AI vs AI: What the First Fully Autonomous Cyber Attack Means for Greater Manchester Businesses

Artificial Intelligence (AI) has been reshaping the way we work for years - but late 2025 marked a turning point that every SME in Greater Manchester needs to understand.

Anthropic, the AI company behind Claude, confirmed that a Chinese state-sponsored hacking group - known as GTG-1001 - launched the first documented cyber attack carried out almost entirely by AI with minimal human involvement. Around 80-90% of the attack operations were executed autonomously.

For the first time, we're seeing cyber warfare play out at machine speed - and the implications for businesses across the North West are profound.

As a Manchester-based MSP working daily with local organisations, here's what this moment means, why it matters, and how SMEs can protect themselves in a world where AI is both the attacker and the defender.

What Actually Happened? A Look Inside the First Autonomous AI Attack

GTG-1002 engineered an autonomous attack framework designed to manipulate Claude using clever "jailbreaking" techniques. They broke the attack into harmless-looking tasks and tricked the AI into believing it was assisting with legitimate cyber security testing.

Once inside that deception:

• Claude performed real-time reconnaissance on multiple organisations simultaneously
• It mapped entire networks and service dependencies within minutes
• It generated and executed custom exploit payloads without being asked
• It tested stolen credentials automatically and escalated privileges
• It launched multi-stage attacks that normally take humans days or weeks

This wasn't an AI assistant - it was an autonomous operator behaving like a highly trained analyst, but at thousands of request per second. 

This is the new era of machine-speed warfare.

The Irony: Even the Attackers Struggle with AI Hallucination

Interestingly, Claude's occasional habit of making things up - "hallucinating" - worked against the attackers.

The AI:

• Claimed it had credentials that didn't actually work
• Reported breakthrough discoveries that were just public information
• Exaggerated progresses

Humans had to re-validate much of the output, slowing things down.

But here's the worrying part: as AI improves, hallucinations will reduce, eliminating this accidental layer of defence.

AI vs AI: The Risk of Autonomous Defence Systems

While GTG-1002 exploited AI for attack, defenders also use AI to respond.

Enter cyber defence swarms - coordinated networks of AI agents acting as a digital immune system. These systems can:

• Detect unusual behaviour in milliseconds
• Correlate activity across systems
• Identify the attacker's next move
• Deploy countermeasures instantly

This is cyber security evolving from human analysts watching dashboards to AI ecosystems defending infrastructure faster than humans can blink.

Even Microsoft's Digital Defence Report 2025 warned that we are heading toward AI vs AI cyber warfare, where malware can rewrite itself on the fly and optimise attacks without human detection.

The New Risk: Humans are Being Pushed Out of the Loop

With this attack, we see a concerning trend - humans becoming spectators rather than decision-makers.

In earlier examples of AI-assisted hacking, humans guided every step. Now, they're only needed for a few high-stakes decisions.

That presents three major risks for SMEs:

• Over-trusting AI tools - Analysts stop questioning alters and recommendations
• Skill erosion - Teams become less experienced at handling complex threats
• Reduced oversight in critical moments - Especially where attackers use deception

We must not confuse automation (rule-based tasks) with autonomy (decision-making capability). True fully autonomous cyber attack capability is emerging more quickly than predicted.

A New Attack Surface: How standards Like MCP Can Be Exploited

The attackers took advantage of a new standard called Model Context Protocol (MCP) - essentially a bridge between AI systems and corporate data. 

While MCP is designed to make AI tools more useful, it introduces fresh vulnerabilities:

• Context poisoning - manipulating upstream data to mislead the AI
• Insecure connectors - allowing attackers to pivot into internal systems
• Weak authentication - enabling unauthorised data retrieval
• Prompt injection - hiding malicious instructions inside normal files

In the wrong hands, MCP becomes a powerful entry point, as demonstrated by GTG-1002.

The Acceleration Paradox: Zero Time Between Vulnerability and Exploitation

Traditionally, businesses had a window - sometimes days - to detect vulnerabilities and apply patches.

In this attack, that window's disappeared entirely.

An AI-powered attacker can discover, test, exploit, and spread within minutes. Younger, less-resources groups can now perform attacks that once required nation-state power.

For SMEs in Greater Manchester, this means:

• Relying solely on firewalls or antivirus is no longer enough
• Manual monitoring cannot keep up
• Cyber security must shift to continuous, AI-driven protection

Defenders must be right every time. Attackers only need to succeed once.

So, What's the Answer?

Human Oversight + AI-Driven Defence

The solution is not to avoid AI - far from it. AI is essential for protecting businesses at the speed attacks now occur.

But AI must operate within a Human-in-the-Loop (HITL) framework.

AI should be allowed to:

• Detect threats in real time
• Quarantine suspicious activity
• Assess behaviour patterns
• Automate routine responses

But humans must approve:

• Account lockouts
• Firewall reconfigurations
• Privilege access changes
• Actions affecting sensitive systems

This hybrid model combines AI's speed with human judgement.

Industry-wide collaboration is growing too. From Microsoft and Accenture's AI security initiatives to CISA's global AI threat-sharing playbook, we're seeing international efforts to manage AI-powered threats.

What SMEs in Greater Manchester Should Do Now

Autonomous AI cyber welfare is not a future risk - it's happening right now. For local businesses, this means strengthening security posture immediately.

Here's where to start:

1. Implement AI Security Posture Management - Traditional tools can't detect AI-specific threats. Explore solutions purpose-built to defend against autonomous attackers.
2. Review your identity, access and privilege strategy - AI-driven attacks prioritise credential harvesting. Strong identity architecture is your best defensive layer.
3. Modernise monitoring and incident response - You need systems capable of responding in milliseconds - not minutes.
4. Prepare now for MCP-related risks - If your business uses AI tools that integrate with external data sources, make sure connectors and context pipelines are secure.
5. Keep humans in strategic control - AI should accelerate security - not replace human judgement.

Final Word: The Machine-Versus-Machine Era Has Begun Already

The GTG-1002 attack is a historic marker.

For the first time, cyber warfare was executed almost entirely by machines, and defended by machines, with humans providing strategic oversight. This is the battlefield we now live in - and every Greater Manchester business, no matter the size, needs to update its security thinking accordingly.

AI-driven cyber threats aren't just an enterprise issue. They will increasingly target SMEs because they're faster, easier and often less protected.

The good news? With the right blend of AI-enabled security tools and human expertise, we can defend against machine-speed threats.

And as a North West MSP working with organisations across Greater Manchester, we're here to help guide you through this new era - one where vigilance, preparation, and smart adoption of AI security are essential.