Anthropic: Two-thirds of banned accounts used AI for attacks

Anthropic reviewed 832 accounts it banned for policy violations between March 2025 and March 2026 and found 560 used AI to prepare cyberattacks. The activity included drafting malware, scanning for vulnerabilities and automating steps in attack planning.

Most AI use occurred in preparation, but Anthropic found a growing share used AI deeper in the attack lifecycle. About 6.5% of the flagged accounts used AI to assist with lateral movement, the techniques attackers use to expand access after an initial breach. Anthropic noted AI can lower the technical barrier for complex post‑compromise actions.

The company tracked rising attacker risk over the year. Accounts classified as medium risk or higher made up 33% in the first six months of the review and rose to 56% in the second six months.

In a November incident linked to a Chinese state‑sponsored group, Anthropic reported an AI model executed an exploit, stole credentials and made operational decisions while a human intervened at key moments.

Security researchers documented a case in which AI was used to develop a zero‑day exploit that bypassed two‑factor authentication for a widely used open‑source web administration tool. Researchers reported that AI can carry out highly technical tasks that previously required specialist skills.

The cryptocurrency sector recorded higher losses. In April, hackers stole $629.7 million in digital assets, the largest monthly total since February 2025; some analysts linked that increase to broader AI use in attack preparation and exploitation. Manuel Aráoz, founder of OpenZeppelin, warned on May 27 that he considered ‘all of DeFi unsafe’ because AI models can quickly detect vulnerabilities in smart contracts.

Anthropic is preparing to release its Mythos language model. Company testing identified more than 10,000 major vulnerabilities in widely used software.

Anthropic urged continued monitoring and stronger safeguards around model access. Security specialists and platform operators highlighted patching, code audits, enhanced authentication and monitoring for lateral movement as defenses. Developers and policymakers are discussing measures to limit misuse while allowing legitimate research.