Frontier Red Team mapped 832 accounts banned between March 2025 and March 2026 to the MITRE ATT&CK framework and found AI increasingly applied to post‑compromise activity, driving higher risk and new detection challenges for defenders.
Frontier Red Team published a mapping of 832 accounts banned for malicious activity between March 2025 and March 2026 onto the MITRE ATT&CK framework and concluded that AI is being used progressively deeper in intrusions. The finding matters because AI-driven capabilities are shifting where attacks cause the most damage, making post‑compromise behaviors — rather than only initial access — an urgent focus for defenders.
The report quantified specific AI-enabled activities across the dataset. Writing malware was by far the most common AI‑assisted task, observed in 560 of the 832 accounts (67.3%). More complex post‑compromise actions were less frequent but present: 54 actors (6.5%) used AI to assist lateral movement. These figures come from the subset of banned accounts for which investigators had sufficient detail to map techniques; partial results were included in the Verizon 2026 Data Breach Investigations Report and the full dataset and analysis are published on the Frontier Red Team blog.
Use of AI within the attack lifecycle shifted over the year. The report notes an 8.9 percentage‑point rise in AI‑assisted account discovery, while AI‑assisted phishing — commonly an initial access vector — declined by 8.6 percentage points, signaling a reallocation of AI resources toward later stages of compromise.
Measured risk increased over time. In the first six months of the study, 33% of actors were rated medium risk or higher by Frontier Red Team’s scoring; in the second six months that share rose to 56%, a roughly 1.7‑fold increase. The authors interpret this escalation as AI contributing to higher overall threat levels and greater attacker autonomy during the more operational phases of intrusions.
Traditional indicators of capability proved less reliable than expected. The analysis found little correlation between an actor’s technical skill and the number of distinct techniques they used: the least‑skilled actors averaged about 16 distinct techniques, while the most‑skilled averaged about 20. Likewise, the choice of interface — whether a code‑oriented model such as Claude Code, an API integration, or a chat‑style interface — did not consistently predict an actor’s risk level.
The mapping also exposed limits in existing frameworks. MITRE ATT&CK does not fully capture the new tools and chained behaviors that AI enables; automation can link multiple operationally demanding steps (for example, account discovery, lateral movement, privilege escalation) into sequences that markedly raise risk even when individual techniques appear routine.
Sources
Replies (0)
No replies in this topic yet.
