AI Cyber Threats are more sophisticated.

Written By Ed Pike

The work of Cyber teams in protecting their organisations has got harder in a world of AI.

Between March 2025 and March 2026 Anthropic identified 832 AI-linked cyber threat accounts and found a sharp rise in AI-enabled attack sophistication, increasing autonomy, and a critical gap: the widely used MITRE ATT&CK framework doesn’t fully capture how AI attacks now work.

By mapping real-world attacker behaviour onto MITRE ATT&CK, Anthropic showed that AI isn’t just helping hackers get in it is helping them operate once inside.

67% used AI to build malware, while a growing share used it for deeper, harder tasks like lateral movement and internal discovery. Meanwhile, medium-risk-or-higher attackers jumped from 33% to 56% in just six months.

Cybersecurity has relied on frameworks like MITRE ATT&CK for decades to classify threats. But those frameworks assume humans driving tools. AI flips that.

Attackers can now chain tasks, automate decisions, and operate like coordinated systems blurring the line between “low-skill” and “advanced” actors. The taxonomy for threats is lagging the technology.

WHY IT MATTERS

AI collapses expertise barriers, meaning insider risk, social engineering, and operational misuse scale fast. Capability is no longer a function of skill, it’s a function of access.

The behavioural question shifts from who is skilled enough to do harm? to who has access and intent? A radically different design problem.

WHAT TO WATCH FOR

  • Signals of “agentic attacks”: autonomous task chaining

  • AI-driven decision loops, and activity deep inside systems rather than at entry points.

  • Shrinking skill gaps, when junior actors suddenly exhibit advanced behaviours, you’re likely seeing AI in the loop.

  • New frameworks emerging to plug the classification gap.

WHY YOU SHOULD BE SUSPICIOUS

This is self-reported, partial data, of just 832 accounts where Anthropic had enough visibility. It relies on a limited population, limited transparency, and heavy reliance on internal risk scoring. The same company building these tools is defining the threat landscape, with the risk of vested interests.

SOURCE

https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack

Ed Pike
Previous

When your support bot becomes too helpful
Next

The war for talent