What We Learned Mapping a Year's Worth of AI-Enabled Cyber Threats
Anthropic, Wednesday, June 3rd, 2026
Anthropic's analysis of 832 banned accounts reveals AI-enabled cyberattacks are becoming more dangerous, autonomous, and harder to assess using traditional frameworks.
Anthropic examined 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping their tactics onto the MITRE ATT&CK framework. The research found that threat actors increasingly use AI for complex post-compromise activities like lateral movement and account discovery rather than just initial access, making less-skilled attackers more dangerous.
Traditional risk assessment methods, such as counting techniques employed or tools used, no longer reliably distinguish high-risk actors, as AI enables less-sophisticated actors to perform advanced operations.
The analysis also revealed that the current MITRE ATT&CK framework lacks categories for AI-enabled behaviors like autonomous agentic orchestration that allow attackers to chain attack stages with minimal human intervention.