Skip to content
Chimera readability score 69 out of 100, Academic reading level.

Every artificial intelligence (AI) platform that stores a payment method and adds a gifting feature has created a new monetization surface for account takeover fraud. Claude users are discovering gift subscriptions they never bought showing up as charges on their credit cards, The Guardian reported in May. Attackers did not breach Anthropic’s systems. They exploited a gap between how the platform verifies gift purchases and how it verifies account changes.
The mechanics are specific. Attackers gain access through stolen credentials from prior data breaches or through hijacked browser sessions captured via phishing or malware, Tom’s Guide reported. Once inside, they do not touch the account password or email address, because those actions trigger security alerts to the legitimate user. Instead, they purchase gift subscriptions and route the codes to external email addresses they control. The codes arrive instantly and can be resold on third-party marketplaces, often for cryptocurrency, before the account owner notices the charges. Gift purchases require fewer verification steps than account changes, meaning two-factor authentication protects the login but not the transaction.
David Duggan (not his real name), a Claude subscriber on a $20-a-month plan, found two $200 payments on his credit card for gift cards he had not bought. A third charge attempted but required additional confirmation and did not go through. He searched Reddit and found he was not alone. One user reported 10 payments of 18 pounds (about $24) taken from their account. Another had been charged 216 euros (about $247) three times. Two more were each hit with 225 euros charges (about $292), The Guardian reported.
Duggan changed his credit card details after discovering the charges, which prevented two additional transactions from processing. Anthropic said it is putting new protections in place, canceling subscriptions when it identifies scam purchases, and issuing refunds. It said there was no evidence that compromised card details originated from its systems.
Gift Subscriptions Bypass the Verification Controls That Protect Account Changes
The attack is a variation of a well-established fraud pattern applied to a new category of platform. PYMNTS Intelligence found that 71% of total fraud incidents and dollar losses at U.S. financial institutions now stem from unauthorized-party schemes, driven by credential theft and account takeovers, based on a survey of 200 financial institution executives. Post-login account takeover attempts have quadrupled, PYMNTS reported, citing Human Security’s 2026 cybersecurity report analyzing more than one quadrillion interactions.
What makes AI platforms a distinct target is the speed at which they have accumulated paying users with stored payment credentials. Phishing attacks are increasingly powered by automated, AI-assisted tactics that make account takeovers faster and harder to detect than earlier generations of credential theft, according to findings from Frontiers in Computer Science cited by Tom’s Guide. A hijacked session on a platform where users routinely interact with billing features provides everything an attacker needs to generate immediate cash without touching core credentials.
AI Subscription Charges Look Like Routine Billing Until They Don’t
The harder problem is detection. Because gift purchases route through a legitimate platform under a familiar billing name, they blend into normal subscription activity.
“Successful authentication can no longer serve as a definitive indicator of safety,” Michal Tresner, CEO of Threatmark, told The Thomson Reuters Institute. A properly authenticated session may still be the entry point for fraud. The behavioral signals that once flagged fraud reliably are now indistinguishable from normal activity on platforms designed for frictionless transactions.
Anthropic advises users who see unrecognized charges to contact support, cancel the affected card, request a new one and update login credentials. Any platform that stores payment credentials and offers transferable digital products now carries a version of the same exposure. The gift feature was built for growth, not for the fraud model it now enables.
For all PYMNTS AI and digital transformation coverage, subscribe to the daily AI and Digital Transformation Newsletters.

Sentinel — Human

Confidence

This analysis reads like high-quality journalistic reporting that synthesizes specific security findings with broader economic context, showing strong human editorial influence rather than pure machine generation.

Signals Detected
low severity: Sentence length variance exhibits natural variation; flow is discursive rather than rigidly metronomic.
low severity: The text successfully integrates specific, disparate data points (Mordians losses, attribution gaps) with explanatory reasoning without sounding purely academic or emotionally driven.
low severity: References to external sources (The Guardian, Tom's Guide, PYMNTS Intelligence, Human Security) are integrated contextually rather than just listed, indicating a human synthesis effort.
low severity: Specific numerical examples and the direct quoting of technical/legal concepts feel anchored to reporting, even if the overall narrative is synthesized.
Human Indicators
The integration of anecdotal evidence (David Duggan's experience) alongside macro-level statistics suggests a human investigative style.
The nuanced discussion on the limits of authentication and behavioral signals ('Successful authentication can no longer serve as a definitive indicator of safety') demonstrates sophisticated contextual framing.