Год кибератак по данным Anthropic: как AI усиливает опасность хакеров

Anthropic researched 832 accounts banned for cyberattacks between March 2025 and March 2026, reaching an alarming conclusion: AI doesn't just enhance existing methods — it democratizes dangerous skills.

How Hackers Use AI

Two-thirds of attackers (67.3%) use AI to prepare for attacks, primarily to write malware. This is the most common application — basic, but large-scale.

But that's only the tip of the iceberg. More dangerous is that 6.5% are already using AI for lateral movement — navigating deep within a compromised network.

This is a complex technique that previously required high expertise. Lateral movement is when a hacker, already inside, searches for access to other systems within a corporate network. This requires understanding network architecture, knowledge of tools, ability to hide activity.

The danger is not that AI does something new. The danger is that it allows less experienced people to do what was previously only accessible to experts. Previously, to execute techniques inside a network required years of experience and extensive research; now you just need an AI prompt.

Risk Growing Exponentially

In the first six months of the research period, 33% of hackers were classified as medium or high risk. In the second six months, that figure jumped to 56% — a 1.7x increase. Over the year, the threat grew nearly twofold. This is not because criteria changed — reality changed. Particularly alarming trend: attacks are shifting from initial access techniques to post-compromise operations:

• Account discovery (finding active accounts on the network) increased by 8.9%
• Phishing (familiar first-access technique) fell by 8.6%
• Lateral movement and privilege escalation become priorities

This means hackers no longer spend resources overcoming the front door — they're preparing for being inside. This is a much more targeted and dangerous approach.

MITRE ATT&CK Fell Behind Reality

For two decades, the MITRE ATT&CK framework was the bible for security analysts. It catalogued all known attacker techniques and tactics. Traditionally, threats were assessed by the number of different techniques: the more techniques a hacker uses, the higher their qualifications. But Anthropic's data shows: this logic no longer works. The least experienced hackers in the study used an average of 16 different techniques, the most experienced — 20. The difference? Only 4 techniques. This is because AI can now perform complex tasks for a less experienced person. Platform doesn't matter either: Claude Code, API, or regular chat — risk is roughly the same.

"The MITRE ATT&CK framework doesn't fully capture the tools and activities that make AI-enhanced attackers so dangerous," the

Anthropic report states.

What This Means

Cybersecurity has entered a new phase. Traditional indicators of danger no longer help. New ways are needed to assess risk — based not on hacker skill, but on where in the attack chain they concentrate AI. This requires deeper analysis, but there's no alternative.