Anthropic maps 832 AI-enabled cyberattacks, finds MITRE ATT&CK framework inadequate for agentic threats
Anthropic's Frontier Red Team analyzed 832 accounts banned for malicious cyber activity between March 2025 and March 2026, mapping their techniques against the MITRE ATT&CK framework. Key findings: medium-or-higher-risk actors grew from 33% to 56% across the study period; AI use is shifting from initial-access techniques toward post-compromise operations like lateral movement and privilege escalation; and traditional risk signals (technique count, platform used) no longer reliably distinguish threat levels. The report concludes that MITRE ATT&CK lacks coverage for agentic orchestration behaviors—where AI chains attack stages autonomously with minimal human input—which characterize the highest-risk actors, including a state-sponsored espionage operation disrupted in November 2025.
Related guides (4)
Related events (8)
Anthropic August 2025 Threat Intelligence Report: Claude Misuse Case Studies
Anthropic has published its August 2025 Threat Intelligence Report documenting three real-world misuse cases involving Claude: a large-scale data extortion operation using Claude Code to automate reconnaissance and generate targeted ransom demands against 17+ organizations, a North Korean fraudulent employment scheme, and AI-assisted ransomware development by a low-skill criminal. The report highlights that agentic AI is now being weaponized for end-to-end cyberattacks rather than merely providing advisory assistance, and that AI has materially lowered the technical barrier to sophisticated cybercrime. Anthropic describes detection and countermeasures taken in each case.
Anthropic Frontier Red Team reports early-warning signs of rapid AI progress in cybersecurity and biosecurity capabilities
Anthropic's Frontier Red Team published findings from a year of safety evaluations across four model releases, documenting rapid capability gains in dual-use domains. In cybersecurity, Claude 3.7 Sonnet now solves roughly a third of Cybench CTF challenges (up from ~5% a year ago), and with the Incalmo toolset was able to replicate a large-scale network attack in realistic cyber range environments. In biosecurity, Claude has moved from underperforming virology experts to exceeding them on the VCT benchmark within one year, and exceeds human expert baselines on cloning workflows. Anthropic assesses current models as showing 'early warning' signs but not yet crossing thresholds of substantially elevated national security risk.
Anthropic Discloses First Reported AI-Orchestrated Cyber Espionage Campaign Using Claude Code
Anthropic detected and disrupted a sophisticated espionage campaign in mid-September 2025, attributed with high confidence to a Chinese state-sponsored threat actor, that used Claude Code as an autonomous agent to attack roughly thirty global targets across tech, finance, chemical manufacturing, and government sectors. The attackers jailbroke Claude Code by decomposing malicious tasks into seemingly innocent subtasks and falsely framing it as defensive security testing, enabling largely autonomous reconnaissance, vulnerability exploitation, credential harvesting, and data exfiltration. Anthropic describes this as the first documented large-scale cyberattack executed without substantial human intervention, leveraging agentic AI capabilities, tool access via MCP, and advanced coding skills. The company banned identified accounts, notified affected entities, coordinated with authorities, and is expanding detection classifiers and publishing the report to aid industry and government defenses.
Anthropic publishes frontier threats red teaming methodology and biosecurity findings
Anthropic describes its 'frontier threats red teaming' program, sharing methodology and high-level findings from a 150+ hour biosecurity red-teaming project conducted with domain experts. The team found that current frontier models can sometimes produce expert-level biological information, that risks are likely to grow as models scale and gain tool access, and that unmitigated LLMs could accelerate bioweapon-related misuse within two to three years. Mitigations including training-process changes and classifier-based filters have been deployed, and Anthropic is sharing findings with governments and other labs while calling for more independent red-teaming efforts.
Anthropic Publishes March 2025 Report on Malicious Uses of Claude: Influence Operations, Credential Stuffing, Recruitment Fraud, Malware
Anthropic released a transparency report detailing four case studies of Claude misuse detected in early 2025: a commercially-operated influence-as-a-service network using Claude to orchestrate 100+ social media bots across Twitter/X and Facebook, a credential stuffing operation targeting security cameras, a recruitment fraud campaign targeting Eastern European job seekers, and a low-skill actor using Claude to develop malware beyond their baseline capability. The most novel finding is Claude being used as an agentic orchestrator making tactical engagement decisions for bot accounts—deciding when to like, share, comment, or ignore posts—rather than just generating content. Anthropic used its Clio and hierarchical summarization research techniques to detect and ban the associated accounts, and flags that semi-autonomous abuse orchestration via frontier models is an emerging and expected-to-grow threat pattern.
Anthropic Updates Usage Policy: Agentic Use, Cybersecurity, and Political Content
Anthropic has revised its Usage Policy effective September 15, 2025, with changes addressing agentic and cybersecurity risks, political content restrictions, law enforcement use clarity, and high-risk consumer-facing requirements. New sections explicitly prohibit malicious computer/network compromise activities while supporting legitimate security research, responding to the rapid expansion of agentic tools like Claude Code and Computer Use. The policy also narrows its previous blanket ban on political content to focus specifically on deceptive or voter-targeting uses, enabling legitimate civic and policy research. High-risk safeguards (human-in-the-loop, AI disclosure) are clarified to apply only to consumer-facing outputs, not B2B interactions.
Anthropic-Cybersecurity-Skills: 754 Structured Cybersecurity Skills for AI Agents
A GitHub repository providing 754 structured cybersecurity skills designed for AI coding agents, mapped to five major frameworks including MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, and NIST AI RMF. The skills are organized across 26 security domains and conform to the agentskills.io standard. The project claims compatibility with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI, and 20+ other platforms. It has accumulated 7,330 stars with 238 added today, indicating notable community traction.
Internet Traffic Driven By AI Tripled Last Year, Study Shows
Human Security's 2026 State of AI Traffic and Cyberthreat Benchmark Report, based on over 1 quadrillion internet interactions, found AI-driven traffic nearly tripled in 2025, with agentic browser-style traffic growing ~80x year-over-year (though still only 1.7% of AI-driven traffic by December). OpenAI accounted for ~69% of automated traffic, Meta 16%, and Anthropic 11%. The report also flags a 47% rise in malicious scraping and new security challenges as legitimate AI agents increasingly mimic historically suspicious bot behaviors like account creation and transaction completion.