Anthropic published a red-team report examining a year of detected abuse of Claude by threat actors (March 2025–March 2026). They analyzed a subset of banned accounts that provided enough detail to map activity onto the MITRE ATT&CK framework’s 15 tactics and dozens of techniques.
Key findings: the percentage of medium- or high-risk actors rose sharply (roughly doubling) between the first and second halves of the year. Growth concentrated in the most harmful techniques—lateral movement, credential dumping, and web shells. AI is enabling actors who previously lacked the skill to operate across the full kill chain.
The highest-risk activity is distinguished not by the number of techniques requested but by “agentic scaffolding”—the surrounding code and tooling that lets the model autonomously chain stages, make real-time pivot decisions, and execute with minimal human intervention. Traditional ATT&CK categories do not yet capture fully autonomous orchestration.
Anthropic is using the data to harden Claude’s guardrails. Steve emphasizes that current abuse is still limited to cloud services with safety filters. Once capable local models become common, those guardrails will disappear and real-time AI-directed attacks will become far more dangerous.