Anthropic Study: AI Is Turning Low-Skill Hackers Into Medium-to-High Risk Threats 

The share of threat actors classified as medium risk or higher nearly doubled over 12 months as artificial intelligence enabled less skilled hackers to execute more advanced attacks, according to a new Anthropic study. The report, based on 832 banned accounts on Anthropic’s platform between March 2025 and March 2026, found that AI is now performing highly technical tasks on attackers’ behalf, weakening the link between technical skill and threat level. The data covers accounts banned from Anthropic’s platform and does not represent the full population of malicious actors using AI tools across the industry.

Medium-or-Higher Risk Actors Rose From 33% to 56% Over the Study Period

The report, published by Anthropic’s Frontier Red Team, found that the share of threat actors classified as medium risk or higher climbed from 33% in the first half of the study period to 56% in the second half, a 1.7-fold increase over roughly 12 months. The data challenges a long-standing assumption in cybersecurity that the number of techniques or tools an attacker deploys is a reliable indicator of their threat level.

“Now that AI can perform highly technical tasks on an actor’s behalf, there’s little correlation between the skill of a threat actor and how many techniques they use,” the Frontier Red Team stated in the report. 

The least-skilled actors in the study averaged approximately 16 techniques, while the most skilled averaged approximately 20, a gap the report describes as insufficient to reliably distinguish risk levels. The platform used by the attacker, whether Claude Code, an API, or a chat tool, also showed no meaningful link to the risk tier they fell into, according to the report.

AI Use Shifted Deeper Into Attack Chains, With Account Discovery Up 8.9% and Phishing Down 8.6%

Anthropic’s data showed a shift in where attackers are deploying AI within the attack lifecycle. AI-assisted phishing activity declined by 8.6% over the study period, while AI-assisted account discovery within compromised networks increased by 8.9%. The report identified growing AI involvement in what it described as “operationally demanding techniques,” including privilege escalation, lateral movement, and account discovery, tasks Anthropic’s report describes as historically requiring greater technical capability.

“What often helps distinguish higher-risk actors is where in the attack life cycle they apply AI. But even that signal is already eroding,” the Frontier Red Team noted. 

Among the 832 banned accounts analyzed, 67.3% used AI to assist in malware development, while 6.5% used it for lateral movement within compromised systems.

Findings Carry Direct Implications for Crypto Exchanges, Protocols, and Digital Wallets

The report describes its findings as particularly relevant for the cryptocurrency industry, where cyberattacks have continued to escalate. Anthropic said the findings suggest AI is lowering the expertise threshold required to carry out complex attacks, potentially exposing exchanges, protocols, and digital wallets to a wider range of threat actors. The crypto sector recorded 40 major hacks in May 2026 alone.

Anthropic’s study does not quantify financial losses attributable to AI-assisted attacks specifically. The company said the rise in medium-and-higher risk actors reflects a change in how AI is being used across the attack lifecycle, with more actors now capable of executing technically demanding operations.