Artificial intelligence is rapidly becoming a weapon of choice for cybercriminals. More than two-thirds of accounts banned by AI company Anthropic over the past year were caught using the technology to prepare for cyberattacks, including writing malware and identifying vulnerabilities.
The findings paint a troubling picture of how AI is lowering the barrier to entry for sophisticated cyber threats. What once required deep technical knowledge can now be accomplished by less skilled attackers with the help of AI models.
Between March 2025 and March 2026, Anthropic examined 832 accounts that violated its policies. Of those, 560 accounts – or 67% – were used to help prepare cyberattacks, the company announced Wednesday.
This data reflects a broader and alarming trend in the crypto and tech industries. In April, the value of cryptocurrency stolen in hacks surged to $629.7 million, the highest since February 2025. Some analysts have linked this spike directly to the widespread adoption of AI tools by malicious actors.
The threat has become so pronounced that Manuel Aráoz, founder of crypto security platform OpenZeppelin, declared in May that he considered “all of DeFi unsafe” due to AI models’ ability to identify smart contract vulnerabilities with unprecedented speed and accuracy.
While most AI usage remains in the preparation phase of attacks, Anthropic found that 6.5% of banned accounts deployed AI deeper into the attack process. These accounts used AI to assist with “lateral movement” – techniques that attackers use after gaining initial access to a system to expand their reach.
“These sorts of ‘post-compromise’ techniques used to be restricted to actors with the technical knowledge to carry them out,” Anthropic explained. “Our investigation shows that AI can now be made to perform these activities on behalf of less sophisticated actors.”
The sophistication of AI-powered attacks is also increasing rapidly. Anthropic classified 33% of accounts as “medium risk or higher” in the first six months of its analysis. That figure nearly doubled to 56% in the second six-month period, showing how quickly attackers are learning to weaponize AI tools more effectively.
The real-world impact of these developments became clear last month when Google researchers documented what they believe was the first case of AI being used to develop a zero-day exploit. This AI-generated attack successfully bypassed two-factor authentication on a popular open-source web administration tool.
Perhaps most concerning is how AI is changing the traditional metrics used to assess cyber threats. Anthropic noted there is now “little correlation between the skill of a threat actor and how many techniques they use” – a metric that security professionals have long relied on to gauge an attacker’s danger level.
The study documented cases where AI models operated with significant autonomy. In one November incident involving a Chinese state-sponsored group, an AI model independently conducted exploits, stole credentials, and made tactical decisions with minimal human oversight at key moments.
“These are precisely the behaviors we expect to see much more of as AI agents become more capable,” Anthropic warned.
The timing of these findings is particularly significant as Anthropic prepares to launch Mythos, its new large language model with powerful cybersecurity capabilities. The model has already identified over 10,000 major vulnerabilities in widely-used software, raising questions about how such tools can be prevented from falling into the wrong hands.
The implications extend far beyond individual attacks. As AI continues to democratize advanced hacking techniques, the entire cybersecurity landscape faces a fundamental shift. Traditional defense strategies may prove inadequate against attackers who can rapidly generate and deploy sophisticated exploits with minimal technical knowledge.
For the cryptocurrency and DeFi sectors, which already face significant security challenges, the rise of AI-powered attacks represents an existential threat that demands immediate attention and new defensive approaches.