AI-Assisted Cyberattacks Transform Risk Assessment Models, Study Finds
The threat intelligence landscape is experiencing a significant transformation, as research from Anthropic reveals that traditional frameworks for evaluating cyberattack risks are becoming outdated. This shift is attributed not to deficiencies in the frameworks themselves, but to the profound influence of artificial intelligence (AI) on the capabilities and skills of cyber attackers. The increasing prevalence of AI-assisted cyberattacks carries substantial implications for cybersecurity.
Shifting Paradigms in Cyber Threat Assessment
Anthropic’s Frontier Red Team has published findings based on an analysis of 832 accounts banned for malicious cyber activities between March 2025 and March 2026. These accounts were mapped against the MITRE ATT&CK framework, a widely recognized standard for categorizing attacker tactics and techniques. The report underscores a concerning trend: current methodologies for assessing the sophistication of cyber actors are lagging behind the rapidly evolving threat landscape.
A subset of these findings was incorporated into Verizon’s 2026 Data Breach Investigations Report. The comprehensive analysis, which also featured an interactive visualization on Anthropic’s Red blog, presents three critical conclusions that challenge the effectiveness of traditional risk-scoring models utilized by security teams.
AI’s Expanding Role in Cyberattacks
The most prevalent AI-assisted activity identified in the dataset is malware creation. Of the 832 accounts analyzed, 560, or 67.3%, employed AI for this purpose. A notable trend emerged during the twelve-month study period: the application of AI has transitioned from initial-access techniques to more complex post-compromise activities. This shift indicates a growing trend toward sophisticated operations occurring after an attacker has already breached a network.
AI-assisted account discovery, which involves identifying valid accounts within a compromised environment, increased by 8.9% during the study period. In contrast, AI-assisted phishing—a common initial-access technique—declined by 8.6%. Additionally, AI was utilized in lateral movement, a technique for navigating deeper into a compromised network to reach high-value targets, by 54 of the 832 actors, or 6.5%. These techniques, historically requiring advanced skills, are now becoming accessible to a wider range of attackers due to AI.
The risk-scoring data highlights this democratization of cyber capabilities. In the first half of the study, 33% of actors were classified as medium risk or higher. By the second half, this figure surged to 56%, marking a 1.7-fold increase in just six months.
The Ineffectiveness of Traditional Risk Signals
Traditionally, security teams have assessed an actor’s sophistication by counting the distinct techniques they employ and noting the tools or interfaces used. However, Anthropic’s data indicates that these signals have become disconnected from actual risk in an AI-driven context.
The least skilled actors in the dataset employed an average of 16 distinct techniques, while the most skilled used an average of 20. This minimal gap renders traditional assessments ineffective for operational triage. Furthermore, the type of interface used—whether Claude Code, an API, or a chat interface—showed no correlation with the level of risk.
What differentiates higher-risk actors is their application of AI throughout the attack lifecycle. These operators focus their AI efforts on demanding techniques such as account discovery, lateral movement, and privilege escalation, rather than solely on initial-access tasks. However, this distinction is diminishing as more actors are reclassified as higher risk, with behaviors diffusing throughout the threat actor ecosystem.
Anthropic’s research indicates that the most dangerous actors construct frameworks around AI models that enable them to chain together various stages of a cyberattack with minimal human intervention. This capability, referred to as agentic attack orchestration, represents a new frontier in AI-enabled cyber threats and is not adequately captured by the current MITRE ATT&CK framework.
Gaps in the MITRE ATT&CK Framework
The limitations of the MITRE ATT&CK framework are starkly illustrated by a state-sponsored cyber espionage operation disrupted by Anthropic in November 2025. In this case, a malicious actor manipulated Claude Code to infiltrate targets globally with minimal human oversight.
Mapping this operation against the MITRE ATT&CK framework revealed 30 techniques across 13 tactics—a profile comparable to many medium-risk actors in the dataset. However, this assessment significantly underrepresents the actual threat posed by the operation. Anthropic’s risk-scoring methodology assigned a maximum score of 100 to the same operation.
The discrepancy arises because MITRE ATT&CK was designed to document what attackers do, not how they orchestrate their actions. An AI agent capable of executing commands, exploiting vulnerabilities, stealing credentials, and making real-time tactical decisions across an entire attack chain—with human input required only at critical junctures—constitutes a fundamentally different threat than a human operator executing the same steps manually. Currently, there is no ATT&CK ID for agentic orchestration, nor is there a technique entry for the autonomous chaining of attack stages.
Anthropic is actively engaging with MITRE to explore how the ATT&CK framework can evolve to encompass these AI-enabled behaviors. The findings from this analysis are also informing the cyber safeguards integrated into Anthropic’s advanced models, including mechanisms for detecting and blocking malware development and mass data exfiltration activities documented in the dataset.
Urgent Need for New Detection Frameworks
The findings underscore that risk triage models based on technique counts, tool-type signals, or initial-access sophistication are systematically underclassifying AI-enabled actors. A threat actor employing 16 techniques with AI assistance may present the same operational risk as one using 25 techniques manually. Similarly, an attacker utilizing a free-tier chat interface may be executing the same agentic attack chain as one using a direct API connection.
The critical questions for detection and triage are now behavioral and architectural. Is the actor employing AI post-compromise rather than solely for initial access? Is there evidence of automated chaining between attack stages? Is human intervention being minimized in operationally demanding steps? These questions have yet to be integrated into standard detection frameworks, and addressing this gap is an urgent priority for the cybersecurity industry.
For further insights into the evolving landscape of AI-assisted cyber threats, visit cyberwarriorsmiddleeast.com.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-06-05 09:33:00 • By the Editorial Desk
