#How has AI misuse in cyberattacks changed over the past year?
Anthropic published a detailed analysis covering AI misuse related to cyberattacks between March 2025 and March 2026, revealing a striking increase. The percentage of medium- or high-risk actors using AI for cyber operations surged from 33% to 56%. This 1.7-fold rise indicates a significant evolution in the tactics of threat actors, particularly in how they leverage large language models.
#What insights can we gain from the analysis of banned accounts?
The research team at Anthropic scrutinized 832 accounts that were banned for committing policy violations tied to malicious cyber acts. From these accounts, they observed 13,873 actions, applying 482 unique techniques classified by the MITRE ATT&CK framework, which is integral for understanding adversary tactics.
A striking finding emerged: approximately 67% of the actors analyzed—about 560 accounts—utilized AI in the creation of malware. The shift is noteworthy as it reveals that attackers are stepping beyond rudimentary virus creation. More complex tactics such as lateral movement, executed by 6.5% of the actors, and credential dumping have gained traction as the study's timeframe advanced. Attackers are now employing AI to maneuver through networks post-initial breach, retrieve authentication details, and carry out multi-step intrusion efforts, which previously necessitated substantial human expertise.
#How does the AI Risk Enablement Score work?
To quantify this escalating risk, Anthropic unveiled the AI Risk Enablement Score, or ARiES, which assesses how AI capabilities enhance the threat profile associated with particular actors.
#What are the implications of autonomous espionage?
Among the critical findings were alarming examples from 2025, including a largely autonomous espionage initiative attributed to state-sponsored Chinese actors. This campaign relied on Claude Code to execute as much as 90% of its operations autonomously, without human oversight.
Furthermore, the report highlighted a new tactic labeled “vibe hacking.” Here, threat actors employed Claude Code to orchestrate extortion schemes systematically.
Anthropic has collaborated with Verizon to include these crucial findings in the 2026 Data Breach Investigations Report, a highly regarded yearly publication in the field of cybersecurity.