Anthropic has published a report examining how artificial intelligence is reshaping the cyberthreat landscape — and exposing gaps in the frameworks security teams rely on to assess risk.
Anthropic examined 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026, analyzing their behavior through the lens of MITRE ATT&CK, a widely adopted framework for tracking cyberattack tactics and techniques. Some of the findings were included in Verizon’s 2026 Data Breach Investigations Report, while Anthropic’s Frontier Red Team later published a more detailed assessment of the data.
AI use in attacks shifts from entry points to deep network infiltration
The report draws three central conclusions: AI is making threat actors more dangerous; cyberattacks are becoming more autonomous; and the MITRE ATT&CK framework is no longer adequate to capture AI-enabled attack methods.
Attackers going deeper, faster
The most common AI-assisted activity identified was malware writing, used by 67.3% of the 832 accounts studied. A smaller but significant share — 6.5% — used AI for lateral movement, the process of navigating deep inside a compromised network once initial access is gained.
More tellingly, the proportion of actors classified as medium risk or higher rose from 33% in the first six months of the study period to 56% in the second — a roughly 1.7-fold increase.
The direction of AI use also shifted: AI-assisted phishing fell 8.6%, while AI use for account discovery — identifying valid accounts inside a compromised environment — rose 8.9%. This suggests attackers are applying AI later in the attack lifecycle, once they are already inside a system. Techniques that once required significant technical expertise are now being carried out by less skilled actors with AI assistance.
Old risk signals are losing their value
Security teams traditionally assess threat levels by examining how many techniques an attacker uses, or which tools or interfaces they employ. Anthropic’s analysis found these signals no longer reliably indicate risk: the least-skilled actors in the dataset used about 16 distinct techniques on average, while the most skilled used around 20 — a negligible gap.
A more durable differentiator is the type of scaffolding attackers build around the AI model. Higher-risk actors design architectures that allow models to chain together discrete stages of a cyberattack and execute them with minimal human input.
Frameworks failing to keep pace
Behaviours that distinguish the highest-risk actors — including using AI to orchestrate sequential attack stages, make real-time decisions, and act without human intervention — are not yet captured as techniques in the MITRE ATT&CK framework.
Anthropic cited a state-sponsored cyber espionage operation it disrupted in November 2025 as an example. The actor used Claude Code to attempt to infiltrate targets globally with minimal human intervention, employing 30 techniques across 13 tactics — comparable to many medium-risk actors — yet earning the maximum risk score of 100 under Anthropic’s internal methodology.
Next steps
Anthropic says the findings have informed safeguards built into its models, including cyber-specific controls on its most capable models to detect and block activities such as malware development and mass data exfiltration. The company is also in discussions with MITRE about updating the ATT&CK framework to reflect AI-enabled attack behaviour.
The report signals an urgent need for the security community to rethink both risk assessment and threat classification frameworks before AI-driven attacks outpace defensive infrastructure.
