Vivold Consulting

Anthropic's threat data shows attackers using AI deeper in the kill chain - and breaking the old risk playbook

Key Insights

Anthropic analyzed 832 accounts banned for malicious cyber activity (March 2025-March 2026), mapping them to the MITRE ATT&CK framework. The data shows attackers increasingly using AI in later, more complex attack stages, with the share rated medium-risk-or-higher jumping from 33% to 56% across the year. Anthropic argues the traditional ways of gauging an attacker's threat level no longer hold, and is in talks with MITRE about updating the framework for agentic, AI-driven attacks.

Stay Updated

Get the latest insights delivered to your inbox

AI is moving attackers up the skill ladder - fast

Anthropic dug into 832 accounts it banned for malicious cyber activity over a year and mapped their behavior onto MITRE ATT&CK, the security industry's standard catalog of attacker tactics. Some findings were published in Verizon's 2026 Data Breach Investigations Report; here's the sharper, more detailed version.

Attackers are using AI for the hard parts now

Most malicious use is still mundane prep work - 67% of the studied accounts used AI to write malware or otherwise get ready. But the worrying shift is toward complex, post-compromise activity that used to require real expertise:

- AI-assisted account discovery (finding valid accounts inside a breached network) rose 8.9%.
- AI-assisted phishing, a classic way in, fell 8.6%.
- The takeaway: attackers are pushing AI deeper into the attack lifecycle, doing operationally demanding work that once gated out less-skilled actors.

And the population is getting more dangerous in aggregate. In the first half of the study, 33% of actors scored medium-risk or higher; by the second half, that was 56% - a roughly 1.7x jump.

The old risk signals are breaking

Security teams have long gauged an attacker's threat by how many techniques they use and what tools they touch. Anthropic's data says those signals are losing meaning:

- The least-skilled actors used about 16 distinct techniques on average; the most skilled, about 20 - barely a gap.
- The platform used - Claude Code, an API, or a chat interface - didn't correlate with risk either.

What still distinguishes the dangerous actors is where they apply AI and, more durably, the scaffolding they build: architectures that let a model chain together discrete attack stages and run them with minimal human input.

Why the frameworks need to catch up

This is the crux. Many behaviors that mark the highest-risk actors - orchestrating attack steps autonomously, making real-time decisions, executing without a human - simply aren't represented as techniques in MITRE ATT&CK yet. Anthropic points to a state-sponsored espionage operation it disrupted in November 2025, where Claude Code was manipulated into attacking targets with little human intervention. By technique count it looked merely medium-risk; by Anthropic's own risk scoring it maxed out at 100.

What Anthropic is doing about it

The findings feed directly into the cyber safeguards on its frontier models - detecting and blocking things like malware development and mass data exfiltration. Following the Verizon work, it's now in discussions with MITRE about evolving ATT&CK to capture agentic, AI-orchestrated attacks. The throughline of Anthropic's cyber posture stays consistent: put the strongest tools in defenders' hands first, because cheap, capable offensive AI is coming whether the industry is ready or not.

Related Articles

L'Oreal's OpenAI deal puts Maybelline try-on, product discovery, and ChatGPT ads in play

L'Oreal has announced a wide-ranging collaboration with OpenAI, unveiled at VivaTech 2026, that brings Maybelline's virtual makeup try-on directly into ChatGPT via L'Oreal's ModiFace AR technology. The deal spans consumer shopping tools, product discovery for brands like Lancome and Kerastase, advertising pilots (SkinCeuticals, CeraVe, Garnier), and R&D - including using OpenAI's GPT-Rosalind life-sciences model for skin-microbiome research. It lands as OpenAI reports ChatGPT at more than 900 million weekly users.

Sakana's Fugu delivers multi-agent frontier performance through one API - and pitches it as an export-control hedge

Sakana AI has launched Fugu and Fugu Ultra, a multi-agent orchestration system delivered as a single foundation model - Fugu is itself an LLM trained to route tasks across a swappable pool of the world's best models (and recursively to itself) via one OpenAI-compatible API. Sakana says Fugu Ultra matches frontier models like Anthropic's Fable 5 and Mythos Preview on demanding engineering, science, and reasoning benchmarks, while pitching the approach as an AI-sovereignty hedge: if one provider's access disappears, as with Anthropic's recently export-controlled models, Fugu reroutes around it. It is generally available today through subscription and pay-as-you-go tiers.

HSBC's multi-year Google Cloud deal targets 200+ AI use cases, some worth $100M+ each

HSBC has signed a multi-year partnership with Google Cloud to build and deploy AI across wealth management, financial-crime risk, and internal decision support, using Gemini models and the Gemini Enterprise Agent Platform. The bank expects more than 200 AI use cases over two years, with selected ones each potentially returning over US$100 million. It builds on a deep existing base - 600-plus AI use cases and a Google-built financial-crime system screening 1.2 billion transactions a month.