📊 Full opportunity report: The Frameworks Can’t See the Thing That Matters: A Year of AI-Enabled Cyber Threats on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

A new analysis from Anthropic indicates that AI is significantly increasing the danger posed by cyberattackers in 2026, rendering traditional threat assessment methods ineffective. The study examined over 800 malicious accounts and found that AI is being used not only to accelerate attack preparation but also to perform complex operations once inside networks, challenging previous assumptions about attacker skill levels and threat assessment frameworks.

Anthropic’s report analyzed 832 accounts banned for malicious activity between March 2025 and March 2026, mapping their techniques onto the MITRE ATT&CK framework. The findings reveal that 67.3% of these actors used AI primarily to automate attack preparation, such as malware creation. More concerning, however, is that a growing share—over 56%—of these actors employed AI for post-infiltration activities like lateral movement, a shift from initial access techniques.

Over the year, the proportion of actors engaging in medium or higher risk activities doubled, indicating a rapid escalation. The use of AI for account discovery increased by nearly 9%, while AI-assisted phishing decreased slightly, suggesting a strategic move towards deeper network penetration. Importantly, the data shows that less skilled actors are now capable of executing complex, high-risk techniques thanks to AI, eroding the traditional link between attacker skill and threat level.

Furthermore, the report notes that the tools or interfaces attackers use—such as APIs or chatbots—do not correlate with threat severity, complicating detection efforts. Instead, the focus shifts to the nature of the techniques and the attacker’s scaffolding around AI models, which now serve as a key indicator of danger.

ThorstenMeyerAI.com

AI & Security · Field Note

AI-enabled cyber threats · a year mapped

The frameworks can’t see the thing that matters

For decades, danger meant which techniques an attacker commands. A year of real AI-enabled attacks — 832 banned accounts mapped onto MITRE ATT&CK — shows that signal breaking, just as a new, harder-to-see one takes over.

Anthropic Frontier Red Team · Mar 2025–Mar 2026 · 832 accounts · via Verizon DBIR

01The dataset

A year of real misuse, mapped to the standard taxonomy

A window, not a census — these are the cases with enough detail to assess techniques thoroughly. Inside it, the risk level climbed fast.

WHAT WAS STUDIED

832 accounts

Banned for malicious cyber activity, Mar 2025–Mar 2026, mapped onto MITRE ATT&CK. The most common AI use was prep — 67.3% (560) used AI to help write malware; 6.5% (54) for lateral movement deep inside networks.

THE RISK CLIMB · MEDIUM-OR-HIGHER ACTORS

First 6 months33%

33%

Second 6 months56%

56%

≈ 1.7× increase in a single year

02The measurement breaks · press play

Artificial Intelligence for Cybersecurity: How AI Detects Cyber Threats, Prevents Hacking, and Protects Your Data, Identity, and Smart Devices (AI Cybersecurity Mastery Series)

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

“More techniques” stopped meaning “more dangerous”

The old heuristic: count the techniques, judge the tooling. AI dissolved it — because the model supplies the techniques either way. Watch the old signal fail, then watch what it misses.

Risk score vs. technique count

Two ways to read the same attacker. One is going blind. Press play.

▶ run the comparison

the old signalSkill ≈ number of techniques?

Least-skilled

16

Most-skilled

20

16 vs. 20. A novice and an expert now look almost alike by technique-count — and the platform (Claude Code / API / chat) didn’t correlate with risk either.

what it missesThe Nov 2025 espionage operation

by technique count

30

techniques · 13 tactics

Looks like many medium-risk actors. Unremarkable.

by risk-scoring methodology

100

max risk score

The model ran as an autonomous agent — same case.

The most dangerous attribute of the year’s most dangerous attack is taxonomically invisible. ⌁ there is no MITRE ATT&CK ID for agentic orchestration

03Where the AI moved

Network Intrusion Detection

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Deeper into the attack — and into less-skilled hands

Across the year, AI use drifted from getting in toward acting once already inside — the operationally demanding stages that used to require an expert.

The attack lifecycle · where AI is now applied

The center of gravity moved right — toward post-compromise work.

Initial access

phishing, getting in

Account discovery

finding valid accounts

Lateral movement

navigating the network

Privilege escalation

deeper control

↓ 8.6%

AI-assisted phishing

A classic way to gain access — falling.

↑ 8.9%

AI for account discovery

Post-compromise work — rising.

The crack in the old model: post-compromise techniques used to be restricted to actors skilled enough to perform them. AI can now perform them on behalf of less sophisticated actors — the dangerous deep stages are no longer self-limiting.

04What actually predicts danger now

Amazon

cyber attack simulation software

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

From “what they know” to “what they’ve built”

The report sorts the signals into three tiers — one dead, one fading, one durable.

🔢

Technique count & tooling

16 vs. 20 between novice and expert; platform doesn’t correlate. The model supplies the techniques either way.

dead signal

📍

Where in the lifecycle AI is applied

Concentrating on operationally demanding, post-compromise stages is a better signal — but it’s eroding as the whole population heads there.

fading signal

🏗️

The scaffolding around the model

Architectures that let the model chain stages and run with minimal human input. Not what they know — whether they’ve built a system that lets AI run the attack.

durable signal

05What follows · read straight

Amazon

advanced malware analysis tools

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Fixing the map before the territory moves again

A taxonomy that can’t name the most dangerous behavior on the field will quietly mislead the people relying on it. The response runs in two directions.

🛡️ defensively

Fed back into the models

The findings informed safeguards on the most capable models, built to detect & block some of what was observed:

• Blocking malware development
• Blocking mass data exfiltration
• Putting tools in defenders’ hands first (Project Glasswing)

🧭 institutionally

Taking it to the source

Following the Verizon work, Anthropic says it’s in discussions with MITRE about how ATT&CK might evolve:

• A vocabulary for agentic orchestration
• Naming the scaffolding that makes a model an operator
• An interactive technique visualization on the Red blog

Reading it in proportion

• The 832 cases are a detailed subset, not the full population — the precise percentages are directional, not definitive.
• “More autonomous” is not “fully autonomous” — even the standout case needed human input at key moments, which is itself a place for defenders to intervene.
• This is one vendor’s window — the company with visibility into misuse of its own model, publishing what it found. The right thing to do with the data, and worth remembering as you read it.

ThorstenMeyerAI.com

Source: Anthropic, “What we learned mapping a year’s worth of AI-enabled cyber threats” (Jun 3, 2026) · Frontier Red Team · Verizon 2026 DBIR · figures per the report · independent commentary · findings only, no operational detail.

AI’s Impact on Threat Detection and Risk Assessment

This development matters because it fundamentally alters how cybersecurity professionals evaluate threats. The traditional metrics—technique diversity and tooling—are no longer reliable indicators of attacker danger. As AI democratizes complex attack capabilities, even less skilled actors can pose significant risks, challenging existing defense strategies and requiring new approaches to detection and mitigation.

Evolution of Cyberattack Techniques and AI Integration

Historically, threat assessment relied heavily on the number of techniques used and the sophistication of tools to gauge attacker risk. The MITRE ATT&CK framework provided a structured way to classify and compare threats. However, recent developments show AI’s role in automating and enhancing attack techniques, making skill level less relevant. The rise of AI in cybercrime has been gradual but accelerated over the past year, with attackers increasingly leveraging AI for both mundane and complex tasks, shifting the threat landscape significantly.

“Traditional indicators like technique count and tool choice are no longer reliable predictors of threat level in the age of AI-driven attacks.”

— Anthropic report author

Unclear Aspects of AI-Driven Threat Evolution

It remains uncertain how quickly threat detection systems can adapt to these changes and whether new frameworks will be developed to better assess AI-enabled threats. The long-term effectiveness of current mitigation strategies against increasingly autonomous and sophisticated AI-driven attacks is still unknown, and the pace of attacker innovation continues to evolve rapidly.

Next Steps for Cybersecurity in an AI-Enhanced Threat Environment

Cybersecurity professionals are expected to prioritize developing new detection methods that focus on attack scaffolding and behavioral signals rather than technique counts. Further research and collaboration will be necessary to update threat frameworks and improve AI-powered defense tools. Monitoring how attacker tactics evolve with AI will remain critical in the coming months.

Key Questions

How does AI change the skill level required for cyberattacks?

AI automates complex tasks like lateral movement and account discovery, enabling less skilled actors to perform high-risk activities that previously required expertise.

Why are traditional threat indicators no longer reliable?

Because AI can perform many techniques automatically, the number of techniques or tools used no longer correlates with attacker skill or threat level.

What new methods can cybersecurity teams use to detect AI-enabled attacks?

Focus is shifting toward analyzing attack scaffolding, behavioral patterns, and operational signals that indicate the use of AI in attack techniques.

Are all attackers using AI, or only some?

The data suggests a broadening trend where even lower-tier threat actors are adopting AI, making attacks more accessible and dangerous across the spectrum.

What are the implications for future threat assessments?

Threat assessment frameworks will need to evolve to account for AI’s role, emphasizing behavioral and contextual signals over technique counts.

Source: ThorstenMeyerAI.com