Anthropic analysis reveals AI's role in escalating cyber threats

Anthropic released a comprehensive analysis on June 3 covering a full year of AI misuse tied to cyberattacks, spanning March 2025 through March 2026. The headline number: the percentage of medium- or high-risk actors using AI for cyber operations jumped from 33% to 56%, a 1.7x increase that signals a fundamental shift in how threat actors are weaponizing large language models.

What 832 banned accounts tell us

Anthropic’s research team examined 832 accounts that were banned for policy violations connected to malicious cyber activities. Across those accounts, researchers documented 13,873 observed actions and 482 unique techniques, all mapped against the MITRE ATT&CK framework, the industry-standard classification system for adversary tactics.

Malware development remained the most popular use case by a wide margin. Roughly 67% of analyzed actors, about 560 accounts, used AI to help build malicious software.

The growth wasn’t in the basic stuff. It was in the complex techniques. Practices like lateral movement (used by 6.5% of actors) and credential dumping started appearing more frequently as the study period progressed. Attackers aren’t just asking AI to write simple viruses anymore. They’re using it to navigate through networks after initial compromise, steal authentication credentials, and execute multi-step intrusion campaigns that previously required significant human expertise.