Anthropic: AI is arming low-skill hackers with expert tactics

TL;DR:

• Anthropic examined 832 accounts banned for malicious activity over a year and mapped them to MITRE ATT&CK, the standard catalogue of attacker techniques.
• Two-thirds used AI to prepare attacks such as writing malware; the share of medium-or-higher-risk actors jumped from 33% to 56% across the year.
• The firm argues traditional risk signals no longer work and that ATT&CK lacks categories for autonomous “agentic” attacks.

Anthropic has published a year-long analysis of how attackers actually use AI, drawn from accounts it banned between March 2025 and March 2026. The headline finding is uncomfortable for defenders: techniques that once required deep expertise — lateral movement, privilege escalation, account discovery — can now be carried out by AI on behalf of far less capable actors.

What the data shows

Of the 832 cases, 67.3% used AI to write malware or otherwise prepare an attack. More telling was the shift over time. AI use moved away from gaining initial access (AI-assisted phishing fell 8.6%) and towards activity inside compromised systems (account discovery rose 8.9%), suggesting attackers are pushing AI deeper into the attack lifecycle. The proportion of actors rated medium risk or higher rose from a third to well over half in twelve months.

Crucially, the old shortcuts for gauging a threat no longer hold. The least-skilled actors used roughly 16 distinct techniques on average; the most skilled, about 20 — too close to separate them by volume. Anthropic says the real differentiator is the “scaffolding” attackers build to chain steps together autonomously, citing the state-sponsored operation it disrupted in November 2025 where Claude Code acted as an agent with minimal human input.

Looking forward

The report, partly published in Verizon’s 2026 Data Breach Investigations Report, lands as regulators move on exactly this risk. The ECB is preparing a “dear CEO letter” pressing euro-area banks to harden defences, and the US has ordered voluntary AI cyber-testing. For UK security teams, the practical lesson is that agentic orchestration — not headcount or tool choice — is becoming the signal to watch. Anthropic says it is in talks with MITRE about adding these behaviours to ATT&CK, a tacit admission that the defender’s playbook is lagging the threat.