Cyber Security
Google & Anthropic's AI Beat Hackers As UK’s Safety Act Raises Privacy Alarms
Updated on Fri, Aug 8, 2025
Share
In the world of cybersecurity, human hackers have always been the main contenders, but that’s starting to change. Over the past year, Anthropic’s large language model (LLM), Claude, has quietly been beating most human rivals in hacking contests.
Keane Lucas from Anthropic’s red team first tested Claude in Carnegie Mellon’s PicoCTF competition “on a whim,” simply pasting challenges into the AI model. Claude quickly solved most of them and ranked in the top 3%.
Claude’s performance kept improving. In one contest, it cracked 11 out of 20 difficult challenges within 10 minutes, eventually climbing to fourth place. Lucas admits he missed the start time by a few minutes, which might have cost Claude a win.
While Claude struggles with unexpected or unconventional tasks, its overall pace and success have surprised cybersecurity experts.
Anthropic’s Logan Graham warns that the cybersecurity community may be underestimating how quickly AI is advancing in offensive security. He adds, “You need to start getting models to do the defenses, as well.”
This rise in AI-driven hacking prowess comes at a time when Big Tech major Google is grappling with sophisticated cyber-attacks, showing how quickly threats are evolving.
Back in June, Google revealed that a threat actor they call 'UNC6040' used voice phishing tactics to breach one of their Salesforce instances and steal customer data. The stolen information mainly included contact details and notes related to small and medium businesses.
Now, Google has become the latest victim in a growing wave of Salesforce CRM data thefts linked to the ShinyHunters extortion group.
In a statement, Google stated, "In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations."
Google added, "The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details."
While Google labels the attackers as UNC6040 or UNC6240, it is possible that these incidents to the notorious ShinyHunters group, known for multiple high-profile breaches including PowerSchool, Oracle Cloud, and AT&T.
According to ShinyHunters, their Salesforce intrusions are ongoing and that they’ve even breached a trillion-dollar company, though it’s unclear if this refers to Google. Their tactic is to extort companies via email, demanding ransom payments to keep stolen data from being leaked.
One victim has already paid roughly $400,000 in Bitcoin to avoid public exposure. Other affected companies reportedly include Adidas, Qantas, Allianz Life, Cisco, and luxury brands like Louis Vuitton, Dior, and Tiffany & Co.
After exhausting private extortion efforts, ShinyHunters plans to leak or sell the stolen data publicly, raising serious concerns for businesses relying on Salesforce and their customers’ data security.
As attackers like ShinyHunters exploit vulnerabilities, AI tools are racing ahead to detect and stop threats faster than ever. Recently, Google’s AI agent, Big Sleep, discovered a zero-day flaw (CVE-2025-6965) in SQLite before attackers could exploit it.
Developed by Google DeepMind and Project Zero, Big Sleep identified a memory corruption issue that had gone unnoticed by traditional tools for years. Kent Walker, Google’s president of Global Affairs, said, “We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.”
Similarly, Microsoft’s Security Copilot discovered flaws that could let attackers bypass important security on Linux systems. Meanwhile, Google’s AI-powered OSS-Fuzz found 26 new security bugs across 160 projects, improving testing even in code that had already been checked many times.
In fact, AI tools have helped suspend millions of fraudulent ad accounts and reduce deepfake ad reports by 90%. With models like Google’s Sec-Gemini leading the way, AI is becoming essential for proactive cyber defense.
Despite AI stepping up to fight cyber threats, the UK’s Online Safety Act for age verification is making people search for easier, but unsafe, ways to access certain websites.
The UK’s new Online Safety Act (OSA) recently started enforcing strict “age assurance” rules requiring websites to verify users’ ages before giving access to certain content.
This has led to a huge surge in VPN use, with Proton VPN reporting an 1,800% increase in UK sign-ups since the law’s “age assurance” requirements took effect. The law requires users to verify their age with selfies or government IDs to access content, including support groups for addiction, sexual assault, and even educational materials.
This invasive system has drawn heavy criticism for invading privacy and driving users to find workarounds like VPNs. The facial recognition technology used is easily fooled even with video game screenshots raising serious security concerns.
Despite these issues, the UK government insists the law is necessary and refuses to reconsider, dismissing critics as supporters of child predators.
Experts warn that the law not only threatens privacy and freedom but also harms smaller websites that can’t afford compliance costs. At the same time, predators will likely switch to unregulated sites or keep using VPNs, making the law ineffective.
Critics say the OSA puts government control ahead of true safety, weakening internet security for everyone and serving as a warning to other democracies considering similar laws.
Do you think companies can keep up with emerging AI-driven cyber threats? Can the UK’s Online Safety Act protect users without harming their privacy?
Let us know in the comments section below!
Keane Lucas from Anthropic’s red team first tested Claude in Carnegie Mellon’s PicoCTF competition “on a whim,” simply pasting challenges into the AI model. Claude quickly solved most of them and ranked in the top 3%.
Claude’s performance kept improving. In one contest, it cracked 11 out of 20 difficult challenges within 10 minutes, eventually climbing to fourth place. Lucas admits he missed the start time by a few minutes, which might have cost Claude a win.
While Claude struggles with unexpected or unconventional tasks, its overall pace and success have surprised cybersecurity experts.
Anthropic’s Logan Graham warns that the cybersecurity community may be underestimating how quickly AI is advancing in offensive security. He adds, “You need to start getting models to do the defenses, as well.”
This rise in AI-driven hacking prowess comes at a time when Big Tech major Google is grappling with sophisticated cyber-attacks, showing how quickly threats are evolving.
Back in June, Google revealed that a threat actor they call 'UNC6040' used voice phishing tactics to breach one of their Salesforce instances and steal customer data. The stolen information mainly included contact details and notes related to small and medium businesses.
Now, Google has become the latest victim in a growing wave of Salesforce CRM data thefts linked to the ShinyHunters extortion group.
In a statement, Google stated, "In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations."
Google added, "The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details."
While Google labels the attackers as UNC6040 or UNC6240, it is possible that these incidents to the notorious ShinyHunters group, known for multiple high-profile breaches including PowerSchool, Oracle Cloud, and AT&T.
According to ShinyHunters, their Salesforce intrusions are ongoing and that they’ve even breached a trillion-dollar company, though it’s unclear if this refers to Google. Their tactic is to extort companies via email, demanding ransom payments to keep stolen data from being leaked.
One victim has already paid roughly $400,000 in Bitcoin to avoid public exposure. Other affected companies reportedly include Adidas, Qantas, Allianz Life, Cisco, and luxury brands like Louis Vuitton, Dior, and Tiffany & Co.
After exhausting private extortion efforts, ShinyHunters plans to leak or sell the stolen data publicly, raising serious concerns for businesses relying on Salesforce and their customers’ data security.
As attackers like ShinyHunters exploit vulnerabilities, AI tools are racing ahead to detect and stop threats faster than ever. Recently, Google’s AI agent, Big Sleep, discovered a zero-day flaw (CVE-2025-6965) in SQLite before attackers could exploit it.
Developed by Google DeepMind and Project Zero, Big Sleep identified a memory corruption issue that had gone unnoticed by traditional tools for years. Kent Walker, Google’s president of Global Affairs, said, “We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.”
Similarly, Microsoft’s Security Copilot discovered flaws that could let attackers bypass important security on Linux systems. Meanwhile, Google’s AI-powered OSS-Fuzz found 26 new security bugs across 160 projects, improving testing even in code that had already been checked many times.
In fact, AI tools have helped suspend millions of fraudulent ad accounts and reduce deepfake ad reports by 90%. With models like Google’s Sec-Gemini leading the way, AI is becoming essential for proactive cyber defense.
Despite AI stepping up to fight cyber threats, the UK’s Online Safety Act for age verification is making people search for easier, but unsafe, ways to access certain websites.
The UK’s new Online Safety Act (OSA) recently started enforcing strict “age assurance” rules requiring websites to verify users’ ages before giving access to certain content.
This has led to a huge surge in VPN use, with Proton VPN reporting an 1,800% increase in UK sign-ups since the law’s “age assurance” requirements took effect. The law requires users to verify their age with selfies or government IDs to access content, including support groups for addiction, sexual assault, and even educational materials.
This invasive system has drawn heavy criticism for invading privacy and driving users to find workarounds like VPNs. The facial recognition technology used is easily fooled even with video game screenshots raising serious security concerns.
Despite these issues, the UK government insists the law is necessary and refuses to reconsider, dismissing critics as supporters of child predators.
Experts warn that the law not only threatens privacy and freedom but also harms smaller websites that can’t afford compliance costs. At the same time, predators will likely switch to unregulated sites or keep using VPNs, making the law ineffective.
Critics say the OSA puts government control ahead of true safety, weakening internet security for everyone and serving as a warning to other democracies considering similar laws.
Do you think companies can keep up with emerging AI-driven cyber threats? Can the UK’s Online Safety Act protect users without harming their privacy?
Let us know in the comments section below!
First published on Fri, Aug 8, 2025
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending TD NewsDesk
EU Reportedly Plans High Triple-Digit Million Euro Fine For Google Over DMA Search Case
Ferrari Launches The Luce, Its First Electric Vehicle Designed With Jony Ive And LoveFrom!
Schneider Electric Bets On India’s AI Data Center Boom As Segment Outpaces Core Growth
AWS re:Invent 2025: Amazon & Google Bring Multicloud Service For Faster Connectivity
AI Recreates Voices Of UPS Crash Pilots Using Public Investigation Data, NTSB Restricts Access To 40+ Cases!
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion