Factory, a San Francisco-based startup, said it disrupted an attack by at least one state-linked threat group that attempted to hijack its software development platform for use in a global cyberfraud operation.
The company said the attackers, some of whom were linked to China-based state actors, used AI-based coding agents to maintain their infrastructure and make real-time adjustments to Factory’s cyber defenses.
Factory said the apparent goal of the attack was to chain together usage from multiple AI products and then resell access as part of a larger operation.
“The attackers sought to exploit free-tier access and onboarding pathways across multiple AI providers, including Factory, in order to assemble an external, large-scale fraud and cybercrime operation,” Factory CTO Eno Reyes told Cybersecurity Dive. “Their objective was to repurpose AI platforms like ours as compute and tooling nodes within a broader mesh of ‘off-label’ model usage.”
Factory said a strong percentage of the volume emanated from data centers and internet service providers in China, Russia and Southeast Asia.
The attack itself was first detected on Oct. 11 and lasted multiple days. The company examined logs that showed over a three-day period that thousands of organizations were using its Droid product in ways that didn’t match the usual patterns of customers.
During the investigation, the company uncovered Telegram channels that advertised free or discounted access to premium AI coding assistants. In addition, threat actors offered access to vulnerability research on third-party targets and made cybercrime resources.
The attack coincided with a disclosure by Anthropic about a sophisticated espionage campaign based mostly on AI infrastructure.
Factory said it has shared its findings with relevant security agencies and regulatory authorities.
James Plouffe, principal analyst at Forrester, told Cybersecurity Dive the Factory incident and the Anthropic attacks may underscore a couple of objectives for adversaries: “To demonstrate a viable [proof of concept] of AI-driven attack infrastructure and benchmark it against their own capabilities.”
In addition, Plouffe said, this allows the adversaries to “probe the detection and response capabilities of the frontier AI companies themselves.”