Back

AI-Driven Cyber Threats Rise as Attackers Leverage New Techniques

Severity: High (Score: 66.5)

Sources: Resultsense, Feeds2.Feedburner

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: march, anthropic, cyber, published, analysis, accounts, banned

Summary

Anthropic's year-long analysis reveals that 67.3% of 832 banned accounts utilized AI to assist in cyber attacks between March 2025 and March 2026. The findings indicate a shift in attack methods from initial access to deeper activities within compromised systems, with account discovery techniques increasing by 8.9%. The report highlights that the average number of techniques used by less skilled actors has risen, making it difficult to differentiate threat levels based solely on volume. The analysis is part of a broader effort to update the MITRE ATT&CK framework to reflect these evolving tactics. As regulatory bodies like the ECB and US authorities respond, security teams are advised to focus on the orchestration of attacks rather than just the tools employed. This shift underscores the growing sophistication of cyber threats enabled by AI. Key Points: • 67.3% of banned accounts used AI for cyber attacks, indicating a significant trend. • Attack methods are shifting from initial access to deeper system activities. • Regulatory bodies are responding with new guidelines for enhanced cybersecurity measures.

Detailed Analysis

**Impact** The analysis covers 832 banned accounts involved in AI-enabled cyber threats between March 2025 and March 2026. Attackers across multiple sectors, including euro-area banks targeted by regulatory advisories, are affected. The use of AI has increased the operational capabilities of low-skilled actors, resulting in a rise in medium or higher-risk actors from one-third to over half within a year. This shift expands the scope of damage by enabling more sophisticated attacks on compromised systems, putting sensitive data and operational continuity at increased risk. **Technical Details** Attackers leveraged AI primarily for post-compromise activities such as account discovery and lateral movement, with AI-assisted phishing declining by 8.6% and account discovery rising by 8.9%. AI-generated malware and attack preparation were present in 67.3% of cases. The attack lifecycle is increasingly automated through agentic orchestration, exemplified by the Claude Code operation with minimal human input. The behaviors are being mapped to the MITRE ATT&CK framework, though no specific CVEs, malware names, or IOCs were disclosed. **Recommended Response** Defenders should prioritize monitoring for agentic orchestration behaviors and automated chaining of attack steps within networks. Euro-area financial institutions should prepare for regulatory guidance to harden defenses, while US entities should consider voluntary AI cyber-testing programs. Updating detection rules to identify AI-driven lateral movement and account discovery techniques is critical. No specific patches or IOCs were provided; therefore, continuous threat intelligence updates and collaboration with MITRE on new ATT&CK entries are advised.

Source articles (2)

  • Anthropic maps AI-enabled cyber threats to MITRE ATT&CK — Resultsense · 2026-06-04
    Anthropic has published a year-long analysis of how attackers actually use AI, drawn from accounts it banned between March 2025 and March 2026. The headline finding is uncomfortable for defenders: tec…
  • AI is helping low — Feeds2.Feedburner · 2026-06-05
    Anthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026. The company mappe…

Timeline

  • 2025-03-01 — AI misuse accounts banned: Anthropic banned 832 accounts for malicious cyber activity, marking a significant increase in AI-assisted attacks.
  • 2026-06-04 — Anthropic report published: Anthropic released a report detailing AI's role in cyber threats, revealing a shift in attack techniques.
  • 2026-06-05 — Regulatory response initiated: The ECB and US authorities began implementing new cybersecurity guidelines in response to rising AI threats.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • T1087 - Account Discovery (Mitre Attack)
  • Claude Code (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed