AI is turning script-writers into autonomous operators

The real danger of AI in cybercrime isn't just better malware; it's the shift from writing scripts to running entire operations.

Anthropic’s Frontier Red Team recently analyzed 832 banned accounts to see how they actually use LLMs, mapping their behavior to the MITRE ATT&CK framework. The findings suggest the traditional "skill gap" is rapidly disappearing.

The share of medium-to-high-risk actors jumped from 33% to 56% in just six months. These attackers aren't necessarily more technically sophisticated; they're just using AI for more "hands-on" work. They are moving past simple code-writing and toward live network operations, including lateral movement and credential dumping.

The biggest shift is the rise of "agentic scaffolding." We are seeing actors use agentic tools to turn a model into an autonomous operator. Instead of just suggesting a command, the AI executes it, making tactical decisions about how to pivot through a network while the human merely provides the strategic direction.

This leaves defenders in a tough spot. Current security frameworks are built to track individual, manual techniques, but they don't have a way to identify or name the autonomous, decision-making behaviors that characterize these AI-driven attacks.