Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator

2026-06-02 · Source: Anthropic Frontier Red Team Blog · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Advanced, extended

Summary

Anthropic's analysis of 832 accounts banned from Claude between March 2025 and March 2026 reveals a significant increase in AI-enabled cyber threats. These accounts utilized AI models for all 14 MITRE ATT&CK® tactics and 482 unique sub-techniques. The study found that the percentage of medium or higher-risk actors jumped from 33% to 56% within a year, indicating AI is facilitating more sophisticated operations. Key findings include the growing number of high-risk actors, the potential for agentic scaffolding to enable autonomous attacks, and a gap in the MITRE ATT&CK® framework for autonomous AI actions. Anthropic developed the LLM ATT&CK Navigator and the AI Risk Enablement Score (ARiES) to assess risk, identifying that high-risk actors primarily use AI for post-compromise, hands-on-keyboard techniques like lateral movement, which correlates with a 10.5-point higher average risk score.

Key takeaway

For AI Security Engineers assessing evolving threats, you must recognize that AI is enabling less skilled actors to execute sophisticated, autonomous cyberattacks. Your current risk models, relying on technical skill or technique count, may be insufficient. Prioritize detecting agentic orchestration and post-compromise activities, as these are strong indicators of high AI enablement. Actively engage with evolving frameworks like MITRE ATT&CK® to capture AI-native operational behaviors and update your safeguards accordingly.

Key insights

AI is enabling less skilled actors to conduct more sophisticated and autonomous cyberattacks, challenging traditional risk assessment.

Principles

• AI-enabled cyber risk shifts from skill to orchestration.
• Autonomous agentic scaffolding elevates attack sophistication.
• Threat frameworks need expansion for AI-native behaviors.

Method

The AI Risk Enablement Score (ARiES) assesses AI-involved misuse cases by summing scores across Threat (0-35), Vulnerability (0-35), and Impact (0-30) dimensions, yielding a total risk score from 0 to 100. This additive model captures partial attack enablement.

In practice

• Update detection for agentic misuse patterns.
• Implement real-time safeguards for AI activities.
• Study frontier AI capabilities to preempt threats.

Topics

• AI-enabled Cyber Threats
• MITRE ATT&CK® Framework
• AI Risk Enablement Score
• Agentic AI
• Cyber Threat Intelligence
• Defense Evasion

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Research Scientist, Security Engineer

Related on AIssential

• What we learned mapping a year’s worth of AI-enabled cyber threats — AI-enabled cyberattacks are evolving rapidly, making traditional threat assessment and security frameworks inadequate.
• When Safe Skills Collide: Measuring Compositional Risk in Agent Skill Ecosystems — Individually safe agent skills can compose into unsafe installed skill sets, posing a significant compositional security risk.
• AI Agents Enable Adaptive Computer Worms — AI agents power adaptive computer worms that generate tailored attacks and propagate autonomously using stolen compute.
• TAI #204: Are AI Agents Starting A Cybersecurity Arms Race? — AI agents are rapidly transforming cybersecurity, enabling both advanced attacks and unprecedented defensive capabilities.
• AI Weekly Issue #482: AI is now the weapon and the target : things are getting really serious — AI is now a full-stack attack surface, requiring integrated security across software, infrastructure, agents, and models.
• AI for Criminals — AI significantly amplifies criminal capabilities by providing expertise, precision at scale, and real-time adaptability to defensive measures.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic Frontier Red Team Blog.