‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackers
AI is making it harder to differentiate between high and low-skilled actors
Cyber criminals are using AI to increase the effectiveness of their attacks, according to new research from Anthropic, particularly in the later, more complex stages of their cyber operations.
In a study 832 accounts that were banned by Anthropic for malicious cyber activity between March 2025 and March 2026, the company found that 560 (67%) were using AI to write malware, with 7% using it to assist with lateral movement.
According to the AI firm, across that period attackers’ use of AI shifted from techniques to gain initial access towards actions carried out once they were inside.
For example, the use of AI for account discovery – identifying valid accounts inside a compromised environment – rose by 9%, while AI-assisted phishing fell by about the same amount.
"This suggests that attackers are increasingly applying AI deeper in the attack life cycle," the researchers said.
"These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out. Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors."
Lowering the bar for would-be hackers
Worryingly, Anthropic said that as AI is used to chain together many parts of the attack, it's getting harder to differentiate between high-risk and low-risk actors.
While the least-skilled actors in the dataset used about 16 distinct techniques on average, the most skilled used about 20 – not an enormous difference.
Similarly, there was no correlation between an actor's risk level and the specific platform used, whether Claude Code, an API, or a chat interface.
What does help distinguish higher-risk actors is where in the attack lifecycle they apply AI.
For example, they concentrate their use of AI on those techniques that require significant time, oversight, or real-time decision-making, such as account discovery, lateral movement, and privilege escalation, rather than just on tasks that allow them to gain initial access to the system.
They also design architectures that allow models to chain together discrete stages of a cyber attack and carry them out with minimal human input.
The researchers warn that the MITRE ATT&CK framework doesn't yet fully capture the tools and activities that make AI-enabled attackers so dangerous – such as using AI to orchestrate steps in the attack chain sequentially, make real-time decisions about what to do next, and execute without human intervention.
"Consider the state-sponsored cyber espionage operation we disrupted in November 2025. In that case, a malicious actor manipulated Claude Code into attempting to infiltrate targets around the world, with little human intervention. Mapping it against the MITRE ATT&CK framework shows that the actor used 30 techniques across 13 tactics, which was comparable to many medium-risk actors in our dataset," the researchers said.
"Clearly, focusing on the number of techniques this actor used underplays how dangerous they really were (by contrast, applying our risk-scoring methodology to this attack earns it the maximum risk score of 100)."
The company's now in talks with MITRE about how the ATT&CK framework might evolve to include the AI-enabled behaviors it's spotted.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Starburst appoints former Datadog security leader as CISONews Paras Malhotra will oversee the enterprise intelligence vendor’s security strategy amid growing demand for AI and data-driven solutions
-
HMRC continues digital transformation drive with Capgemini AI dealNews The partnership will see greater use of AI and self-service options for taxpayers
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Google says AI is now being used to build zero-days – and we just narrowly avoided a 'mass exploitation event'News Google cyber researchers think they’ve found the first AI-generated zero-day exploit
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
UK firms left in the dark over what workers are sharing with AINews Security teams can’t keep track of what workers are sharing with AI applications, regardless of whether they’re approved or unauthorized
-
AI is now a ‘standard part of the attacker toolkit’News Cyber attacks are increasing in scale, intensity, and velocity thanks to AI, and it’s forcing defenders to react faster than ever before
-
AI agents using Anthropic MCP could be a vector for supply chain attacks, claim researchersNews The flaw in Anthropic’s Model Context Protocol agent communication standard could put millions of agents and 200,000 servers at risk, report says
