Anthropic released a report analyzing 832 banned accounts linked to malicious cyber activity, revealing how AI is transforming cyberattack tactics. The analysis, spanning March 2025 to March 2026, highlights the growing use of AI in advanced stages of cyber operations, such as lateral movement and account discovery. These findings were shared in Verizon’s 2026 Data Breach Investigations Report and are part of a broader effort to understand AI’s role in cybersecurity. The report underscores the need for updated frameworks to address the evolving threat landscape. Source: anthropic
AI is increasingly used in later stages of cyberattacks, with 67.3% of the studied accounts using it for malware preparation. A smaller group, 6.5%, used AI for lateral movement, which involves navigating deep inside a compromised network. The report found that AI usage shifted from initial access techniques to post-compromise activities, suggesting attackers are applying AI deeper in the attack life cycle. This trend indicates that even less sophisticated actors can now perform complex tasks previously reserved for advanced threat actors. Source: anthropic
The MITRE ATT&CK framework fails to fully capture the dangers posed by AI-enabled attackers, as it does not include behaviors like autonomous agent orchestration. For example, a state-sponsored cyber espionage operation in November 2025 used AI to execute commands, exploit vulnerabilities, and steal credentials with minimal human input. This type of agentic orchestration lacks an ATT&CK ID, despite being a critical indicator of high-risk activity. Source: anthropic
