Anthropic: 67% of Banned Accounts Used AI in Cyberattacks

Anthropic found that more than two-thirds of accounts it banned for policy violations between March 2025 and March 2026 were used to help prepare cyberattacks, including writing malware. Of 832 accounts examined, 560 fell into that category. Most of the AI use occurred in the preparation phase, but the technology is moving deeper into the attack life cycle.

In 6.5% of banned accounts, AI assisted with lateral movement — techniques used after initial access — and in one November case a Chinese state-sponsored group deployed an AI model that conducted an exploit, stole credentials and made decisions with a human providing input at key moments.

Risk levels rose over the year: Anthropic classified 33% of accounts as medium risk or higher in the first six months of its analysis, climbing to 56% in the second six-month period.

China

anthropic, banned accounts, cyberattacks, malware, lateral movement, exploit, credential theft, state-sponsored, ai model, risk levels