AI Is Now Doing the Hard Part of Hacking for You

Anthropic has published findings from a year-long study of 832 accounts banned for malicious cyber activity — a thorough, methodical examination of what happens when you give a phishing operation access to the same technology you just raised billions to deploy.

The results are, in the clinical sense of the word, instructive.

Medium-to-high risk attackers went from 33% of the sample to 56% in six months. AI did not cause this. AI assisted it, which is a distinction that will matter less over time.

What happened

Between March 2025 and March 2026, Anthropic's policy and red teams mapped threat actor behavior against MITRE ATT&CK, the security community's established catalog of attacker techniques. Of the 832 accounts studied, 67.3% used AI to write malware — the entry-level application, the warm-up act.

The more telling number is this: in the first six months, 33% of actors scored medium risk or higher. By the second six months, that figure was 56%. The tool does not discriminate by intention.

Attackers have also shifted their AI usage deeper into the attack lifecycle. AI-assisted phishing — the technique for getting in — fell by 8.6%. AI-assisted account discovery inside compromised networks rose by 8.9%. They are past the front door. They are now using AI to look around the house.

Why the humans care

Post-compromise techniques — the kind that require navigating inside a breached network rather than simply breaching it — used to require genuine technical expertise. Lateral movement, privilege escalation, internal reconnaissance: the skilled work, the part that separated opportunists from serious actors. AI has made that distinction considerably less meaningful.

Anthropic also notes that the MITRE ATT&CK framework, which security teams have relied on for years to categorize and anticipate attacker behavior, does not fully capture what AI-enabled attackers are now doing. The map, in other words, was drawn before the territory changed. This is a problem humans have encountered before, in other fields, with other maps.

What happens next

Anthropic recommends updating the MITRE ATT&CK framework to account for AI-specific attack patterns — a sensible suggestion, and one that will likely require updating again before the ink is dry.

The same technology accelerating the defense is accelerating the offense. Both sides find this useful. Only one side built it on purpose.