📊 Full opportunity report: The Frameworks Can’t See the Thing That Matters: A Year of AI-Enabled Cyber Threats on ThorstenMeyerAI.com — validation score, market gap, and execution plan.
TL;DR
A year-long analysis shows AI is increasingly used by cyber attackers to automate complex tasks, blurring traditional distinctions of threat levels. This shift challenges existing threat assessment frameworks and raises new security risks.
Recent research from Anthropic reveals that AI is enabling cyber attackers to perform more sophisticated and operationally demanding tasks, rendering traditional threat assessment methods ineffective. The report analyzes 832 banned accounts involved in malicious cyber activity over a year, showing how AI use has shifted threat profiles and risk indicators.
The analysis examined accounts banned between March 2025 and March 2026, mapping their activities onto the MITRE ATT&CK framework. It found that 67.3% of these accounts used AI to prepare malware, while a smaller but significant portion (6.5%) leveraged AI for lateral movement within networks. Over the year, the share of actors classified as medium or higher risk increased from 33% to 56%. Notably, AI use shifted from initial access techniques, like phishing, toward post-breach activities such as account discovery and lateral movement. This trend indicates that AI is lowering the skill barrier, allowing less sophisticated actors to perform complex operations previously limited to experts. Additionally, the correlation between the number of techniques used and threat level has weakened, as even low-skill actors employ nearly as many techniques as highly skilled ones, thanks to AI assistance. The report emphasizes that the key risk indicator now lies in how attackers deploy AI during operational phases, not just their technical toolkit.The frameworks can’t see the thing that matters
For decades, danger meant which techniques an attacker commands. A year of real AI-enabled attacks — 832 banned accounts mapped onto MITRE ATT&CK — shows that signal breaking, just as a new, harder-to-see one takes over.
A year of real misuse, mapped to the standard taxonomy
A window, not a census — these are the cases with enough detail to assess techniques thoroughly. Inside it, the risk level climbed fast.
WHAT WAS STUDIED
THE RISK CLIMB · MEDIUM-OR-HIGHER ACTORS
Python Scripting for Cybersecurity: Linux Edition: Volume 2 – Log Analysis, Network Visibility, and Threat Detection with Hands-On Python Projects
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
“More techniques” stopped meaning “more dangerous”
The old heuristic: count the techniques, judge the tooling. AI dissolved it — because the model supplies the techniques either way. Watch the old signal fail, then watch what it misses.
Risk score vs. technique count
Two ways to read the same attacker. One is going blind. Press play.
AI-powered malware analysis tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Deeper into the attack — and into less-skilled hands
Across the year, AI use drifted from getting in toward acting once already inside — the operationally demanding stages that used to require an expert.
The attack lifecycle · where AI is now applied
The center of gravity moved right — toward post-compromise work.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Used Book in Good Condition
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
From “what they know” to “what they’ve built”
The report sorts the signals into three tiers — one dead, one fading, one durable.
Technique count & tooling
16 vs. 20 between novice and expert; platform doesn’t correlate. The model supplies the techniques either way.
Where in the lifecycle AI is applied
Concentrating on operationally demanding, post-compromise stages is a better signal — but it’s eroding as the whole population heads there.
The scaffolding around the model
Architectures that let the model chain stages and run with minimal human input. Not what they know — whether they’ve built a system that lets AI run the attack.
cyber attack simulation kits
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Fixing the map before the territory moves again
A taxonomy that can’t name the most dangerous behavior on the field will quietly mislead the people relying on it. The response runs in two directions.
Fed back into the models
The findings informed safeguards on the most capable models, built to detect & block some of what was observed:
- Blocking malware development
- Blocking mass data exfiltration
- Putting tools in defenders’ hands first (Project Glasswing)
Taking it to the source
Following the Verizon work, Anthropic says it’s in discussions with MITRE about how ATT&CK might evolve:
- A vocabulary for agentic orchestration
- Naming the scaffolding that makes a model an operator
- An interactive technique visualization on the Red blog
Reading it in proportion
- The 832 cases are a detailed subset, not the full population — the precise percentages are directional, not definitive.
- “More autonomous” is not “fully autonomous” — even the standout case needed human input at key moments, which is itself a place for defenders to intervene.
- This is one vendor’s window — the company with visibility into misuse of its own model, publishing what it found. The right thing to do with the data, and worth remembering as you read it.
Implications of AI-Driven Attack Evolution
This development fundamentally alters how cybersecurity threats are assessed. Traditional metrics, such as the number of techniques or tools used, no longer reliably indicate actor danger. The democratization of advanced attack capabilities means even less skilled actors can execute complex operations, increasing the overall threat landscape. Security teams must now reconsider threat models and detection strategies to account for AI-facilitated activities that bypass conventional skill-based assumptions.
Changing Cyber Threat Landscape with AI
For decades, threat assessment relied on the premise that more techniques and sophisticated tools signified higher danger. The MITRE ATT&CK framework served as a standard for categorizing attacker tactics. Recent years saw the rise of AI tools in cybersecurity, primarily for defensive purposes, but emerging evidence indicates attackers are harnessing AI for malicious activities. The report from Anthropic offers a rare, data-driven look at real-world attacker behavior over a year, revealing how AI is shifting attack patterns and risk indicators.
“The traditional signals we used to identify dangerous threat actors are no longer reliable because AI is enabling even less skilled actors to perform complex, operationally demanding tasks.”
— Thorsten Meyer, AI security researcher
Unclear Impact on Future Threat Detection
It remains uncertain how cybersecurity defenses will adapt to these changes. While the report highlights the shift in attacker behavior, the effectiveness of current detection methods against AI-facilitated attacks is still being evaluated. Additionally, the long-term evolution of attacker strategies leveraging AI is unpredictable, and it is unclear how quickly security tools can evolve to address these new threats.
Next Steps for Cybersecurity Defense Strategies
Organizations will need to update threat assessment models to incorporate AI-driven activity indicators. Investment in AI-aware detection tools and continuous monitoring of attacker behavior are likely to become standard. Researchers and security vendors are expected to develop new frameworks that better account for AI-enabled attack techniques, while policymakers may consider regulations to limit malicious AI use.
Key Questions
How is AI changing the threat landscape?
AI is enabling less skilled attackers to perform complex, operationally demanding tasks such as lateral movement and account discovery, which previously required technical expertise. This democratization increases overall threat levels and complicates detection efforts.
Why are traditional threat assessment methods no longer effective?
Because AI allows even low-skill actors to perform techniques that used to distinguish more dangerous attackers, such as the number of techniques or platform used, no longer reliably indicates threat level.
What are the biggest risks posed by AI-enabled cyberattacks?
The main risk is that attackers can now execute complex, operationally demanding attacks without requiring advanced skills, making it harder for defenders to identify and prioritize threats based on traditional indicators.
What should organizations do to defend against these new threats?
Organizations need to update their threat detection and assessment strategies to focus on how AI is used during attack operations, invest in AI-aware security tools, and continuously monitor evolving attacker techniques.
Source: ThorstenMeyerAI.com
