SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
chatgpt
'Nightmare Scenario': Watchdog Says AI Cybercrime Shows Vital Need for Regulation
"Countries with lax regulations, like the US, are prime targets for these crimes," said Public Citizen's J.B. Branch.
Aug 28, 2025
The San Francisco-based artificial intelligence startup Anthropic revealed Wednesday that its technology has been "weaponized" by hackers to commit ransomware crimes, prompting a call by a leading consumer advocacy group for Congress to pass "enforceable safeguards" to protect the public.
Anthropic's latest Threat Intelligence Report details "several recent examples" of its artificial intelligence-powered chatbot Claude "being misused, including a large-scale extortion operation using Claude Code, a fraudulent employment scheme from North Korea, and the sale of AI-generated ransomware by a cybercriminal with only basic coding skills."
"The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions," the company said. "Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000."
Anthropic said the perpetrator "used AI to what we believe is an unprecedented degree" for their extortion scheme, which is being described as "vibe hacking"—the malicious use of artificial intelligence to manipulate human emotions and trust in order to carry out sophisticated cyberattacks.
"Claude Code was used to automate reconnaissance, harvesting victims' credentials and penetrating networks," the report notes. "Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands."
"Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines," the company added.
Anthropic continued:
This represents an evolution in AI-assisted cybercrime. Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators. This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real time. We expect attacks like this to become more common as AI-assisted coding reduces the technical expertise required for cybercrime.
Anthropic said it "banned the accounts in question as soon as we discovered this operation" and "also developed a tailored classifier (an automated screening tool), and introduced a new detection method to help us discover activity like this as quickly as possible in the future."
"To help prevent similar abuse elsewhere, we have also shared technical indicators about the attack with relevant authorities," the company added.
Anthropic's revelation followed last year's announcement by OpenAI that it had terminated ChatGPT accounts allegedly used by cybercriminals linked to China, Iran, North Korea, and Russia.
J.B. Branch, Big Tech accountability advocate at the consumer watchdog Public Citizen, said Wednesday in response to Anthropic's announcement: "Every day we face a new nightmare scenario that tech lobbyists told Congress would never happen. One hacker has proven that agentic AI is a viable path to defrauding people of sensitive data worth millions."
"Criminals worldwide now have a playbook to follow—and countries with lax regulations, like the US, are prime targets for these crimes since AI companies are not subject to binding federal standards and rules," Branch added. "With no public protections in place, the next wave of AI-enabled cybercrime is coming, but Congress continues to sit on its hands. Congress must move immediately to put enforceable safeguards in place to protect the American public."
More than 120 congressional bills have been proposed to regulate artificial intelligence. However, not only has the current GOP-controlled Congress has been loath to act, House Republicans recently attempted to sneak a 10-year moratorium on state-level AI regulation into the so-called One Big Beautiful Bill Act.
The Senate subsequently voted 99-1 to remove the measure from the legislation. However, the "AI Action Plan" announced last month by President Donald Trump revived much of the proposal, prompting critics to describe it as a "zombie moratorium."
Meanwhile, tech billionaires including the Winklevoss twins, who founded the Gemini cryptocurrency exchange, are pouring tens of millions of dollars into the Digital Freedom Fund super political action committee, which aims to support right-wing political candidates with pro-crytpo and pro-AI platforms.
"Big Tech learned that throwing money in politics pays off in lax regulations and less oversight," Public Citizen said Thursday. "Money in politics reforms have never been more necessary."
Keep ReadingShow Less
The Intercept and Other Progressive News Sites Sue OpenAI
The media outlets claim the company violated copyright laws.
Feb 28, 2024
The Intercept, Raw Story, and Alternet joined forces on Wednesday to sue OpenAI for using copyrighted content to train its generative artificial intelligence tool ChatGPT.
The law firm Loevy + Loevy is representing the publications, and it has filed the lawsuit in the Southern District of New York. The firm claims OpenAI violated the Digital Millennium Copyright Act (DMCA) by using copyrighted content from news organizations to train ChatGPT.
"Had OpenAI trained ChatGPT using these works as they were published, including author, title, and copyright information, ChatGPT may have learned to respect third-party copyrights, or at least inform ChatGPT users that it was providing responses that were based on the copyrighted works of others. Instead, OpenAI removed that information from its ChatGPT training sets, in violation of the DMCA," the firm said in a statement.
NEWS: @RawStory is suing @OpenAI, creator of #ChatGPT.
“I think it's time for tech companies to be proactive in compensating publishers for their work,” Raw Story CEO @JohnByrnester told @corbinbolies of @TheDailyBeasthttps://t.co/dVX1q1qsvA
— Raw Story (@RawStory) February 28, 2024
OpenAI is facing multiple lawsuits over its use of copyrighted material, including from comedian Sarah Silverman and The New York Times. The Times lawsuit also references violations of the DMCA. OpenAI recently claimed the Times "hacked" ChatGPT to get it to reproduce its copyrighted content.
Publications like the The Associated Press have formed partnerships with OpenAI where they license their work to the company, rather than suing them over the use of copyrighted content. According to the AI-based text analysis company Copyleaks, approximately 60% of the content generated by ChatGPT-3.5 is plagiarized.
OpenAI argues its actions fall under "fair use." In 2016, the U.S. Supreme Court let a lower court ruling stand that said Google had not violated copyright laws by digitizing millions of books, so OpenAI may have a shot at winning with that kind of argument. It remains to be seen if any of the lawsuits against the company will make their way to the Supreme Court.
"Developers like OpenAI have garnered billions in investment and revenue because of AI products fundamentally created with and trained on copyright-protected material," said Loevy + Loevy partner Matt Topic, who represents the news organizations in the suits."The Digital Millennium Copyright Act prohibits the removal of author, title, and copyright notice when there is reason to know it would conceal or facilitate copyright infringement, and unlike traditional copyright infringement claims, it does not require creators to incur the copyright registration fees that often make traditional copyright infringement suits cost prohibitive given the massive scale of OpenAI's infringement."
Keep ReadingShow Less
Now Is the Time to Regulate AI
Although the growing momentum and debate on AI governance is welcomed and urgently needed, the key question for 2024 is whether these discussions will generate concrete commitments and focus on the most important present-day AI risks.
Jan 17, 2024
The year 2023 marked a new era of “AI hype,” rapidly steering policymakers toward discussions on the safety and regulation of new artificial intelligence, or AI, technologies. The feverish year in tech started with the launch of ChatGPT in late 2022 and ended with a landmark agreement on the E.U. AI Act being reached.
While the final text is still being ironed out in technical meetings over the coming weeks, early signs indicate the Western world’s first “AI rulebook” goes someway to protecting people from the harms of AI but still falls short in a number of crucial areas, failing to ensure human rights protections especially for the most marginalized. This came soon after the U.K. Government hosted an inaugural AI Safety Summit in November 2023, where global leaders, key industry players, and select civil society groups gathered to discuss the risks of AI.
Although the growing momentum and debate on AI governance is welcomed and urgently needed, the key question for 2024 is whether these discussions will generate concrete commitments and focus on the most important present-day AI risks, and critically whether it will translate into further substantive action in other jurisdictions.
As we enter 2024, now is the time to not only ensure that AI systems are rights-respecting by design, but also to guarantee that those who are impacted by these technologies are not only meaningfully involved in decision-making on how AI technology should be regulated, but also that their experiences are continually surfaced and are centered within these discussions.
While AI developments do present new opportunities and benefits, we must not ignore the documented dangers posed by AI tools when they are used as a means of societal control, mass surveillance, and discrimination. All too often, AI systems are trained on massive amounts of private and public data—data which reflects societal injustices, often leading to biased outcomes and exacerbating inequalities. From predictive policing tools, to automated systems used in public sector decision-making to determine who can access healthcare and social assistance, to monitoring the movement of migrants and refugees, AI has flagrantly and consistently undermined the human rights of the most marginalized in society. Other forms of AI, such as fraud detection algorithms, have also disproportionately impacted ethnic minorities, who have endured devastating financial problems as Amnesty International has already documented, while facial recognition technology has been used by the police and security forces to target racialized communities and entrench Israel’s system of apartheid.
So, what makes regulation of AI complex and challenging? First, there is the vague nature of the term AI itself, making efforts to regulate this technology more cumbersome. There is no widespread consensus on the definition of AI because the term does not refer to a singular technology and rather encapsulates a myriad technological applications and methods. The use of AI systems in many different domains across the public and private sector, means a large number of varied stakeholders are involved in its development and deployment, meaning such systems are a product of labor, data, software, and financial inputs and any regulation must grapple with upstream and downstream harms. Further, these systems cannot be strictly considered as hardware or software, but rather their impact comes down to the context in which they are developed and implemented and regulation must take this into account.
Alongside the E.U. legislative process, the U.K., U.S., and others, have set out their distinct roadmaps and approach to identifying the key risks AI technologies present, and how they intend to mitigate these. Whilst there are many complexities of these legislative processes, this should not delay any efforts to protect people from the present and future harms of AI, and there are crucial elements that we, at Amnesty, know any proposed regulatory approach must contain. Regulation must be legally binding and center the already documented harms to people subject to these systems. Commitments and principles on the “responsible” development and use of AI—the core of the current pro-innovation regulatory framework being pursued by the U.K.—do not offer an adequate protection against the risks of emerging technology and must be put on statutory footing.
Similarly, any regulation must include broader accountability mechanisms over and above technical evaluations that are being pushed by industry. While these may be a useful string within any regulatory toolkit’s bow, particularly in testing for algorithmic bias, bans and prohibitions cannot be off the table for systems fundamentally incompatible with human rights, no matter how accurate or technically efficacious they purport to be.
Others must learn from the E.U. process and ensure there are not loopholes for public and private sector players to circumvent regulatory obligations, and removing any exemptions for AI used within national security or law enforcement is critical to achieving this. It is also important that where future regulation limits or prohibits the use of certain AI systems in one jurisdiction, no loopholes or regulatory gaps allow the same systems to be exported to other countries where they could be used to harm the human rights of marginalized groups. This remains a glaring gap in the U.K., U.S., and E.U. approaches, as they fail to take into account the global power imbalances of these technologies, especially their impact on communities in the Global Majority whose voices are not represented in these discussions. There have already been documented cases of outsourced workers being exploited in Kenya and Pakistan by companies developing AI tools.
As we enter 2024, now is the time to not only ensure that AI systems are rights-respecting by design, but also to guarantee that those who are impacted by these technologies are not only meaningfully involved in decision-making on how AI technology should be regulated, but also that their experiences are continually surfaced and are centered within these discussions. More than lip service by lawmakers, we need binding regulation that holds companies and other key industry players to account—and ensures that profits do not come at the expense of human rights protections. International, regional, and national governance efforts must complement and catalyze each other, and global discussions must not come at the expense of meaningful national regulation or binding regulatory standards—these are not mutually exclusive. This is the level at which accountability is served—we must learn from past attempts to regulate tech, which means ensuring robust mechanisms are introduced to allow victims of AI-inflicted rights violations to seek justice.
Keep ReadingShow Less
Most Popular