Anthropic reports that 'cyberattacks are already automated by AI.'



Anthropic, an AI company, conducted a study to investigate how well the security community can withstand AI-powered cyberattacks. The results revealed that 'cyberattacks are already automated with AI.'

What we learned mapping a year's worth of AI-enabled cyber threats \ Anthropic

https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack




Anthropic investigated 832 accounts that were suspended for 'use in cyberattacks' over a one-year period from March 2025 to March 2026, and mapped them to MITRE ATT&CK , a database of attacker tactics and techniques. It should be noted that a vast number of accounts were suspended for cyberattacks during the investigation period, and the 832 accounts investigated represent only a fraction of them. However, Anthropic states that even from this limited number of accounts, 'sufficient information was obtained to evaluate the attackers' techniques.'

Anthropic explained that their investigation led to the following three conclusions.

◆1: Cyber attackers are shifting from simple attacks to more complex ones using AI.
The most common 'AI-powered cyberattack activity' in Anthropic's database was related to preparing for cyberattacks, such as creating malware. Of the 832 accounts surveyed, 560 (67.3%) were found to be using AI for 'cyberattack preparation.' Only a small number of attackers were using AI for more complex activities; for example, only 54 out of 832 attacker accounts (6.5%) were using AI to penetrate deep into compromised networks.

Anthropic has also found evidence that AI is being used to inflate the threat level of attackers. In the first six months of the analysis period, 33% of attackers were classified as 'medium risk or higher' by Anthropic's risk scoring system, but that percentage jumped to 56% in the following six months.

Throughout the study period, attackers' use of AI shifted from a method to gain initial access to systems to activities performed after infiltrating the system. For example, the use of AI to identify valid accounts within a compromised environment increased by 8.9% during the study period. On the other hand, AI-assisted phishing, a common method for gaining access to systems, decreased by 8.6%. This suggests that attackers are increasingly utilizing AI at deeper stages of the attack lifecycle.

These 'post-compromise' techniques were traditionally limited to attackers with the technical expertise to execute them. However, Anthropic's research has revealed that even those without highly advanced technical skills can now use AI to carry out these activities.



◆2: Cyberattacks are being automated by AI, rendering traditional methods for identifying high-risk attackers ineffective.
Anthropic has previously conducted risk assessments based on information such as the types of techniques, tools, and interfaces used by attackers. However, Anthropic points out that these metrics alone are no longer sufficient to accurately grasp the risk level of a particular threat actor.

As AI can now perform sophisticated technical tasks on behalf of attackers, there appears to be little correlation between a threat actor's skill level and the number of techniques they use. The least skilled actors in the dataset used an average of about 16 techniques, while the most skilled actors used around 20. Similarly, Anthropic reports that the specific platforms used (Claude Code, APIs, chat interfaces, etc.) did not correlate with the actor's risk level.

One helpful indicator for identifying high-risk attackers is at which stage of the attack lifecycle they utilize AI. For example, high-risk attackers tend to focus their AI use on more operationally demanding techniques that require significant time, monitoring, and real-time decision-making, such as account discovery, lateral movement, and privilege escalation, rather than simply gaining initial access to a system.

High-risk attackers are reportedly designing architectures that connect the individual stages of a cyberattack using AI models, allowing them to be executed with minimal human intervention.



◆3: Traditional evaluation criteria cannot accurately grasp the risks posed by attackers using AI.
Many of the behaviors that characterize the highest-risk attackers involve using AI to sequentially execute each step of the attack chain, to decide what to do next in real time, and to execute these actions without human intervention. Such techniques are not yet included in the attack methods of the MITRE ATT&CK framework.

In the case of a state-sponsored cyber intelligence operation thwarted by Anthropic in November 2025, a malicious attacker attempted to infiltrate target systems worldwide using Claude Code with minimal human intervention. According to the MITRE ATT&CK framework, the attacker employed 30 techniques across 13 different tactics, comparable to many mid-risk attackers included in Anthropic's dataset. However, Anthropic notes that 'focusing on the number of techniques used by this attacker underestimates the actual danger.'

In the state-sponsored cyber intelligence operations that Anthropic thwarted, the AI models functioned as autonomous agents. They executed commands, exploited vulnerabilities, stole credentials, made tactical decisions, and human intervention was only needed in a few critical moments. While no ATT&CK ID currently exists to correspond to such agent orchestration, this behavior is expected to become increasingly common as agent capabilities improve.



Anthropic stated, 'Cutting-edge AI models are rapidly changing the tools available to both attackers and defenders. We are committed to helping defenders stay ahead of these evolving tactics and to getting the most powerful tools into their hands first,' and explained that they will continue to work on strengthening cybersecurity with the help of AI.

Anthropic has also stated that for details of this investigation, please refer to the blog of their AI cyber risk assessment team, Frontier Red Team, so those interested should check it out.

LLM ATT&CK Navigator \ red.anthropic.com
https://red.anthropic.com/2026/attack-navigator/



Related Posts:

in AI,   Security, Posted by logu_ii