📊 Full opportunity report: The Frameworks Can’t See the Thing That Matters: A Year of AI-Enabled Cyber Threats on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

TL;DR

A year-long analysis shows AI is making cyber attackers more dangerous and harder to identify using traditional methods. Attackers now perform complex tasks with less skill, challenging old threat models. The report highlights a shift toward deeper, AI-assisted malicious activity.

A new analysis from Anthropic has found that AI is fundamentally changing the landscape of cyber threats, rendering traditional threat assessment metrics ineffective. The report examines 832 malicious accounts banned over a year and concludes that AI enables less skilled actors to perform complex, high-risk activities, challenging longstanding assumptions about attacker capability.

Anthropic’s report analyzed 832 accounts involved in malicious cyber activity from March 2025 to March 2026, mapping their techniques onto the MITRE ATT&CK framework. The findings show that AI is increasingly used to automate attack preparation, such as malware creation, accounting for 67.3% of cases. More notably, AI is now assisting with advanced operations like lateral movement within networks, which saw a 70% increase over the year.

One of the key insights is that the use of AI shifted from initial access techniques, like phishing, to post-compromise activities. This indicates that attackers are leveraging AI to deepen their infiltration and maintain persistence, making attacks more dangerous and sophisticated. The trend suggests AI is democratizing access to high-level attack capabilities, previously limited to highly skilled hackers.

Furthermore, the report finds that traditional indicators of threat level—such as the number of techniques used or the tools employed—no longer reliably distinguish high-risk actors. Even less skilled actors are now using nearly as many techniques as experts, thanks to AI assistance. The only consistent threat indicator appears to be the focus on operationally demanding techniques, but even this is becoming less reliable as more actors adopt AI for these tasks.

The frameworks can’t see the thing that matters — ThorstenMeyerAI.com

ThorstenMeyerAI.com

AI & Security · Field Note

AI-enabled cyber threats · a year mapped

The frameworks can’t see the thing that matters

For decades, danger meant which techniques an attacker commands. A year of real AI-enabled attacks — 832 banned accounts mapped onto MITRE ATT&CK — shows that signal breaking, just as a new, harder-to-see one takes over.

Anthropic Frontier Red Team · Mar 2025–Mar 2026 · 832 accounts · via Verizon DBIR

01The dataset

A year of real misuse, mapped to the standard taxonomy

A window, not a census — these are the cases with enough detail to assess techniques thoroughly. Inside it, the risk level climbed fast.

WHAT WAS STUDIED

832 accounts

Banned for malicious cyber activity, Mar 2025–Mar 2026, mapped onto MITRE ATT&CK. The most common AI use was prep — 67.3% (560) used AI to help write malware; 6.5% (54) for lateral movement deep inside networks.

THE RISK CLIMB · MEDIUM-OR-HIGHER ACTORS

First 6 months33%

33%

Second 6 months56%

56%

≈ 1.7× increase in a single year

02The measurement breaks · press play

Python Scripting for Cybersecurity: Linux Edition: Volume 2 – Log Analysis, Network Visibility, and Threat Detection with Hands-On Python Projects

As an affiliate, we earn on qualifying purchases.

“More techniques” stopped meaning “more dangerous”

The old heuristic: count the techniques, judge the tooling. AI dissolved it — because the model supplies the techniques either way. Watch the old signal fail, then watch what it misses.

Risk score vs. technique count

Two ways to read the same attacker. One is going blind. Press play.

the old signalSkill ≈ number of techniques?

Least-skilled

Most-skilled

16 vs. 20. A novice and an expert now look almost alike by technique-count — and the platform (Claude Code / API / chat) didn’t correlate with risk either.

what it missesThe Nov 2025 espionage operation

by technique count

techniques · 13 tactics

Looks like many medium-risk actors. Unremarkable.

by risk-scoring methodology

100

max risk score

The model ran as an autonomous agent — same case.

The most dangerous attribute of the year’s most dangerous attack is taxonomically invisible. ⌁ there is no MITRE ATT&CK ID for agentic orchestration

03Where the AI moved

OSINT 2.0: AI-Powered Open-Source Intelligence for Beginners (OSINT 2.0 — Artificial Intelligence for Open-Source Intelligence and Cyber Investigations Book 1)

As an affiliate, we earn on qualifying purchases.

Deeper into the attack — and into less-skilled hands

Across the year, AI use drifted from getting in toward acting once already inside — the operationally demanding stages that used to require an expert.

The attack lifecycle · where AI is now applied

The center of gravity moved right — toward post-compromise work.

Initial access

phishing, getting in

Account discovery

finding valid accounts

Lateral movement

navigating the network

Privilege escalation

deeper control

↓ 8.6%

AI-assisted phishing

A classic way to gain access — falling.

↑ 8.9%

AI for account discovery

Post-compromise work — rising.

The crack in the old model: post-compromise techniques used to be restricted to actors skilled enough to perform them. AI can now perform them on behalf of less sophisticated actors — the dangerous deep stages are no longer self-limiting.

04What actually predicts danger now

Network Intrusion Detection

As an affiliate, we earn on qualifying purchases.

From “what they know” to “what they’ve built”

The report sorts the signals into three tiers — one dead, one fading, one durable.

🔢

Technique count & tooling

16 vs. 20 between novice and expert; platform doesn’t correlate. The model supplies the techniques either way.

dead signal

📍

Where in the lifecycle AI is applied

Concentrating on operationally demanding, post-compromise stages is a better signal — but it’s eroding as the whole population heads there.

fading signal

🏗️

The scaffolding around the model

Architectures that let the model chain stages and run with minimal human input. Not what they know — whether they’ve built a system that lets AI run the attack.

durable signal

05What follows · read straight

Threat Intelligence & Incident Response Handbook: Detect, Investigate, and Contain Cyber Attacks Using Modern SOC Analysis, Threat Hunting, and Security Monitoring Techniques

As an affiliate, we earn on qualifying purchases.

Fixing the map before the territory moves again

A taxonomy that can’t name the most dangerous behavior on the field will quietly mislead the people relying on it. The response runs in two directions.

🛡️ defensively

Fed back into the models

The findings informed safeguards on the most capable models, built to detect & block some of what was observed:

Blocking malware development
Blocking mass data exfiltration
Putting tools in defenders’ hands first (Project Glasswing)

🧭 institutionally

Taking it to the source

Following the Verizon work, Anthropic says it’s in discussions with MITRE about how ATT&CK might evolve:

A vocabulary for agentic orchestration
Naming the scaffolding that makes a model an operator
An interactive technique visualization on the Red blog

Reading it in proportion

The 832 cases are a detailed subset, not the full population — the precise percentages are directional, not definitive.
“More autonomous” is not “fully autonomous” — even the standout case needed human input at key moments, which is itself a place for defenders to intervene.
This is one vendor’s window — the company with visibility into misuse of its own model, publishing what it found. The right thing to do with the data, and worth remembering as you read it.

ThorstenMeyerAI.com

Source: Anthropic, “What we learned mapping a year’s worth of AI-enabled cyber threats” (Jun 3, 2026) · Frontier Red Team · Verizon 2026 DBIR · figures per the report · independent commentary · findings only, no operational detail.

AI’s Role in Reshaping Cyber Threat Assessment

This analysis reveals that the longstanding framework for evaluating cyber threat levels—based on the number of techniques and tools—no longer holds in 2026. AI’s ability to automate complex tasks means that even less experienced actors can execute sophisticated attacks, increasing overall risk. This shift complicates defense strategies, as traditional methods for identifying dangerous actors are becoming ineffective, highlighting the need for new detection approaches that account for AI-enabled capabilities.

Evolution of Cyberattack Techniques and AI Integration

For decades, cybersecurity professionals relied on the premise that more techniques and advanced tools indicated higher threat levels. The MITRE ATT&CK framework has been a standard for categorizing attack methods. However, recent developments show attackers increasingly leverage AI to automate and enhance their activities. The rise of AI-assisted malware creation, lateral movement, and account discovery marks a significant departure from prior patterns, with a notable acceleration over the past year.

Previous threat assessments focused on technical sophistication and diversity of techniques. Now, AI’s role in automating these techniques blurs the lines between novice and expert attackers, undermining the traditional metrics used to gauge threat severity. This evolution underscores the importance of understanding AI’s influence on attack complexity and risk.

“The data shows that AI is not just a force multiplier but a game-changer in cyberattack capabilities, making the old threat models obsolete.”
— Thorsten Meyer, AI security researcher

Unclear Impact of Evolving Threat Detection Methods

It remains uncertain how cybersecurity defenses will adapt to this new landscape. While the report underscores the limitations of traditional threat indicators, it is not yet clear what new metrics or detection strategies will effectively identify AI-enabled threats. The long-term effectiveness of current defensive frameworks in this context is still under assessment.

Developing New Strategies for AI-Driven Threats

Cybersecurity professionals and organizations are expected to focus on developing novel detection approaches that incorporate behavioral analysis and AI-specific indicators. Further research and collaboration will be necessary to understand how to counteract AI-assisted attacks effectively. Monitoring trends and updating threat models will be crucial as attackers continue to refine their AI capabilities.

Key Questions

How is AI changing the way cyberattackers operate?

AI automates complex tasks like malware creation and lateral movement, allowing less skilled actors to perform high-risk activities that previously required expertise.

Why can’t traditional threat assessment methods detect these AI-enabled attacks?

Because AI reduces the correlation between the number of techniques used and the threat level, making it harder to distinguish between high- and low-risk actors based on technique diversity or tools alone.

What are the implications for cybersecurity defenses?

Defenses will need to evolve to include behavioral analysis and AI-specific detection methods, as traditional metrics become unreliable in identifying dangerous actors.

Are all attackers using AI for malicious purposes?

While AI is increasingly used by malicious actors, the extent varies; the report indicates a significant shift but does not suggest all attackers rely on AI.

What should organizations do to prepare for AI-enabled cyber threats?

Organizations should invest in advanced detection systems, update threat models regularly, and foster collaboration among cybersecurity experts to stay ahead of evolving attack techniques.

Source: ThorstenMeyerAI.com