fastest-growing AI companies? In this episode, recorded live at the Munich Cybersecurity Conference (MCSC), Ashish Rajan sat down...

2 Apr 57min

Questions Every CISO Must Ask AI Security Vendors

Questions Every CISO Must Ask AI Security Vendors

RSA Conference 2026 is here and the AI agent hype machine is louder than ever. In this episode, Ashish and Caleb cut through the noise and arm CISOs, practitioners, and security teams with a clear-eye...

18 Mar 50min

Will Foundation Models Kill Security Startups?

Will Foundation Models Kill Security Startups?

Did Anthropic just kill the AppSec industry? Following the announcement of Claude Code Security, a tool that finds, reasons about, and fixes code vulnerabilities, major security stocks dropped by 8% ....

5 Mar 59min

How to Build Your Own AI Chief of Staff with Claude Code

How to Build Your Own AI Chief of Staff with Claude Code

What if you could automate your entire work life with a personal AI Chief of Staff? In this episode, Caleb Sima reveals "Pepper," his custom-built AI agent to Ashish that manages emails, schedules mee...

11 Feb 47min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
tomprat-med-gunnar-tjomlid
teknisk-sett
shifter
energi-og-klima
elektropodden
fornybaren
rss-impressions-2
nasjonal-sikkerhetsmyndighet-nsm
hans-petter-og-co
rss-alt-som-gar-pa-strom
smart-forklart
teknologi-og-mennesker
kunstig-intelligens-med-morten-goodwin
rss-ai-forklart
rss-bouvet-bobler
rss-ki-praten
rss-fish-ships
rss-brukbart