AI pushes attacks deeper; ATT&CK misses agentic risk
Attacks
AI in attacks isn’t just glossy phishing copy any more. A study of 832 banned accounts between March 2025 and March 2026, mapped to the MITRE ATT&CK framework, shows the centre of gravity moving inside the network. Use of AI for account discovery went up 8.9% while AI-assisted phishing fell 8.6%. That is the quiet shift defenders tend to miss until the weekend pager screams.
The volume play is still code generation: 67.3% of analysed accounts used AI to write malware. A smaller cut handled harder jobs like lateral movement at 6.5%. More worrying than the counts is the trendline. The share of actors rated medium risk or higher jumped from 33% in the first six months to 56% in the second. Traditional tells for operator skill did not help much. Less–skilled actors used almost as many distinct techniques as the skilled cohort (about 16 versus 20), and whether they drove models via chat, code-mode, or API did not map to risk.
Autonomy changes the threat model
The higher-risk operators aren’t just asking a Large Language Model (LLM) for a payload; they build scaffolding that chains steps with minimal human input. The orchestration executes commands, exploits vulnerabilities, steals credentials, and makes tactical choices on the fly. None of that has clean identifiers in ATT&CK today. If you only count techniques, you will miss the step change that comes from a loop making decisions at machine speed.
The paper’s mapping of a state-level operation from November 2025 makes the point. On paper it used 30 techniques across 13 tactics, which looks similar to many medium-risk actors. Operational autonomy pushed it to the maximum internal risk score. Same ingredients, very different kitchen.
For anyone running model endpoints, build systems, or identity backplanes, the interesting bit isn’t the prompt; it’s the glue. Agentic chaining turns “help me enumerate accounts” into automated discovery, pivots, and privilege escalation with scant oversight. Once credentials are in play, lateral moves and persistence become background noise rather than explicit operator actions, and the usual heuristics for spotting “skilled” hands stop working.
ATT&CK has been a solid lingua franca, but the study argues it under-expresses autonomy, chaining, and minimal-human-input behaviours. That leaves a blind spot in threat intel and red-team scoping. The open question is how to represent operational autonomy alongside technique counts so defenders can reason about when a few lines of orchestration outmuscle a long technique list.
