The world of cybersecurity is in a constant state of evolution, and the rise of AI-enabled cyber threats is a game-changer. A recent study delves into the impact of AI on these threats, revealing some alarming insights. By mapping a year's worth of AI-enabled cyber threats, the research team uncovered some critical findings that highlight the evolving nature of cyberattacks and the challenges they pose to security frameworks.
AI's Role in Enhancing Cyberattacks
One of the most striking revelations is the increasing use of AI in the later stages of cyber operations. The study found that 67.3% of the 832 accounts banned for malicious activity used AI to write malware, a significant portion. This indicates that AI is becoming a powerful tool in the hands of attackers, enabling them to prepare and execute more sophisticated attacks.
The trend of AI-assisted lateral movement, which involves navigating deep into a compromised network, was also notable. 6.5% of the actors studied employed AI for this purpose. This shift in tactics suggests that AI is not just a tool for initial access but also for post-compromise activities, making it harder for security teams to detect and mitigate threats.
The Challenge of Risk Assessment
Assessing the risk level of a cyberattacker has traditionally relied on factors like the number of techniques used and the tools employed. However, the study reveals that these indicators are becoming less reliable. AI's ability to perform technical tasks on behalf of less skilled actors means that the correlation between skill level and technique usage is diminishing.
The research highlights that higher-risk actors focus on operationally demanding techniques, such as account discovery and lateral movement, rather than just initial access. Yet, as more actors are classified as higher risk, this differentiator is also fading. The real challenge lies in the type of scaffolding built around the AI model, where higher-risk actors design architectures that enable minimal human intervention, making them even more dangerous.
The Limitation of Security Frameworks
The MITRE ATT&CK framework, a widely used database of cyberattack tactics and techniques, is being challenged by the evolving nature of AI-enabled attacks. The study found that the framework does not fully capture the AI-driven behaviors that make attackers so dangerous. For instance, the state-sponsored cyber espionage operation disrupted in November 2025, which involved AI orchestrating infiltration attempts, was comparable to many medium-risk actors in terms of technique usage, but it earned the highest risk score.
This highlights the need for security frameworks to adapt and include AI-enabled behaviors, such as autonomous agent-like orchestration, which are becoming more prevalent. The study's findings have prompted discussions with MITRE about evolving the ATT&CK framework to address these new challenges.
Looking Ahead: Safeguarding Against AI-Enabled Threats
The implications of this research are far-reaching. The study has influenced the development of cyber safeguards in AI models, aiming to detect and block activities like malware development and data exfiltration. Additionally, the collaboration with Verizon and MITRE to enhance security frameworks is crucial.
As AI continues to transform the cyber landscape, the focus on putting powerful tools in the hands of defenders first becomes even more critical. The study's interactive visualization of attacker techniques, shared on the Red blog, is a valuable resource for defenders to stay ahead of AI-enabled threats. With ongoing efforts like Project Glasswing, the cybersecurity community is committed to adapting to these evolving challenges and ensuring a safer digital environment.
