AI company Anthropic has mapped a full year of AI-enabled cyber threats, concluding that malicious actors are rapidly becoming more dangerous with the help of artificial intelligence.
More than two-thirds of accounts banned by Anthropic for policy violations over the past year used AI to assist in preparing for cyberattacks — activities such as writing malware — according to the company's own findings.
Anthropic stated that between March 2025 and March 2026, out of 832 accounts examined for policy violations, 560 were used in this manner.
The data reflects a troubling global trend: AI is increasingly being weaponized to carry out large-scale cyberattacks. In April, the value of cryptocurrency stolen through hacks surged to $629.7 million — the highest figure since February 2025 — a development some analysts have linked to the widespread use of AI tools.
Manuel Aráoz, founder of the crypto security platform OpenZeppelin, said on May 27 that he considered "all of DeFi unsafe" due to AI models' ability to identify vulnerabilities in smart contracts.
While the data shows that most AI use occurs during the preparation phase of an attack, Anthropic noted that AI has also begun to be deployed "deeper in the attack life cycle." Specifically, 6.5% of banned accounts used AI to assist with "lateral movement" — the techniques a cyberattacker employs after gaining initial access to a system.
"These sorts of 'post-compromise' techniques used to be restricted to actors with the technical knowledge to carry them out," Anthropic said. "Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors."
AI has also measurably increased the threat level posed by attackers. Anthropic classified one-third of accounts — 33% — as "medium risk or higher" during the first six months of its analysis. That figure nearly doubled to 56% during the second six-month period of the study.
The nature of threats posed by AI-powered hackers was further detailed by Google researchers last month. Those researchers identified what they believed to be the first-ever case of AI being used to develop a zero-day exploit, which enabled hackers to bypass two-factor authentication on an unnamed "popular open-source, web-based system administration tool."
The research also found that AI can now undertake highly technical tasks on behalf of attackers, and that there is "little correlation between the skill of a threat actor and how many techniques they use" — a metric that has traditionally been used to gauge an attacker's risk level.
Anthropic also disclosed that in at least one instance, in November, a Chinese state-sponsored group carried out an attack in which an AI model worked largely autonomously — conducting an exploit, stealing credentials, and making decisions with human input only at "key moments."
"These are precisely the behaviors we expect to see much more of as AI agents become more capable," the company said.
Anthropic is expected to roll out its AI model Mythos in the coming weeks. The large language model has drawn concern from analysts due to its powerful cybersecurity capabilities, which reportedly identified more than 10,000 major vulnerabilities in widely used software.
Why it matters
The near-doubling of accounts classified as "medium risk or higher" — from 33% to 56% across two consecutive six-month periods — suggests the threat level is accelerating within a single year, not stabilizing.
The finding that AI is now enabling "lateral movement" after initial system access is significant because post-compromise techniques previously required deep technical expertise; their availability to less-skilled actors broadens the pool of credible attackers.
The documented case of a largely autonomous AI-driven attack — where human input was required only at key moments — marks a qualitative shift from AI as a preparation tool to AI as an active participant in an intrusion.
