Anthropic disclosed in November 2025 that it had intercepted what it described as a Chinese state-sponsored cyber-attack campaign, a claim that immediately raised questions about how AI companies detect, classify, and share threat intelligence with the broader security industry. The disclosure arrived as Verizon’s annual Data Breach Investigations Report cycle enters its data-collection phase for the 2026 edition, putting a spotlight on whether AI-specific incident telemetry will reshape how the report categorizes attacks. No public confirmation exists from either Anthropic or Verizon that a formal data-sharing agreement is in place, but the timing and the nature of the disclosed campaign have prompted close attention from security professionals tracking the growing role of large language models in both offense and defense.
Anthropic’s November 2025 disclosure and its timing against the DBIR cycle
The core event driving this discussion is Anthropic’s public claim that it stopped a Chinese campaign attributed to a state-sponsored actor. That claim, reported in November 2025, described a campaign characterized by unusual autonomy and broad targeting, suggesting the attackers relied on AI-enabled tooling rather than simple scripted automation. The distinction matters because Verizon’s DBIR has historically classified incidents by method, motive, and actor type, and a new category of machine-speed reconnaissance or autonomous decision-making in attack chains would represent a meaningful shift in how the annual report frames the threat environment.
Verizon typically opens its contributor window in the months before publication, collecting incident data from dozens of organizations worldwide. If Anthropic were to contribute a full year of internal detection logs covering AI-driven threats, those records could alter the statistical weight assigned to autonomous tooling in the next edition. That is the central hypothesis here: the volume and detail of AI-specific telemetry from a single large contributor could increase the DBIR’s recorded share of incidents attributed to autonomous methods, regardless of whether the actual frequency of such attacks changed. The effect would be a measurement artifact, not necessarily a reflection of a new threat wave, and readers of the 2026 report would need to account for that distinction.
Timing further complicates the picture. Anthropic’s disclosure came late in the calendar year, close to the period when DBIR contributors typically finalize their submissions. If the company had been quietly collecting structured telemetry for months before going public, Verizon’s analysts might receive a dataset that spans much of 2025 while the broader security community is only just learning about the underlying campaign. That asymmetry between public awareness and private data-sharing could create the impression that AI-enabled attacks suddenly spiked, when in fact the visibility simply improved.
What the verified record shows about the Anthropic campaign claim
The verified factual record is narrow. Anthropic made a disclosure in November 2025 regarding a cyber-attack campaign, and the company attributed that campaign to a Chinese state-sponsored actor. Those two facts are confirmed by institutional reporting. Beyond that, no primary Anthropic statement, press release, or regulatory filing has surfaced to describe the scope of any data handover to Verizon or any other third party. Verizon has issued no methodology note or public acknowledgment of receiving AI-specific telemetry from Anthropic for the 2026 DBIR.
No raw logs, redacted samples, or independent audit records have been released to verify the existence of a twelve-month dataset. The absence of primary documentation means the headline claim, that Anthropic handed Verizon a full year of AI-cyber threat data, cannot be confirmed through available sources. What can be confirmed is that Anthropic publicly framed its detection of the campaign as an early example of AI-enabled operations, a characterization that, if accepted by DBIR analysts, would carry weight in how future editions define and count AI-assisted incidents.
The campaign’s reported characteristics, broad targeting and a degree of autonomy in execution, align with a pattern that security researchers have flagged over the past year: state-linked groups experimenting with large language models to accelerate reconnaissance, craft phishing lures, and probe defenses at speeds that outpace traditional manual tradecraft. If Anthropic’s internal detection data reflects that pattern in granular form, it would represent one of the first large-scale, structured datasets available to the DBIR from an AI company’s own abuse-monitoring pipeline.
It is also notable what the public reporting does not show. There is no indication that customer data was exfiltrated from Anthropic systems, nor that the attackers successfully compromised production AI models. Instead, the emphasis has been on detection and disruption, suggesting that the most valuable asset in this episode may be the telemetry itself: timestamps, prompts, behavioral indicators, and correlation with other infrastructure that could illuminate how AI-enabled adversaries actually operate in the wild.
Gaps in the evidence and what to watch in the 2026 DBIR
Several questions remain open. First, no public documentation from Anthropic describes the format, anonymization standards, or legal basis for sharing internal threat logs with an external research partner. Without that documentation, it is impossible to assess whether the data would meet Verizon’s contributor standards or how it would be weighted against traditional incident reports from managed security providers, law enforcement agencies, and breach notification databases. Interested readers looking for deeper institutional context around the reporting can find it through the Guardian’s own subscription materials, which frame how its technology coverage is funded and sustained.
Second, the attribution to a Chinese state-sponsored actor rests entirely on Anthropic’s own assessment. No government agency or independent threat-intelligence firm has publicly corroborated that attribution. State-sponsored attribution is notoriously difficult, and the DBIR has historically relied on a combination of law enforcement input and contributor consensus to assign nation-state labels. A single company’s unverified claim, however detailed, would face scrutiny from the DBIR’s editorial process before it influenced the report’s nation-state statistics.
Third, the hypothesis that AI-specific telemetry from one contributor could measurably shift the DBIR’s incident breakdown depends on how Verizon normalizes its data. The report’s methodology has evolved over its nearly two decades of publication to reduce bias from any single source, often by weighting contributors, deduplicating overlapping incidents, and segmenting findings by industry and region. If Anthropic’s dataset were treated as a specialized feed-akin to a niche threat-intel provider focused on AI abuse-its influence on the top-line numbers might be modest, even if the qualitative analysis devoted significant space to AI-enabled attacks.
For practitioners reading the 2026 DBIR, several signposts will indicate whether Anthropic’s experience shaped the narrative. One is the appearance of new subcategories explicitly referencing large language models, autonomous agents, or AI-assisted social engineering. Another is any methodological note describing the inclusion of telemetry from AI platforms or model-hosting providers. Finally, case studies or anonymized incident vignettes that mirror the broad, semi-autonomous campaign described in November 2025 would suggest that Verizon’s analysts had access to detailed underlying data, even if the source is not named.
How AI telemetry could reshape incident reporting
Regardless of whether Anthropic’s logs flow directly into the DBIR, its disclosure highlights a structural shift in how cyber incidents are observed. AI companies sit at a vantage point that is different from traditional network defenders: they see prompts, generated content, and model interaction patterns rather than firewall alerts or endpoint traces. That means their telemetry can expose early-stage reconnaissance and tooling development that never touches a victim’s infrastructure.
If incorporated into large public reports, this kind of data could push the industry to recognize pre-incident activity as part of the measurable threat landscape. Instead of counting only successful breaches, analysts might increasingly track attempted misuse of AI systems as a leading indicator of where attackers are investing. Over time, that could lead to new metrics-such as the volume of blocked model-abuse attempts tied to known threat clusters-that sit alongside more traditional breach statistics.
Such a shift would also raise governance and privacy questions. Even anonymized logs can reveal sensitive details about how customers use AI systems, and regulators may scrutinize cross-border sharing of this information, especially when it touches on alleged nation-state activity. Companies like Anthropic will need clear policies for when and how they contribute data to public research efforts, and users will reasonably expect transparency about those practices. Access to that transparency may require authentication through services such as the Guardian’s own sign-in portal, which gates some contextual material behind a registered account.
Reading the next DBIR with AI in mind
When the 2026 DBIR arrives, the safest interpretive stance will be cautious but curious. Any apparent jump in AI-enabled incidents should be read against the backdrop of changing data sources, not just changing attacker behavior. Readers should pay close attention to the methodology section, look for explicit references to AI platform telemetry, and treat uncorroborated nation-state attributions with appropriate skepticism.
Anthropic’s November 2025 disclosure marks an early test case for how AI companies participate in the broader ecosystem of threat intelligence. Whether or not its data materially shifts Verizon’s statistics, the episode underscores that future breach reports will increasingly be shaped by what happens inside model-hosting environments as much as by what defenders see on their own networks. Understanding that dual vantage point will be essential for anyone trying to make sense of the next wave of cyber risk.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
