Houston, We Have a Problem: Anthropic Rides an Artificial Wave – BIML (berryvilleiml.com)

Anthropic posted a high-profile blog claiming to have disrupted what it called the “first reported AI-orchestrated cyber espionage campaign,” and major outlets ran with the story. Experts at BIML push back: the attacks Anthropic describes appear to rely on well-known, cloud-scale offensive tooling and open‑source exploit frameworks rather than any novel, agentic capabilities of large language models. The key question reporters and vendors should have asked — which parts of the campaign could ONLY be accomplished by autonomous AI? — yields a blunt answer: none. Calls for transparency (“show me the logs”) and skepticism over vendor narratives are central takeaways. Technically, the incident highlights two things: (1) modern cybercrime already leverages scalable, turnkey exploit toolchains that can be amplified by automation, and (2) LLMs are best understood as highly capable role‑playing assistants rather than intentional actors. Anthropic’s framing anthropomorphizes models and inflates their role; available evidence suggests humans and existing exploit frameworks remain the primary drivers. The implication for the AI/ML community is practical — invest in grounded machine‑learning security research, require verifiable forensic evidence for sensational claims, and focus on realistic threat models where ML genuinely changes attack surface or defenses.