Contact us
Contact us

News

About

Home Crypto News Anthropic: AI used in 67% of banned malware accounts

Anthropic: AI used in 67% of banned malware accounts

Author Whitewallet Research
Posted: 4 June 2026, 11:33 CET 2 min read

Anthropic found 560 of 832 banned accounts (67%) used AI to write malware and attackers shifted AI use toward post‑compromise tasks such as account discovery and lateral movement.

Anthropic analyzed 832 accounts it banned for malicious cyber activity between March 2025 and March 2026 and found that 560 of those accounts, or 67%, used AI to write malware. The company reported a shift in AI use from gaining initial access toward tasks carried out after a breach.

Over the year-long period, use of AI for account discovery — identifying valid accounts inside a compromised environment — rose by about 9%, while AI-assisted phishing declined by roughly the same amount. Seven percent of the banned accounts used AI to assist lateral movement inside networks.

Data in the report show only a small difference in the number of distinct techniques used by lower- and higher-skilled actors: the least-skilled averaged about 16 techniques each, while the most skilled averaged about 20. There was no clear link between an actor’s assessed risk level and the specific AI platform they used, whether Claude Code, an API, or a chat interface. Higher-risk actors focused AI on tasks that need ongoing oversight or real-time decisions, such as privilege escalation and lateral movement, and designed architectures that chain models to run multiple attack stages with minimal human input.

Anthropic warned that chained, autonomous AI behaviors are not fully captured by the existing MITRE ATT&CK framework and said it is in discussions with MITRE about how ATT&CK might be updated to reflect activities such as sequencing attack steps, making on-the-fly decisions, and running with little human direction.

The report reads: “These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out. Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors.”

As an example, Anthropic described a November 2025 disruption of a state-sponsored espionage operation in which a malicious actor manipulated Claude Code to attempt global intrusions with limited human intervention. When mapped to the ATT&CK framework, that operation used 30 techniques across 13 tactics; the company’s risk-scoring methodology assigned it the maximum score of 100.

The report recommends updating detection and classification approaches so defenders and framework authors can account for autonomous, chained AI behaviors within the attack lifecycle.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE