AI-Enabled Cyber Threats: Attackers Are Going Deeper

Illustration of a laptop with a keyhole symbolizing AI-enabled network intrusion. (image credit: Anthropic)

Anthropic: AI-Enabled Attackers Are Going Deeper, and Harder to Detect

Clayton Rifkind June 4, 2026

AI is now running deeper inside attacks with less human direction. The old tools for spotting the most dangerous actors can’t keep up.

Hackers are using AI to penetrate compromised systems more deeply, and chain together attack stages with minimal human input. That combination of deeper access and more autonomy is making the standard signals security teams rely on to identify dangerous actors unreliable. Anthropic published those conclusions in a new report analyzing 832 accounts it banned for malicious cyber activity between March 2025 and March 2026.

AI is lowering the bar for getting in

Until recently, writing malware required real programming skill. AI has changed that. In Anthropic’s dataset, 67% of the 832 banned actors used AI to write malware. That matters because attackers who previously lacked the technical ability to build intrusion tools can now get them from a chatbot.

Once inside, AI is taking them further. AI use for account discovery rose 8.9% over the study period. Account discovery is how hackers map out which accounts exist inside a compromised network to find the credentials and access points they need to move deeper. At the same time, AI-assisted phishing, used to gain initial access, fell 8.6%. Attackers are spending less AI effort getting in and more AI effort going deeper once they’re there.

The result: the share of attackers classified as medium risk or higher jumped from 33% in the first six months of the study to 56% in the second.

Why it’s now harder to tell the dangerous ones from the rest

Security teams traditionally assess risk by counting how many distinct attack techniques an actor uses and what tools they access. Both signals have broken down.

In the dataset, the least-skilled actors averaged about 16 distinct techniques. The most skilled averaged about 20. Four techniques separate the bottom from the top. The platform used (Claude Code, API, or standard chat) also showed no correlation with an actor’s perceived danger.

What separates the highest-risk actors is whether they have built systems that let AI run the attack automatically, chaining together stages such as account discovery, lateral movement, and privilege escalation with minimal human direction at each step. Less-skilled actors are increasingly doing this too, which explains why the proportion of medium-risk-or-higher attackers nearly doubled in a single year.

That type of automated, multi-stage attack has no classification in the MITRE ATT&CK framework, the standard reference security teams use to track how attackers operate. Anthropic says it is in discussions with MITRE about updating the framework and has added safeguards to its most capable models to detect and block activities such as malware development and mass data exfiltration.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.