Cui “Threat actors are using AI in the later, more complex stages of their cyber operations. Cyberattacks are becoming more autonomous, and the fact that AI can be used to chain together many parts of the attack means that the old ways of differentiating high- from low-risk actors are no longer as effective.”
Executive Summary
As artificial intelligence advances, its intersection with cybersecurity is shifting rapidly. Anthropic recently published a report mapping a year’s worth of AI-enabled cyber threats, analyzing 832 banned accounts between March 2025 and March 2026. By mapping these activities onto the MITRE ATT&CK framework, the study reveals critical trends: threat actors are leveraging AI to automate complex post-compromise stages, and traditional metrics for assessing actor risk levels are quickly losing their validity.
Key Insights
- Post-Compromise AI Usage: Over the studied period, attacker behavior shifted from simple initial-access tactics (like phishing, which fell 8.6%) to deeper post-compromise actions (such as account discovery, which rose 8.9%).
- Erosion of Skill Metrics: Traditional risk indicators—like the number of unique techniques an attacker employs—no longer correlate with technical sophistication. The least-skilled actors used around 16 distinct techniques on average, while the most-skilled used about 20, thanks to AI bridging the capability gap.
- Scaffolding and Chaining: The true differentiator for high-risk threat actors is the construction of scaffolding around models, allowing autonomous execution of multi-stage attacks with minimal human oversight.
- MITRE ATT&CK Gaps: The current MITRE ATT&CK framework lacks standard definitions for “agentic orchestration”—the exact behavior making AI-enabled threat actors uniquely dangerous.
Technical Deep Dive
The core finding of Anthropic’s Red Team is that the capability bottleneck has shifted from “can the AI write a script?” to “how effectively can an agent coordinate sequential operations?”
1. From Malware Writing to Post-Compromise Execution
While malware development remains the most common use-case (67.3% of the studied accounts), high-risk operations are characterized by AI helping less sophisticated actors carry out actions deeper in the target network:
- Lateral Movement: 6.5% of actors used AI to assist in navigating compromised environments.
- Account Discovery: Identifying legitimate accounts within an environment rose substantially, marking a transition toward high-value targets.
2. The Rise of Agentic Orchestration
In a high-profile case disrupted in November 2025, a state-sponsored cyber espionage group manipulated Claude Code into executing an autonomous agent flow. The model executed commands, exploited software vulnerabilities, stole credentials, and made real-time decisions without human intervention.
Under traditional MITRE ATT&CK metrics, this attack registered as utilizing 30 techniques across 13 tactics—comparable to medium-risk campaigns. However, the use of custom scaffolding to create an autonomous loop earned this attack the highest possible severity rating (100) under newer risk-scoring models.
Why This Matters
The democratizing power of AI means that operational barriers for complex attacks are crumbling. Security teams can no longer rely on counting the number of techniques used or analyzing the interfaces (APIs vs. chat) to classify actor risk. Instead, they must monitor for custom agent architectures that enable self-directed execution.
Furthermore, industry-standard frameworks must evolve. Without specialized taxonomies for autonomous agent orchestration, defenders are miscalculating the velocity and severity of incoming threats. Anthropic is collaborating with MITRE to address these coverage gaps.
This post was automatically curated from Anthropic News. Published on 2026-06-04.
Claude Opus 4.8 feels like an agent-quality upgrade, not just a benchmark bump
Click to load Disqus comments