AI Cyber Threats Shift to Post-Compromise Tactics, Study Finds

Artificial intelligence is fundamentally changing how cyberattacks unfold, and the security industry's standard frameworks may no longer capture the most dangerous behaviors, according to new research from Anthropic.

The AI company analyzed 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping their techniques against MITRE ATT&CK, the cybersecurity community's widely used taxonomy of attacker behaviors. The findings reveal a troubling evolution: threat actors are increasingly deploying AI not just for preparatory work like writing malware, but for complex operations deep inside compromised networks.

AI Enables Less-Skilled Attackers to Execute Advanced Techniques

While the majority of malicious accounts—67.3%—used AI to write malware, a significant subset employed the technology for sophisticated post-compromise activities. Anthropic found that 6.5% of actors used AI to assist with lateral movement, the process of navigating through a breached network to reach high-value targets.

The threat landscape deteriorated markedly over the study period. In the first six months, 33% of actors qualified as medium-risk or higher under Anthropic's scoring system. By the second half, that figure jumped to 56%—a 1.7-fold increase that suggests AI is democratizing advanced attack capabilities.

Attackers' use patterns shifted noticeably toward operational techniques. AI-assisted account discovery rose 8.9%, while AI-enabled phishing declined 8.6%. These post-compromise techniques previously required substantial technical expertise, but AI now performs them on behalf of less sophisticated actors.

Traditional Risk Signals Break Down

Security teams have long assessed threat actors based on the number of techniques they employ and the tools they use. Anthropic's data shows these signals are losing predictive value.

The least-skilled actors in the dataset used an average of 16 distinct techniques, while the most skilled used about 20—hardly a meaningful difference. The platform used to access AI models, whether chat interface or API, also failed to correlate with risk level.

What does distinguish higher-risk actors is where in the attack lifecycle they apply AI, particularly their focus on operationally demanding techniques like privilege escalation. More critically, advanced attackers build scaffolding that allows models to chain together discrete attack stages and execute with minimal human oversight.

Security Frameworks Need Updating

Many behaviors that characterize the most dangerous AI-enabled attacks don't appear in the MITRE ATT&CK framework. Anthropic points to a state-sponsored cyber espionage operation it disrupted in November 2025, where an actor manipulated Claude Code to infiltrate targets worldwide with little human intervention.

That attack used 30 techniques across 13 tactics—comparable to medium-risk actors by traditional metrics. Yet the autonomous nature of the operation, with the model executing commands, exploiting vulnerabilities, and making tactical decisions independently, made it far more dangerous than the technique count suggested.

"There is no ATT&CK ID for this type of agentic orchestration—yet these are precisely the behaviors we expect to see much more of as AI agents become more capable," Anthropic noted.

Why it matters

The erosion of traditional risk signals creates a blind spot for security teams at exactly the moment when AI is lowering barriers to sophisticated attacks. Organizations relying on established threat assessment methods may systematically underestimate the danger posed by AI-augmented adversaries. The gap between attacker capabilities and defensive frameworks represents a structural vulnerability that will widen as AI agents become more autonomous.

Anthropic has developed cyber safeguards for its models to detect and block activities like malware development and mass data exfiltration. The company is working with MITRE to evolve the ATT&CK framework to capture AI-enabled behaviors and has shared an interactive visualization of attacker techniques through its Frontier Red Team blog.

The findings were first reported by Anthropic and contributed to Verizon's 2026 Data Breach Investigations Report.