What we learned mapping a year’s worth of AI-enabled cyber threats

Over the past year, whenever AI and cyberattacks were mentioned together, what first came to mind was probably “using large models to write phishing emails.” But Anthropic’s latest report, based on real telemetry data, shows us that's just the tip of the iceberg. They analyzed 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping the attackers’ actions onto the MITRE ATT&CK framework. The results reveal an unsettling trend: AI is playing an increasingly large role in the later stages of attacks.

AI has moved from a door key to a master key

The headline number is that 67.3% of the accounts used AI to write malware—something that aligns with most people’s intuition. But what’s truly alarming are the less frequent, high-impact uses: 6.5% of attackers used AI to assist with “lateral movement”—navigating deep inside a compromised network to find high-value targets. This sort of technique used to require deep networking knowledge; now AI can break down the complex steps into executable instructions, enabling even novices to pull it off.

A more intuitive metric comes from risk score shifts. In the first six months of analysis, only 33% of attackers were rated medium risk or higher. By the second six months, that proportion jumped to 56%—a near doubling. This wasn’t because attackers got smarter; it was because AI lowered the barrier for advanced techniques, transforming a huge number of entry-level attackers from drive-by bunglers into latent, long-term internal threats capable of pivoting and exfiltrating data.

Old maps don’t find new continents: why risk classification broke

Security teams traditionally rely on several signals to judge an attacker’s danger: the number of techniques used, the sophistication of tools, and the platform (script kiddies use point-and-click kits, elite hackers use custom frameworks). But AI has completely scrambled this classification. The report surprisingly found that low-skill attackers used an average of 16 distinct techniques, while high-skill attackers used about 20—a minimal gap. Similarly, whether they used Claude Code, an API, or a chat interface didn’t correlate with risk level.

In other words, we used to spot pros by how many moves they had and how flashy their tools were. Now AI gives everyone a fancy fighting stance, but the true danger lies in the attacker’s intent and where in the kill chain AI is applied. If an attacker uses AI for internal scanning and hunting for domain controllers, it doesn’t matter if they’re just clicking “next”; they may be more dangerous than someone handcrafting an efficient trojan.

The MITRE blind spot: missing the “AI technique”

The report delivers another wake-up call to the industry: MITRE ATT&CK—the bible of tactics and techniques for security practitioners worldwide—has no place for AI-driven attack patterns. For example, an attacker might have AI analyze internal network traffic in real time and autonomously decide the next lateral movement target. This “AI-driven dynamic decision-making” has no corresponding technique entry in the existing matrix. As AI automates more parts of the attack chain, we need a new taxonomy to describe how AI is integrated into tactics, or threat intelligence may miss the most critical card on the table.

What does this mean for defenders?

First, stop worshipping the “number of techniques” metric. Future threat hunting should focus on where in the attack lifecycle attackers are applying AI: if you see heavy internal reconnaissance and post-exploitation activity, sound the highest alarm immediately. Second, the security community needs to work together (much as this report’s findings were included in Verizon’s Data Breach Investigations Report) to add AI-specific techniques and sub-techniques into standard frameworks. Finally, this reveals a deeper trend: AI won’t create entirely new attack categories, but it will supercharge and automate existing high-risk actions. The real challenge for defense is distinguishing between a script kiddie who pressed an “enhance” button and an elite hacker who got a new weapon—and from the outside, they now look increasingly alike.