More than two-thirds of accounts banned by Anthropic for policy violations over the last year used AI to help prepare for cyberattacks, including writing malware, the AI firm disclosed Wednesday.
Between March 2025 and March 2026, out of 832 banned accounts examined, 560 were used for this purpose.
Anthropic noted that while most AI use occurs in the preparation phase, 6.5% of banned accounts used AI for "lateral movement"-post-compromise techniques. The firm stated: "These sorts of techniques used to be restricted to actors with technical knowledge. Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors."
The threat level is escalating. In the first six months, 33% of accounts were classified as "medium risk or higher"; that nearly doubled to 56% in the second six-month period.
In November, Anthropic reported a Chinese state-sponsored group used an AI model autonomously to conduct an exploit, steal credentials, and make decisions with minimal human input.
This follows Google researchers' discovery of the first known AI-crafted zero-day exploit, which bypassed two-factor authentication on a popular open-source tool.
Anthropic is set to release its next AI model, Mythos, which has already identified over 10,000 major software vulnerabilities, raising concerns about its potential misuse.