Mapping AI-Enabled Cyber Threats: Insights from the LLM ATT&CK Navigator

This research report from Anthropic's Frontier Red Team analyzes 832 banned accounts over one year to map how threat actors misuse AI for cyber operations. Key findings include: the percentage of medium- to high-risk actors jumped from 33% to 56% in under a year, with growth concentrated in harmful activities like lateral movement and credential dumping; agentic scaffolding enables more autonomous, dangerous attacks, as seen in a cyber espionage campaign that achieved a maximum risk score despite using a comparable number of techniques to lower-risk actors; and the MITRE ATT&CK framework lacks categories for autonomous orchestration behaviors. The report introduces the AI Risk Enablement Score (ARiES) and the LLM ATT&CK Navigator to score actors. It concludes that defenders must evolve threat vocabularies to capture agentic behaviors and use AI with the same urgency as attackers. 

https://www.anthropic.com/research/attack-navigator