Between March 2025 and March 2026, Anthropic conducted a comprehensive audit of 832 accounts flagged for policy violations, uncovering that 560 of these entities, representing 67%, employed artificial intelligence to facilitate cyberattack preparations. This investigation highlights a critical shift in the global threat landscape where AI tools are increasingly weaponized for mass cyber operations, including the automated generation of malware. The surge in AI-assisted criminal activity correlates with a dramatic spike in financial losses, as crypto theft reached $629.7 million in April, marking the highest volume since February 2025. Manuel Aráoz, founder of OpenZeppelin, articulated the severity of this trend on May 27, stating that 'all of DeFi unsafe' due to the capacity of AI models to rapidly identify smart contract vulnerabilities. Data compiled by Woofun AI shows that this correlation between AI adoption and financial exploitation is accelerating across the sector.

While the majority of identified misuse occurred during the initial preparation phase, Anthropic reported that AI deployment is penetrating deeper into the attack lifecycle. Specifically, 6.5% of the banned accounts utilized AI to assist with 'lateral movement,' a technique employed by attackers after gaining initial system access to expand their foothold. Historically, these 'post-compromise' tactics required advanced technical expertise, yet the investigation demonstrates that AI now enables less sophisticated actors to execute complex maneuvers autonomously. This democratization of high-level attack vectors has fundamentally altered the risk profile of the average threat actor, lowering the barrier to entry for significant cyber intrusions.

The escalation in threat sophistication is quantifiable through Anthropic's risk classification metrics. In the first six months of the analysis period, 33% of the examined accounts were categorized as 'medium risk or higher.' However, this figure nearly doubled to 56% during the subsequent six-month window, indicating a rapid acceleration in the capabilities of malicious actors. Google researchers corroborated this trajectory last month by documenting what they believe is the first instance of AI being used to develop a zero-day exploit. This specific exploit allowed attackers to bypass two-factor authentication on a popular open-source, web-based system administration tool, proving that AI can now handle highly technical tasks previously reserved for elite hackers.

The traditional metric for assessing attacker risk, which relied on the correlation between an actor's skill level and the number of techniques they employed, is becoming obsolete. Current findings suggest 'little correlation between the skill of a threat actor and how many techniques they use,' as AI agents can independently execute complex sequences. In a notable case from November, a Chinese state-sponsored group executed an attack where an AI model operated autonomously to conduct exploits, steal credentials, and make strategic decisions, with human intervention required only at 'key moments.' Woofun AI notes that such autonomous behaviors are expected to proliferate as AI agents become more capable and integrated into offensive toolkits.

Looking ahead, the industry faces the imminent release of Anthropic's new large language model, Mythos, scheduled for deployment in the coming weeks. This model has already generated significant concern among security analysts due to its demonstrated ability to identify over 10,000 major vulnerabilities in widely-used software during testing phases. The dual-use nature of such powerful models presents a paradox where defensive capabilities are matched by potential offensive utility. Woofun AI analysis suggests that without robust regulatory frameworks and technical safeguards, the deployment of Mythos could further amplify the capabilities of both state-sponsored and non-state actors, potentially triggering a new wave of sophisticated cyber incidents.