Anthropic LLM ATT&CK Navigator: AI-Enabled Adversaries Span All 14 MITRE ATT&CK Tactics — Medium-to-High-Risk Actors Up 70% in 12 Months

Anthropic's Frontier Red Team published the LLM ATT&CK Navigator on June 3, 2026 — a year-long empirical study of 832 accounts banned for violating Claude's usage policy between March 2025 and March 2026. The study mapped 13,873 observed technique uses across all 14 MITRE ATT&CK tactics and 482 unique sub-techniques. The team introduced the AI Risk Enablement Score (ARiES), a composite risk metric. Most critically: the proportion of actors classified as medium or higher risk jumped from 33% to 56% between the first and second halves of the study period — a 70% relative increase — indicating that AI tools are rapidly democratising sophisticated cyber operations. The findings reveal that the dividing line between low- and high-risk adversaries is no longer technical skill but the ability to orchestrate AI-assisted workflows.

Adversaries used Claude models across all attack phases — from reconnaissance and resource development through initial access, lateral movement, and impact — with 482 unique ATT&CK sub-techniques observed. AI assistance lowered the skill floor for complex attack planning, malware development, phishing customisation, and vulnerability research, enabling actors who previously lacked technical depth to execute sophisticated multi-stage operations.

Enterprises exposed to AI-assisted adversaries across any attack phase. The study also identifies gaps in existing ATT&CK-style frameworks: they do not yet fully capture autonomous kill-chain orchestration by AI agents — a critical blind spot for defenders relying on current detection models.

Anthropic updated its internal classifiers and expanded behavioural probe detections based on these findings. Defenders should: (1) map existing detection coverage to ATT&CK v18 and identify gaps in technique categories that AI uplift most — particularly reconnaissance, weaponisation, and lateral movement; (2) accelerate threat-modelling exercises that assume adversaries operate with AI assistance at medium-risk levels by default; (3) review AI-use policies to limit model access to high-risk operational planning queries.