Researchers are casting doubt on Anthropic’s recent claim that an AI-assisted cyberattack achieved 90% autonomy, arguing that the results were exaggerated and misrepresented the actual level of AI involvement. While Anthropic presented the experiment as a milestone in autonomous AI-driven hacking, experts say the findings fall short of demonstrating true AI independence. In the demonstration, Anthropic’s AI system, Claude, was tasked with identifying and exploiting vulnerabilities in a simulated network environment. The company reported that the AI completed 90% of the attack process without human intervention. However, independent cybersecurity researchers point out that much of the work—particularly in planning, decision-making, and executing complex exploits—still relied heavily on human oversight and pre-programmed scripts. One key limitation highlighted by experts is that the AI did not discover new vulnerabilities on its own. Instead, it operated within a constrained environment where potential weaknesses were already known and mapped out. This significantly reduces the challenge and autonomy required. Additionally, the AI’s actions were guided by strict rules and templates, limiting its ability to adapt or innovate during the attack. “This isn’t autonomous hacking—it’s more like an automated script with some AI-powered decision-making,” said a cybersecurity researcher who reviewed the methodology. “The AI didn’t think like a human attacker. It followed instructions, made minor choices within narrow parameters, and relied on human-defined objectives.” Another concern is the lack of transparency in how the 90% autonomy figure was calculated. Anthropic did not provide a detailed breakdown of what constituted “autonomous” versus “human-assisted” tasks, making it difficult to verify the claim. Critics argue that such vague metrics risk misleading the public and investors about the current capabilities of AI in cybersecurity. The broader implications are significant. As AI becomes more integrated into security tools, there’s growing pressure to accurately assess its real-world performance. Overstating AI autonomy could lead to complacency in defensive strategies or misplaced trust in automated systems. Experts stress that while AI can enhance threat detection and speed up certain aspects of penetration testing, it is far from being capable of independently launching sophisticated, adaptive cyberattacks. The real threat lies not in fully autonomous AI hackers, but in AI tools that amplify the capabilities of human attackers—making them faster, more efficient, and harder to detect. For now, the consensus among researchers is clear: the hype around AI-driven cyberattacks far exceeds the reality. True autonomy in hacking remains a distant goal, and claims of near-total AI independence should be met with skepticism.