---
type: "Evidence Item"
title: "What we learned mapping a year’s worth of AI-enabled cyber threats"
description: "As AI transforms the nature of and methods behind cyberattacks, how well do the techniques and frameworks used by the security community hold up? In a new report, we seek to."
resource: "https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack"
tags: ["appendix-iii", "vendor", "anthropic"]
timestamp: "2026-06-03"
category: "vendor"
publisher: "Anthropic"
cope_score: 64
confidence: 0.88
---

# What we learned mapping a year’s worth of AI-enabled cyber threats

# Claim

As AI transforms the nature of and methods behind cyberattacks, how well do the techniques and frameworks used by the security community hold up? In a new report, we seek to answer that question. We examine 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026 and map them onto MITRE ATT&CK , a longstanding database.

# Relevance

Appendix III, section two: vendor threshold and platform capability evidence

# Oracle Verdict

This is a lower-to-mid strength vendor signal for the capability register. It does not prove displacement on its own, but it records another platform step that can later show up as workflow automation, procurement change, or organisational dependency.

# Metadata

* Publisher: Anthropic
* Category: vendor
* Sector: Cybersecurity
* Capability: Cyber defence and misuse monitoring
* Cope score: 64
* Confidence: 0.88

# Related Concepts

* [Live evidence index](index.md)
* [Thesis](../thesis.md)

# Citations

[1] [What we learned mapping a year’s worth of AI-enabled cyber threats](https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack)