‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackers
AI is making it harder to differentiate between high and low-skilled actors
Cyber criminals are using AI to increase the effectiveness of their attacks, according to new research from Anthropic, particularly in the later, more complex stages of their cyber operations.
In a study 832 accounts that were banned by Anthropic for malicious cyber activity between March 2025 and March 2026, the company found that 560 (67%) were using AI to write malware, with 7% using it to assist with lateral movement.
According to the AI firm, across that period attackers’ use of AI shifted from techniques to gain initial access towards actions carried out once they were inside.
For example, the use of AI for account discovery – identifying valid accounts inside a compromised environment – rose by 9%, while AI-assisted phishing fell by about the same amount.
"This suggests that attackers are increasingly applying AI deeper in the attack life cycle," the researchers said.
"These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out. Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors."
Lowering the bar for would-be hackers
Worryingly, Anthropic said that as AI is used to chain together many parts of the attack, it's getting harder to differentiate between high-risk and low-risk actors.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
While the least-skilled actors in the dataset used about 16 distinct techniques on average, the most skilled used about 20 – not an enormous difference.
Similarly, there was no correlation between an actor's risk level and the specific platform used, whether Claude Code, an API, or a chat interface.
What does help distinguish higher-risk actors is where in the attack lifecycle they apply AI.
For example, they concentrate their use of AI on those techniques that require significant time, oversight, or real-time decision-making, such as account discovery, lateral movement, and privilege escalation, rather than just on tasks that allow them to gain initial access to the system.
They also design architectures that allow models to chain together discrete stages of a cyber attack and carry them out with minimal human input.
The researchers warn that the MITRE ATT&CK framework doesn't yet fully capture the tools and activities that make AI-enabled attackers so dangerous – such as using AI to orchestrate steps in the attack chain sequentially, make real-time decisions about what to do next, and execute without human intervention.
"Consider the state-sponsored cyber espionage operation we disrupted in November 2025. In that case, a malicious actor manipulated Claude Code into attempting to infiltrate targets around the world, with little human intervention. Mapping it against the MITRE ATT&CK framework shows that the actor used 30 techniques across 13 tactics, which was comparable to many medium-risk actors in our dataset," the researchers said.
"Clearly, focusing on the number of techniques this actor used underplays how dangerous they really were (by contrast, applying our risk-scoring methodology to this attack earns it the maximum risk score of 100)."
The company's now in talks with MITRE about how the ATT&CK framework might evolve to include the AI-enabled behaviors it's spotted.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Cisco sounds alarm over new Russian malware campaign hitting firms in US and EuropeNews UAT-11795 is weaponizing legitimate software such as WebEx and Zoom to dupe victims
-
Why doesn't more data produce better results?ITPro Podcast Riverbed CIO Fernando Castanheira talks about data and how businesses can use it better
-
1Password teams up with Anthropic to give Claude access to your credentialsNews A new ‘zero-exposure’ security framework allows agents to use stored credentials in the 1Password vault
-
Cyber professionals are flocking to AI tools, but they’re getting tired of fixing mistakes and reviewing outputsNews Cyber pros are spending significantly more time validating AI outputs and deciding when to trust AI-generated recommendations
-
The agents you use to beef up cybersecurity could be turned against you – ‘Friendly Fire’ attacks can manipulate OpenAI and Anthropic models into running malicious codeNews Research shows agents can be fooled into executing malicious code while performing security reviews of third-party software
-
Flaws in some of the most popular AI coding tools left developers wide open to attackNews Malicious repositories can trick advanced AI agents into silently breaking out of their workspace sandboxes
-
'It’s a marker of where extortion tradecraft is heading': Cyber experts say they've identified the first case of ‘agentic ransomware’ – but there’s a catchNews While the JadePuffer ransomware has alarm bells ringing, it still needed a human in the loop
-
Three quarters of firms have halted AI projects over safety and security concerns – and cyber pros think things will deteriorate as models like Claude Mythos improveNews AI has become a leading problem for enterprise security teams, they can't automate their way out of trouble
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
IT teams are bullish on AI tools, but they’re worried security practices can’t keep paceNews Executives and IT teams are at odds over the risks associated with AI adoption