Citizen Portal
Sign In

Anthropic shows simulated Equifax-style cyberattack to illustrate AI dual‑use risks

5450439 · July 23, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Anthropic researchers demonstrated a sped‑up simulation showing how a large language model combined with a bespoke ‘cyber toolkit’ could probe and exploit network vulnerabilities, stressing dual‑use risks and the need for predeployment testing and government partnerships.

Chairwoman Hayes convened a bipartisan roundtable demonstration in which Kevin Troy, a member of Anthropic’s Frontier Red Team, presented a simulated cyberattack based on the 2017 Equifax breach and explained why frontier AI raises dual‑use national security concerns.

Troy said the company built a high‑fidelity replica of the Equifax network with Carnegie Mellon researchers and showed how an AI model, when paired with low‑level tooling, could probe, exploit and exfiltrate data. "The good news is that the initial answer to the question of can Claude do that is no, not out of the box," Troy said, adding that the demonstration illustrates the phase shift when strategic model reasoning is combined with tooling.

The demonstration and subsequent discussion focused on three policy implications: the need for predeployment testing and external evaluation, potential defensive uses of agentic AI for active network defense, and the importance of keeping cutting‑edge model development in the United States. Troy cited Anthropic’s recent award from the Department of Defense Chief Digital and Artificial Intelligence Office (CDAO) for work worth up to $200,000,000 and described a GovCloud product tailored for classified environments.

Committee members asked operational questions about the experiment. Representative Crane asked how long the simulated attack took; Troy said the video was sped up but the experiment ran "well under an hour" and cost about "10¢ of API credits." Members asked about who would have access to the cyber toolkit; Troy said the toolkit required substantial research and developer effort and was not trivially usable by the public.

Several lawmakers and company representatives emphasized testing and third‑party evaluation. Troy described the Frontier Red Team’s role as probing model capabilities and urged public‑private test bodies. The discussion named the NIST center for voluntary testing and expressed interest in strengthening those partnerships.

The session closed with discussion of longer‑term risks and tradeoffs: while agents could enable automated defensive tools such as penetration testing and active network defense, speakers warned that similar capabilities could be misused by adversaries if broadly accessible.

Less critical details: Troy repeatedly framed the work as research to inform defensive measures and called for reporting of test results; he also used the term "phase shift" to describe the risk when models are combined with toolkits.