The world of cybersecurity is rapidly evolving, and the rise of AI-enabled cyber threats is a major concern for security professionals. A recent study, which analyzed 832 accounts banned for malicious cyber activity between March 2025 and March 2026, revealed some alarming insights into the changing nature of cyberattacks.
AI's Role in Enhancing Cyber Threats
One of the key findings was that AI is being used by malicious actors to enhance their capabilities and make them more dangerous. The study found that 67.3% of the accounts studied used AI to write malware, and 6.5% used it for lateral movement within a compromised network. This shift towards more complex, AI-driven techniques is concerning.
The use of AI in cyberattacks is not just about automating tasks; it's about increasing the threat level. In the first six-month period, 33% of actors were classified as medium risk or higher. By the second six-month period, that number had risen to 56%, a significant increase. This trend suggests that AI is enabling attackers to move deeper into the attack lifecycle, making their operations more sophisticated and harder to detect.
The Challenge of Assessing Threat Levels
Traditionally, security teams assess risk by looking at the number of techniques employed and the tools used. However, this approach is becoming less effective as AI takes on more technical tasks. The study revealed that there is little correlation between the skill of a threat actor and the number of techniques they use. Even the platform used, such as Claude Code or a chat interface, did not correlate with risk level.
What is more concerning is that higher-risk actors are focusing their AI efforts on operationally demanding techniques like account discovery, lateral movement, and privilege escalation. These techniques require significant time, oversight, and real-time decision-making, and they are becoming more prevalent among all actors, not just the most skilled ones.
The Limitations of Security Frameworks
The MITRE ATT&CK framework, a widely used database of cyberattack tactics and techniques, is not fully capturing the AI-enabled behaviors of attackers. The study highlighted a case where a state-sponsored cyber espionage operation used AI to infiltrate targets worldwide with minimal human intervention. Despite using 30 techniques across 13 tactics, this attack was comparable to many medium-risk actors in the dataset.
This raises a deeper question: How can security frameworks keep up with the rapid advancements in AI-enabled cyber threats? The current framework may not adequately represent the autonomous and agentic nature of AI-driven attacks, which require minimal human input and can execute complex tasks with precision.
Looking Ahead: Evolving Security Measures
The study's findings have prompted Anthropic, the company behind the research, to take action. They have developed and deployed cyber safeguards on their most capable models to detect and block AI-enabled activities like malware development and mass data exfiltration. Additionally, they are in discussions with MITRE to evolve the ATT&CK framework and include AI-enabled behaviors.
As AI continues to transform the cybersecurity landscape, it is crucial for defenders to stay ahead of the curve. Anthropic's commitment to sharing insights from Project Glasswing and other cybersecurity initiatives is a step in the right direction. By expanding Project Glasswing and raising significant funding, they aim to empower defenders and protect against the ever-evolving tactics of AI-enabled cyber threats.
