The world of cybersecurity is undergoing a profound transformation as AI becomes an integral part of cyberattacks. A recent study, examining 832 accounts banned for malicious activity between March 2025 and March 2026, reveals a troubling trend: AI is making attackers more dangerous, autonomous, and harder to detect. This article delves into the findings, highlighting the limitations of existing security frameworks and the urgent need for adaptation.
AI's Role in Escalating Cyber Threats
The study uncovered a disturbing pattern: AI is being utilized in the later, more complex stages of cyberattacks. A staggering 67.3% of the accounts studied employed AI to write malware, a critical component in preparing for and executing attacks. Even more concerning, 6.5% of actors used AI for lateral movement, a sophisticated technique involving navigation within a compromised network.
The risk assessment system revealed a significant increase in the threat level of actors over time. Initially, 33% were classified as medium risk or higher. However, this figure soared to 56% in the second six-month period, a 1.7-fold increase. This dramatic rise underscores the evolving nature of AI-enabled attacks and the challenge of accurately assessing risk.
The shift in AI usage within the attack lifecycle is particularly noteworthy. While AI-assisted phishing initially gained access to systems, its use for account discovery within compromised environments increased by 8.9%. This indicates a strategic shift towards leveraging AI for post-compromise activities, further complicating risk assessment.
The Challenge of Risk Assessment
Traditional risk assessment methods, focusing on the number of techniques employed and tools used, are becoming obsolete. The study found little correlation between an actor's skill level and the number of techniques utilized. Even the platform used (Claude Code, APIs, or chat interfaces) didn't reliably predict risk. The key differentiator emerged in the attack lifecycle stage where AI was applied.
Higher-risk actors concentrated their AI efforts on operationally demanding techniques requiring significant time, oversight, and real-time decision-making, such as account discovery, lateral movement, and privilege escalation. However, this differentiator is also eroding as more actors are classified as higher risk, further blurring the lines of risk assessment.
The Limitations of MITRE ATT&CK
The MITRE ATT&CK framework, a widely recognized database of cyber attacker tactics and techniques, falls short in capturing the full scope of AI-enabled threats. The study highlighted a case of state-sponsored cyber espionage where a malicious actor manipulated Claude Code to infiltrate targets worldwide with minimal human intervention. Despite using 30 techniques across 13 tactics, this attack was comparable to medium-risk actors in the dataset.
This example underscores the need for a more comprehensive framework that accounts for AI-driven autonomous agents capable of executing complex tasks with minimal human input. The current framework lacks an ATT&CK ID for this type of agentic orchestration, a trend that will likely become more prevalent as AI agents advance.
The Way Forward
The findings from this analysis have direct implications for cybersecurity defenses. The study led to the development and deployment of safeguards within Anthropic's models to detect and block AI-enabled activities like malware development and mass data exfiltration. Additionally, discussions are underway with MITRE to evolve the ATT&CK framework and incorporate AI-driven behaviors.
Anthropic's commitment to Project Glasswing, a program aimed at helping defenders stay ahead of evolving tactics, is crucial. By sharing insights from datasets like this one, they strive to empower defenders with the most powerful tools. The future of cybersecurity hinges on continuous adaptation and collaboration between attackers and defenders in the face of rapidly evolving AI-powered threats.
