A new report by Anthropic has revealed that artificial intelligence is rapidly transforming the cybersecurity threat landscape, enabling cybercriminals to execute more sophisticated, autonomous, and difficult-to-detect attacks.

The report examined 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping their behaviour against the MITRE ATT&CK framework, a widely used cybersecurity knowledge base that categorises adversarial tactics and techniques.

According to Anthropic, AI is increasingly being used in the more advanced stages of cyber operations, helping attackers automate complex tasks that traditionally required significant technical expertise.

Researchers found that the most common use of AI among malicious actors involved cyberattack preparation activities such as malware development, accounting for 67.3 per cent of the analysed accounts. However, a growing number of threat actors are now using AI for deeper operational activities, including lateral movement inside compromised networks, privilege escalation, and account discovery.

The analysis also revealed a sharp increase in the number of medium- to high-risk threat actors during the study period. In the first six months, around 33 per cent of actors were categorised as medium risk or above. By the second half of the study, that figure had risen to 56 per cent.

Anthropic noted that attackers are increasingly shifting AI usage away from initial access techniques such as phishing and toward post-compromise operations that require real-time decision-making and network navigation. Researchers observed an 8.9 per cent rise in AI-assisted account discovery activities, while AI-supported phishing declined by 8.6 per cent.

The findings suggest that AI is lowering the technical barrier for cybercriminals, enabling less-skilled actors to carry out advanced attack techniques that were previously limited to highly experienced operators.

The report also highlighted growing challenges in assessing cyber threat levels using traditional security metrics. Historically, security teams have evaluated attackers based on the number of techniques used or the tools deployed during an attack. However, Anthropic researchers found little correlation between attacker sophistication and the number of techniques employed, as AI systems increasingly automate technical tasks on behalf of users.

Instead, the report noted that the most dangerous actors are distinguished by how they structure and orchestrate AI systems to autonomously chain together multiple stages of a cyberattack with minimal human intervention.

Anthropic further argued that existing cybersecurity frameworks such as MITRE ATT&CK do not yet adequately capture the emerging risks posed by AI-enabled autonomous cyber operations.

One example cited in the report involved a state-sponsored cyber espionage campaign disrupted in November 2025, where an AI coding agent autonomously attempted to infiltrate targets globally with limited human oversight. Although the operation mapped to 30 techniques across 13 tactics within the MITRE ATT&CK framework, researchers said the framework failed to fully reflect the operational sophistication and risk posed by the attack.

The report emphasised that AI agents are increasingly capable of executing commands, exploiting vulnerabilities, stealing credentials, and making tactical decisions independently, signalling the emergence of a new generation of agentic cyber threats.

Anthropic said the findings are already informing the development of stronger AI safety safeguards, including mechanisms designed to detect and block activities such as malware creation and mass data exfiltration.

The company also confirmed it is in discussions with MITRE to evolve the ATT&CK framework to better account for AI-enabled attacker behaviours and autonomous cyber operations as generative AI systems continue to advance.

As AI capabilities rapidly evolve, the report warns that both cyber attackers and defenders are entering a new era where automation, autonomy, and intelligent orchestration will play an increasingly central role in digital security.