(This matrix does not make attribution claims and is a work in progress)
Sources: ISOON leak (HarfangLab) · ISOON leak (GitHub) · OpenAI (Disrupting malicious uses of our models) · Anthropic (GTG-1002 AI-Orchestrated Espionage) · Red Reaper blog
□
| # | Feature | ISOON Leak | Peer Review / Qianyue | GTG-1002 (Anthropic) | Red Reaper PoC |
|---|---|---|---|---|---|
| ▾ A. Actor & profile | |||||
| 1 | China-nexus, PRC-aligned | ✅Yes Explicitly PRC contractor (MSS/MPS, local gov’t). | ✅Yes China-based / China-aligned cluster per OpenAI. | ✅Yes PRC state-sponsored espionage group. | ❌No Demo PoC, but explicitly inspired by PRC contractor capabilities. |
| 2 | Commercial / productized offerings | ✅Yes Full product catalog, pricing, brochures. | ✅Yes Building & marketing Qianyue product, drafting sales pitches via ChatGPT. | ⚠️Partial Not marketed; internal state tool, but could be productized. | ❌No Public PoC “product” for awareness, not sold. |
| ▾ B. Surveillance & Espionage | |||||
| 3 | “Overseas public opinion” surveillance for PRC clients | ✅Yes “Twitter Public Opinion Guidance and Control System” + overseas guidance platform marketed to PRC agencies. | ✅Yes “Qianyue Overseas Public Opinion AI Assistant” for monitoring foreign discourse on China & protests (X, Facebook, YouTube, Instagram, Telegram, and Reddit). | ❌No No public-opinion focus; targets org internals. | ❌No Focused on email/intel, not opinion space. |
| 4 | Automated Data collection and intelligence extraction | ✅Yes Large-scale secret extraction & email collection platforms, social graph based on the exchanges, looks to classify sensitive and valuable information. | ✅Yes Targeted social media breach, monitoring and intelligence extraction. | ✅Yes Loacte and exfiltrate database/files, process large volumes of data, categorize findings by intelligence value. | ✅Yes Fusion of both ISOON and GTG-1002 capabilities, ENRON email corpus as simulated stolen data.. |
| 6 | Direct account takeover of social accounts (phishing, token reuse) | ✅Yes Twitter Forensics/Email Collection platforms seize accounts via phishing, reportedly bypasses two-factor authentication and continuously pull DMs/posts. | ❌No Qianyue is described as analysis of public content; no explicit hijacking in OpenAI logs. | ❌No Focus is server/app compromise, not social-account takeover. | ❌No No live account interaction. |
| ▾ C. Automation & offensive tooling | |||||
| 7 | Browser/web crawling automation for recon/vulns | ✅Yes Pentest platform can automatically crawl webpages and test OWASP Top-10 style vulns. | ⚠️Partial Qianyue likely does HTTP/API access, but specific crawling logic is unknown. | ✅Yes MCP tools include browser automation for web recon, driven by Claude. | ❌No Pipeline is post-collection, not crawling. |
| 8 | Orchestration of open-source pentest tools (Metasploit, scanners, etc.) | ✅Yes Automated Pentest Platform wraps nmap-style scans, OpenVAS, Nessus, Acunetix, Burp, Core Impact, Nexpose; effectively a Metasploit-style orchestrator. | ❌No No offensive tool orchestration described; code is for data ingestion/LLM usage. | ✅Yes Claude orchestrates open source penetration testing tools (scanners, DB exploit frameworks, password crackers, binary-analysis suites) via MCP. | ❌No No exploit/recon; just analysis of already-held data. |
| ▾ D. AI / ML usage pattern | |||||
| 10 | Traditional ML / “deep learning” for email & doc triage | ✅Yes Email Analysis Platform has a “deep learning” module: classifies email, mines relationship networks, extracts PII, builds person lists (name, gender, age, nationality). | ❌No Qianyue’s analytics are LLM-based in design; OpenAI doesn’t show classic DL pipelines. | ❌No Anthropic says Claude powers triage; similar functionality to ISOON, but underlying tech looks to have migrated from tradition ML to LLMs. | ✅Yes Red Reaper uses NER + embeddings + graph algorithms before the Mistral LLM layer. The PoC represents a fusion between ISOON and GTG-1002 (phase 5 activity). |
| 12 | LLMs as analysis engine inside the product | ❌No Uses older “deep learning” + ML terminology for email/graph analysis. | ✅Yes Qianyue is architected to use Llama 3.1 8B via Ollama and mentions Qwen/DeepSeek as analysis backends. | ✅Yes Claude performs data triage & intelligence categorisation in Phase 5. | ✅Yes Mixtral 8×7B is the core “intelligence value assessor” over triaged data in the graph. |
| 13 | LLM as full attack orchestrator (kill-chain brain) | ❌No Automation is Ruby/GUI-driven, not LLM-based. | ❌No ChatGPT is used interactively by humans, not as an agent with tools. | ✅Yes Claude Code controls tools via MCP across recon → exploit → lateral → exfil → triage → docs. | ❌No Orchestrates intel triage only, no intrusion chain. |
| ▾ E. Graph / relationship intelligence | |||||
| 14 | Graph-based people / relationship analysis | ✅Yes Email Analysis Platform builds relationship graphs (manager/subordinate, etc.), plus “relationship network mining” and PII correlation. | ❌No Likely some per-entity aggregation, but not mentioned in OpenAI report. | ⚠️Partial Anthropic describes building comprehensive maps of internal network architectures and access relationships; graph language is implicit, not confirmed. | ✅Yes Heavy use of Neo4j + Louvain/PageRank/degree centrality to model relationships and importance. |
| ▾ F. Documentation / marketing / pricing | |||||
| 15 | Internal marketing decks & price sheets for these systems | ✅Yes Leak is full of brochures, quotes, and price lists for email, opinion, and pentest platforms. | ✅Yes Peer Review explicitly uses ChatGPT to generate “detailed descriptions, consistent with sales pitches” for Qianyue and similar tools. | ❌No No public marketing; internal operator tooling only. | ❌No No public marketing; PoC demo. |
| ▾ G. Operational maturity | |||||
| 16 | Demonstrated multi-victim, real-world operations | ✅Yes Long-running, many victims (gov, telecom, airlines, NGOs across continents, Uyghur minorities). | ⚠️Partial Social media listening tool claimed to feed real-time reports about protests in the West (Uyghur rights protests) to the Chinese security services. | ✅Yes ~30 targets, multiple confirmed intrusions in mid-2025 campaign (major tech and gov). | ❌No Lab PoC only, over public ENRON email data; explicitly non-malicious. |