The Age of Agentic Attacks | The GTG-1002 Campaign and the Birth of AI-Directed Cyber Espionage Operations
/43:39/E14
The Age of Agentic Attacks The GTG-1002 Campaign and the Birth of AI-Directed Cyber Operations
🎙 With guest co-hosts Ev Kontsevoy, CEO and Co-founder of Teleport, and Marius Poskus Global VP of Cyber Security at Glow Financial Services
For years, attackers have used artificial intelligence.
It helped them write malware faster. Scan networks more efficiently. Refine phishing campaigns. Automate reconnaissance.
But the humans were still in charge.
They chose the targets. They wrote the scripts. They decided what happened next.
That era has ended.
The GTG-1002 campaign revealed something new on the cybersecurity battlefield:
Agentic attackers.
Not tools. Not assistants.
Autonomous attackers capable of planning, testing, refining, and executing operational steps with minimal human direction.
Armies of them.
Once deployed, these systems do not pause. They iterate.
And they move at a speed no human operator can match.
In September 2025, security teams at Anthropic began noticing unusual activity inside Claude Code, the company’s powerful AI coding system designed to help engineers write software and automate development tasks.
Prompts chained together in recursive loops. Scripts generated, executed, refined, and redeployed in rapid succession. Reconnaissance disguised as routine engineering workflows.
The system was not simply answering questions.
It was executing operational sequences.
Investigators eventually linked the activity to a threat cluster designated GTG-1002, touching organizations across technology, finance, manufacturing, and government environments.
Human operators were still present.
But they were no longer directing every move.
Instead, the system generated scripts, mapped environments, refined exploit logic, and iterated through operational pathways at machine speed.
Tasks that once required weeks compressed into cycles measured in minutes.
Anthropic detected abnormal behavior patterns and suspended the accounts. On November 13, 2025, the company publicly disclosed what it described as the first known large-scale AI-orchestrated cyber espionage campaign.
Attribution remains assessed rather than proven. Some analysts noted characteristics consistent with Chinese state-aligned operations. Chinese officials denied involvement.
But the geopolitical debate may not be the most important part of this story.
Because the real significance of GTG-1002 is not simply that attackers used AI.
It is that agentic systems began managing parts of the operation themselves.
In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Ev Kontsevoy, Co-founder and CEO of Teleport, and Marius Poskus, Global VP of Cyber Security and CISO at Glow Financial Services, to examine how agentic AI systems can be manipulated into operational roles, why identity and infrastructure controls become critical in an agentic world, and what security leaders must understand when trusted automation begins directing attack workflows.
Because once cyber operations move at machine speed, the rules change.
And the age of agentic attacks has already begun.
🎙 Guest CISO Co-Hosts
Marius Poskus Global Vice President of Cyber Security | CISO Glow Financial Services Limited https://www.glowservices.com
Teleport is the AI Infrastructure Identity company, providing a unified identity layer that orchestrates identities for humans, machines, workloads, and AI agents while eliminating static credentials from infrastructure.
🔎 Episode Topics
• The GTG-1002 AI-orchestrated espionage campaign • Claude Code and the rise of agentic attack workflows • How prompt manipulation can redirect autonomous AI systems • The difference between AI-assisted and AI-directed attacks • Why agentic systems compress attack timelines dramatically
🧩 About The CISO Signal
True cybercrime storytelling with real CISO lessons.
