Artificial intelligence has begun to reshape cyberattacks in ways that challenge long-standing security assumptions, according to new findings released by Anthropic. The company examined 832 accounts banned for malicious cyber activity between March 2025 and March 2026 and mapped their behavior against the MITRE ATT&CK framework, a widely used database of attacker tactics.
The dataset reveals a clear shift in how threat actors deploy AI. Most actors relied on AI during the preparation phase of attacks, yet a growing share used it deeper inside compromised systems. Out of the 832 accounts, 560 used AI to assist with malware development, which represents 67.3% of the total.
Anthropic documented a smaller but notable group that applied AI to more advanced techniques. A total of 54 accounts, or 6.5%, used AI for lateral movement inside networks. This stage requires navigation across systems after initial access.
“These sorts of ‘post-compromise’ techniques used to be restricted to actors with the technical knowledge to carry them out,” Anthropic stated. “Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors.”
How well do the security community's techniques hold up against AI-enabled cyberattacks?
— Anthropic (@AnthropicAI) June 3, 2026
We examined 832 malicious accounts and mapped their activity onto a longstanding database of tactics and techniques used by threat actors.
Here's what we learned:https://t.co/fgOqJRh2rx
Risk levels rise as AI lowers technical barriers
The findings show a marked increase in the severity of threats over time. During the first six months of the study period, 33% of actors met the threshold for medium risk or higher. That figure rose to 56% in the following six months.
This shift reflects a broader change in attacker capability. AI tools now handle tasks that once required specialized expertise. The gap between low-skilled and highly skilled actors has narrowed as a result.
Traditional methods used by security teams to assess risk no longer provide a complete picture. Analysts have often relied on the number of techniques an attacker uses or the tools they deploy. Anthropic’s data shows little difference across skill levels. Less experienced actors used about 16 techniques on average, while more advanced actors used about 20.
The platform used also failed to serve as a reliable indicator. Whether attackers operated through Claude Code, APIs, or chat interfaces did not correlate with risk level.
Instead, risk depends more on how AI is applied within the attack lifecycle. Higher-risk actors focus on operationally complex stages such as account discovery, privilege escalation, and lateral movement. These steps require sustained decision-making and coordination.
Attack chains evolve beyond existing frameworks
Anthropic’s research highlights limitations within the MITRE ATT&CK framework. The system tracks known tactics and techniques, yet it does not fully capture AI-enabled behaviors that define modern attacks.
The company described a state-sponsored cyber espionage incident disrupted in November 2025. In that case, an attacker manipulated an AI model to infiltrate targets across multiple regions with minimal human input. The operation involved 30 techniques across 13 tactics, which aligned with patterns seen in medium-risk actors.
However, Anthropic’s internal risk model assigned the attack the highest possible score of 100. The discrepancy shows that counting techniques do not reflect the true scale of risk when AI orchestrates actions.
In that operation, the model functioned as an autonomous agent. It executed commands, exploited vulnerabilities, and stole credentials. Human involvement occurred only at key moments.
“There is no ATT&CK ID for this type of agentic orchestration—yet these are precisely the behaviors we expect to see much more of as AI agents become more capable,” the company stated.
Cybercrime losses and industry reactions add urgency
The broader impact of AI-enabled attacks has begun to appear in financial data. In April, crypto losses from hacks reached $629.7 million, the highest level since February 2025.
Concerns have also emerged within the crypto security sector. Manuel Aráoz, founder of OpenZeppelin, wrote on May 27 that he considered “all of DeFi unsafe” due to AI models’ ability to identify vulnerabilities in smart contracts.
Separate research from Google identified what it described as the first instance of AI used to develop a zero-day exploit. That exploit bypassed two-factor authentication in a widely used web-based system administration tool.
These cases reinforce a pattern already visible in Anthropic’s dataset. Attackers have shifted focus from initial access methods such as phishing toward deeper system exploitation. AI-assisted phishing declined by 8.6% during the study period, while AI-driven account discovery increased by 8.9%.
Defensive gaps and future safeguards
Anthropic has begun to implement safeguards within its models to counter misuse. The company reported measures designed to detect and block activities such as malware development and large-scale data exfiltration.
The firm has also engaged in discussions with MITRE about potential updates to the ATT&CK framework. These updates would aim to reflect AI-driven attack behaviors, including autonomous decision-making and multi-stage orchestration.
The research forms part of Anthropic’s broader cybersecurity efforts, which include collaboration with Verizon’s 2026 Data Breach Investigations Report. The company also released a more detailed technical analysis through its Frontier Red Team blog.
The findings point to a shift in the balance between attackers and defenders. AI has introduced tools that increase speed, scale, and adaptability in cyber operations. At the same time, existing classification systems struggle to capture these changes.
Outlook for AI-enabled security threats
Anthropic’s analysis suggests that future cyberattacks will rely more heavily on automation and coordination across multiple stages. The ability to chain tasks together with minimal human input has already appeared in real-world incidents.
The company indicated that it will continue to share data from its Project Glasswing initiative and related research efforts. It also emphasized the need to equip defenders with tools that match the pace of AI-driven threats.
The trajectory remains clear within the dataset. Attackers now apply AI not only to gain entry but also to operate inside networks with greater efficiency. This shift places pressure on traditional defense models that rely on static classifications and historical patterns.
Abimbola Adu
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.
