The Information Machine

What we learned mapping a year’s worth of AI-enabled cyber threats

Anthropic News · 2026-06-03

Anthropic's Frontier Red Team publishes analysis of 832 accounts banned for malicious cyber activity, finding that AI is enabling less-skilled attackers to conduct sophisticated post-compromise operations and that the MITRE ATT&CK framework lacks categories for AI-enabled agentic attack orchestration.

Open original ↗

Appears in

Extraction

Topics: ai-securitycybersecuritythreat-intelligenceai-misuseai-safety

Claims

  • 67.3% of the 832 banned malicious accounts used AI specifically for writing malware in preparation for cyberattacks.
  • The share of medium-to-high risk threat actors increased from 33% to 56% between the first and second halves of the study period, a roughly 1.7-fold increase.
  • Attackers shifted their AI use from initial access techniques toward post-compromise activities like account discovery and lateral movement over the study period.
  • Traditional risk signals such as technique count no longer accurately predict attacker skill level because AI lets unsophisticated actors perform technically demanding tasks.
  • The MITRE ATT&CK framework currently lacks identifiers for AI-enabled agentic orchestration, where a model chains attack stages and executes with minimal human input.
  • Higher-risk actors are most distinguished by scaffolding architectures that let AI models execute multi-stage attacks autonomously rather than by the number of techniques used.

Key quotes

In the first six-month period of our analysis, 33% of actors were classified by our risk-scoring system as medium risk or higher. But by the second six-month period, that share had jumped to 56%—a roughly 1.7-fold increase.
These sorts of 'post-compromise' techniques used to be restricted to actors with the technical knowledge to carry them out. Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors.
There is no ATT&CK ID for this type of agentic orchestration—yet these are precisely the behaviors we expect to see much more of as AI agents become more capable.