Anthropic’s 832-account map shows attacks moving past phishing into operations

The useful cyber signal is no longer just whether a model can draft phishing or malware. It is whether attackers can chain steps after entry. Anthropic posted on June 3, 2026 that it had mapped malicious AI use against MITRE ATT&CK, writing: “We examined 832 malicious accounts.” The underlying report covers accounts banned for malicious cyber activity between March 2025 and March 2026.

“How well do the security community's techniques hold up against AI-enabled cyberattacks?”

Anthropic’s main account regularly carries product, safety, and Frontier Red Team work, so this post is close to a primary research signal rather than outside commentary. The linked analysis says 560 of the 832 accounts, or 67.3%, used AI for attack preparation such as malware writing. The sharper finding is where AI use is moving: 54 accounts, or 6.5%, used it for lateral movement, and the share of actors classified as medium risk or higher rose from 33% in the first six months to 56% in the second.

That shift changes how defenders should read activity. Counting techniques or interfaces is less useful when a model can help lower-skill actors perform tasks that once required deeper expertise. Anthropic says higher-risk actors distinguish themselves by applying AI to operationally demanding stages such as account discovery, lateral movement, privilege escalation, and sequential orchestration with limited human input. Those behaviors are not fully represented as AI-specific attacker techniques in MITRE ATT&CK.

What to watch next is whether threat frameworks and products move as fast as the attackers’ scaffolds. Anthropic says some results informed Verizon’s 2026 DBIR and that it is discussing ATT&CK evolution with MITRE. For security teams, the near-term takeaway is practical: monitor AI-assisted post-compromise behavior, not only prompt categories or malware text generation. Source: Anthropic on X · Anthropic analysis