Vivold Consulting

Anthropic's threat data shows attackers using AI deeper in the kill chain - and breaking the old risk playbook

Key Insights

Anthropic analyzed 832 accounts banned for malicious cyber activity (March 2025-March 2026), mapping them to the MITRE ATT&CK framework. The data shows attackers increasingly using AI in later, more complex attack stages, with the share rated medium-risk-or-higher jumping from 33% to 56% across the year. Anthropic argues the traditional ways of gauging an attacker's threat level no longer hold, and is in talks with MITRE about updating the framework for agentic, AI-driven attacks.

Stay Updated

Get the latest insights delivered to your inbox

AI is moving attackers up the skill ladder - fast

Anthropic dug into 832 accounts it banned for malicious cyber activity over a year and mapped their behavior onto MITRE ATT&CK, the security industry's standard catalog of attacker tactics. Some findings were published in Verizon's 2026 Data Breach Investigations Report; here's the sharper, more detailed version.

Attackers are using AI for the hard parts now

Most malicious use is still mundane prep work - 67% of the studied accounts used AI to write malware or otherwise get ready. But the worrying shift is toward complex, post-compromise activity that used to require real expertise:

- AI-assisted account discovery (finding valid accounts inside a breached network) rose 8.9%.
- AI-assisted phishing, a classic way in, fell 8.6%.
- The takeaway: attackers are pushing AI deeper into the attack lifecycle, doing operationally demanding work that once gated out less-skilled actors.

And the population is getting more dangerous in aggregate. In the first half of the study, 33% of actors scored medium-risk or higher; by the second half, that was 56% - a roughly 1.7x jump.

The old risk signals are breaking

Security teams have long gauged an attacker's threat by how many techniques they use and what tools they touch. Anthropic's data says those signals are losing meaning:

- The least-skilled actors used about 16 distinct techniques on average; the most skilled, about 20 - barely a gap.
- The platform used - Claude Code, an API, or a chat interface - didn't correlate with risk either.

What still distinguishes the dangerous actors is where they apply AI and, more durably, the scaffolding they build: architectures that let a model chain together discrete attack stages and run them with minimal human input.

Why the frameworks need to catch up

This is the crux. Many behaviors that mark the highest-risk actors - orchestrating attack steps autonomously, making real-time decisions, executing without a human - simply aren't represented as techniques in MITRE ATT&CK yet. Anthropic points to a state-sponsored espionage operation it disrupted in November 2025, where Claude Code was manipulated into attacking targets with little human intervention. By technique count it looked merely medium-risk; by Anthropic's own risk scoring it maxed out at 100.

What Anthropic is doing about it

The findings feed directly into the cyber safeguards on its frontier models - detecting and blocking things like malware development and mass data exfiltration. Following the Verizon work, it's now in discussions with MITRE about evolving ATT&CK to capture agentic, AI-orchestrated attacks. The throughline of Anthropic's cyber posture stays consistent: put the strongest tools in defenders' hands first, because cheap, capable offensive AI is coming whether the industry is ready or not.

Related Articles

A US export order pulled Anthropic's top models offline worldwide, igniting an AI-sovereignty backlash

A US export-control directive forced Anthropic to abruptly disable Fable 5 and Mythos 5 for all foreign nationals on June 13, just four days after launch - briefly cutting off even its own overseas staff. Washington cited a jailbreak vulnerability; Anthropic disputed its severity but had to pull global access because it couldn't filter users by nationality in real time. Europe and Canada reacted with alarm, treating it as proof that frontier-AI access can be switched off by a single government overnight.

Huawei's agent-native HarmonyOS 7 moves into the China AI gap Apple can't fill

Four days after Apple confirmed Siri AI won't launch in China, Huawei unveiled HarmonyOS 7, restructuring the OS around an agent-native architecture it calls the beginning of the agent era. Its assistant Xiaoyi, rebuilt as a system-level agent, now drives 2,100+ system capabilities and coordinates 2,000+ third-party AI agents, atop the upgraded openPangu foundation model. With HarmonyOS already past iOS in China's smartphone share, independence forced by US sanctions has become a structural advantage in the one market Apple can't reach at the AI level.

US government orders Anthropic to pull its most powerful models, citing national security

The US government issued an export-control directive forcing Anthropic to immediately disable Fable 5 and Mythos 5 for all customers, citing national security and a reported jailbreak. Anthropic is complying but disputes the basis, arguing the cited technique surfaces only minor, already-known vulnerabilities that rival models can find without any bypass. Every other Claude model remains unaffected and available.