AI is helping low-skill hackers pull off advanced cyberattacks

Anthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026.

The company mapped the observed behavior to the MITRE ATT&CK framework, which documents tactics and techniques used by attackers.

“These 832 cases are just a subset of the total number of accounts banned during this period, but they represent those where we had enough detail to conduct a thorough assessment of the attackers’ techniques,” the company said.

The researchers analyzed activity linked to the banned accounts and mapped it to version 18 of the MITRE ATT&CK framework. In total, the study recorded 13,873 actions spanning 482 unique ATT&CK techniques and all 14 ATT&CK tactics.

The findings show that the most common AI-enabled activities involved preparing for cyberattacks. Of the 832 reviewed accounts, 67.3% used AI for tasks such as malware development. The analysis also identified cases where AI was used to support more advanced operations, including lateral movement inside compromised networks.

The data also showed a shift in how AI was being used. During the study period, AI-assisted account discovery inside compromised environments increased by 8.9%, while AI-assisted phishing declined by 8.6%.

“These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out,” the researchers wrote. “Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors.”

One of the key conclusions was that the number of threat actors using AI for cyber operations is increasing. Medium- and high-risk actors accounted for 56% of reviewed cases during the second half of the study period, up from 33% during the first half. The analysis found that the increase was concentrated among actors using AI for activities such as lateral movement, credential dumping, and deploying web shells.

“What does distinguish the highest-risk actors is which techniques they’re asking the model for,” the researchers noted.

Another conclusion focused on the growing role of agentic systems in cyber operations. As AI-enabled techniques become more common, the researchers expect the code, architecture, and tooling built around AI models to become a stronger indicator of risk than individual prompts. They highlighted a cyber espionage campaign disrupted in November 2025 that received the maximum risk score of 100 despite using a number of techniques comparable to medium-risk actors.

“That attack was distinct not because of the number of techniques it employed but because of how the attackers used an AI agent to orchestrate them,” they added.

The final conclusion concerns gaps in the MITRE ATT&CK framework. While all 13,873 observed actions could be mapped to existing ATT&CK categories, the researchers argue that some behaviors associated with the highest-risk actors remain outside the framework. These include autonomous killchain orchestration, real-time pivot decisions, and AI-directed execution without human intervention.

“The taxonomy that modern threat intelligence relies on needs to grow to capture them,” they concluded.