TL;DR
A Thorsten Meyer AI report, citing Anthropic Frontier Red Team findings, says 832 banned accounts tied to malicious cyber activity were mapped to MITRE ATT&CK from March 2025 to March 2026. The analysis says technique counts no longer separated low-risk from high-risk actors well, while agentic systems around AI models appeared to be a stronger risk signal.
A Thorsten Meyer AI report citing Anthropic Frontier Red Team analysis says 832 accounts banned for malicious cyber activity over the past year were mapped to MITRE ATT&CK, and the results suggest a core cyber-risk shortcut – counting attacker techniques – is losing value as AI tools supply capabilities across skill levels.
The analysis covers accounts banned between March 2025 and March 2026 for malicious cyber activity. It describes the dataset as a detailed window into cases with enough information to map techniques, not a full census of AI-enabled cyber misuse.
According to the report, 67.3% of the accounts, or 560, used AI to help write malware. A smaller share, 6.5%, or 54 accounts, used AI for lateral movement inside networks. The analysis says the share of medium-or-higher-risk actors rose from 33% in the first six months to 56% in the second six months.
The report says technique count did not track danger in the way security teams have often assumed. It cites a comparison in which the least-skilled actors used 16 techniques and the most-skilled actors used 20, a small gap. Platform choice, including Claude Code, API use, or chat use, also did not correlate with risk, according to the source material.
Why It Matters
The finding matters because many security programs rely on frameworks such as MITRE ATT&CK to classify adversary behavior, compare actors, and decide which threats deserve attention. If AI lets less-skilled actors use more advanced techniques, defenders may overvalue visible technique lists and undervalue the systems attackers build around AI models.
The report argues that the stronger signal is no longer only what an attacker knows, but whether the attacker has built scaffolding that lets an AI model chain steps and operate with limited human input. That distinction affects threat scoring, detection priorities, incident response, and policy discussions about model safeguards.
Artificial Intelligence for Cybersecurity: How AI Detects Cyber Threats, Prevents Hacking, and Protects Your Data, Identity, and Smart Devices (AI Cybersecurity Mastery Series)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
For years, threat assessment has often treated the number and complexity of techniques as a proxy for attacker capability. The report says AI weakens that proxy because a model can provide techniques to users who would not otherwise have the skill to perform them.
The analysis also says AI use moved deeper into the attack lifecycle during the year. AI-assisted phishing was reported at 8.6%, while AI for account discovery was reported at 8.9%. The report frames that shift as movement from initial access toward post-compromise activity, where attackers look for accounts, move across systems, or attempt deeper control.
One cited November 2025 espionage operation used 30 techniques across 13 tactics, which by technique count alone looked similar to some medium-risk activity. The report says the same case received the maximum risk score because the model ran as an autonomous agent.
“More techniques stopped meaning more dangerous”
— Thorsten Meyer AI report
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
The source material does not show the full underlying case records, and it describes the 832 accounts as a subset with enough detail to assess. It is unclear how representative the dataset is of all AI-enabled cyber activity, how many real-world victims were affected, or how often AI-driven scaffolding appears outside the accounts reviewed.
The report also states that Anthropic is discussing possible MITRE ATT&CK changes with MITRE, but the source material does not confirm any adopted framework update.
Network Intrusion Detection
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The next issue is whether threat frameworks add clearer language for agentic orchestration and attacker-built AI scaffolding. The report says findings have also fed into safeguards for capable models, including efforts to block malware development and mass data exfiltration, while putting defensive tools ahead through Project Glasswing.
Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What was the actual development?
A report citing Anthropic Frontier Red Team work mapped 832 banned malicious cyber accounts to MITRE ATT&CK and found that traditional technique-count measures did not clearly separate lower-risk from higher-risk actors.
What is confirmed from the source material?
The source material reports the time period, the number of banned accounts, the MITRE ATT&CK mapping, the malware-writing and lateral-movement shares, and the stated rise in medium-or-higher-risk actors. Broader conclusions about how threat assessment should change are attributed to the analysis.
Why does agentic orchestration matter?
The report says the highest-risk activity involved AI systems chaining actions with limited human input. That behavior may be harder to capture in frameworks built around named attacker techniques.
Does this mean MITRE ATT&CK is obsolete?
No. The report argues that the framework may miss an emerging risk signal, not that it has no value. The open question is how taxonomies should describe AI-driven coordination and model scaffolding.
What remains unclear?
It is not yet clear how representative the reviewed accounts are, how often similar systems are used by other attackers, or whether MITRE ATT&CK will add categories for agentic AI behavior.
Source: Thorsten Meyer AI
