Anthropic just published a year-long study of how real attackers are actually using Claude, and the takeaway is uncomfortable for anyone running a security team: the old playbook for judging how dangerous a threat actor is no longer works. The company analyzed 832 accounts it banned for malicious cyber activity between March 2025 and March 2026, then mapped each one onto MITRE ATT&CK, the industry standard catalog of attacker tactics and techniques.

For each account, researchers produced a summary of the observed activity, extracted the tactics, techniques, and procedures, and mapped them to the version of MITRE ATT&CK that was live at the time (V18). In all, they observed 13,873 actions across 482 unique techniques and all 14 ATT&CK tactics. Some of the results were also folded into the 2026 Verizon Data Breach Investigation Report, giving the dataset broader industry validation.

The skill ladder is collapsing

The headline finding is that AI is letting unskilled attackers do work that used to require serious expertise. In the first six-month period of the analysis, 33% of actors were classified by Anthropic's risk-scoring system as medium risk or higher, but by the second half that share had jumped to 56%, a roughly 1.7-fold increase in six months.

The shape of attacker activity is shifting too. Most accounts still use AI for the obvious prep work: 67.3% of the 832 used it to write malware. But a smaller cohort is pushing AI deeper into the kill chain. Over the year, AI-assisted account discovery (finding valid accounts inside an already-compromised network) rose 8.9%, while AI-assisted phishing fell 8.6%. In other words, attackers are leaning on the model less to break in and more to operate once they are already inside.