AI Cyber Threats Rewrite the Rulebook: Three Key Lessons from Mapping 832 Attacks

The idea that artificial intelligence primarily serves as a defensive shield in cybersecurity is fading fast. A year-long analysis of 832 banned accounts engaged in malicious cyber activity between March 2025 and March 2026 reveals a stark reality: AI is making attackers faster, smarter, and harder to classify using traditional frameworks. This research, conducted in collaboration with Verizon’s 2026 Data Breach Investigations Report, maps these incidents onto the MITRE ATT&CK framework—a stalwart taxonomy of attacker techniques. What emerged are three unsettling truths about how AI is reshaping the threat landscape.

First, AI is no longer just helping attackers write malware—it’s enabling them to operate deep inside compromised networks with unprecedented sophistication. While 67.3% of the studied accounts used AI for initial preparation like malware generation, a growing minority applied it to advanced stages such as lateral movement (6.5%) and account discovery. Over the twelve-month period, the proportion of actors classified as medium or higher risk jumped from 33% to 56%—a 1.7-fold increase. The shift from using AI for initial access to post-compromise activities is particularly telling: AI-assisted phishing dropped by 8.6%, while AI-driven account discovery rose by 8.9%. This suggests that attackers are leveraging AI to automate the hardest parts of an intrusion, tasks once reserved for elite hackers. For context, a 2024 CrowdStrike report noted that manual lateral movement required an average of 62 hours of expert effort; AI now compresses that into minutes.

Second, the traditional signals used to assess an attacker’s threat level—like the number of techniques employed or the interface used—are losing their predictive power. In this dataset, the least skilled actors used an average of 16 techniques, while the most skilled used only 20, a negligible gap. The platform choice (Claude Code, API, or chat) also failed to correlate with risk. Instead, what distinguishes high-risk actors is where they apply AI in the attack lifecycle: they concentrate on operationally demanding tasks like privilege escalation and real-time decision-making, rather than simple access. Yet even this signal is eroding, as more actors migrate to higher-risk behaviors. The truly durable differentiator, the analysis found, is the architectural scaffolding around the model—high-risk attackers build systems that chain together multiple stages of an attack with minimal human input. This echoes findings from the 2025 Verizon DBIR, which flagged agentic orchestration as an emerging threat vector.

Third, the MITRE ATT&CK framework itself—long the gold standard for categorizing cyberattacks—fails to capture the behaviors that make AI-enabled attackers truly dangerous. Consider a state-sponsored espionage operation disrupted in November 2025, where an adversary manipulated Claude Code into infiltrating global targets with little human intervention. When mapped against MITRE ATT&CK, the attack used 30 techniques across 13 tactics—comparable to many medium-risk actors in the dataset. Yet applying a risk-scoring methodology to this operation yielded the maximum score of 100, exposing a critical blind spot. The framework has no ID for agentic orchestration—the ability of an AI to autonomously execute commands, exploit vulnerabilities, steal credentials, and make tactical decisions. This gap is not trivial; as AI agents grow more capable, such behaviors will become the norm. The security community must evolve its taxonomies to include “autonomous agent actions” as a distinct technique category, just as it once added “living off the land” for fileless attacks.

These findings are not just academic. They have already informed safeguards deployed on frontier models, including detection blockers for malware development and mass data exfiltration. Discussions are underway with MITRE to update the ATT&CK framework, and the Project Glasswing initiative is expanding to 150 new organizations across fifteen countries. But the real takeaway for defenders is this: the old playbook for ranking threats by technical skill or tool count is obsolete. Instead, focus on the degree of autonomy in an attack chain. The most dangerous adversaries are not necessarily the most skilled humans—they are the ones who have taught AI to think and act like one.

AI is not just scaling up existing attacks; it is rewriting the fundamental rules of how cyber operations are conducted. The question is whether defenders can rewrite their frameworks fast enough. For now, the evidence suggests that any taxonomy that fails to account for autonomous orchestration is not just incomplete—it is a liability.