Crypto: 67% of banned Anthropic accounts aided AI cyberattacks

Artificial intelligence is moving deeper into the cyberattack playbook, according to a new audit of policy-violating accounts by Anthropic. The AI company said that, over the 12-month window from March 2025 to March 2026, more than two-thirds of the 832 accounts flagged for policy violations were used to help orchestrate cyberattacks by leveraging AI to draft malware, plan intrusions, and identify vulnerabilities.

The findings highlight a growing concern among security researchers and crypto defenders: as AI tools become more capable, their use in wrongdoing could scale beyond the planning stage and into active exploitation. Anthropic disclosed that 560 of the analyzed accounts played a role in preparing or conducting cyberattacks, underscoring how AI is increasingly part of the attack lifecycle rather than just a preliminary aid.

Crucially, Anthropic said AI’s role is expanding within the attack chain. While the majority of AI-assisted activity was about preparation, roughly 6.5% of the banned accounts were used to support “lateral movement”—the phase attackers use after breaking in to move through a target network or system. The firm argues this marks a shift from AI merely enabling basic breach planning to enabling sophisticated, post-compromise actions that could be executed with less skilled operators.

Anthropic’s researchers warn that such post-compromise techniques, once the realm of highly skilled operators, are now being executed by AI agents on behalf of a broader set of actors. In describing the trend, the company notes that AI can perform complex, technical tasks that historically required substantial expertise, effectively lowering the barrier to multiple-stage cyberattacks.

The study also reveals a shifting risk profile. In the first six months of the observation period, about one-third (33%) of the accounts were classified as “medium risk or higher.” In the subsequent six months, that share jumped to 56%. The widening risk band suggests that as attackers deploy AI more broadly, the potential consequences—ranging from data exfiltration to financial loss—could intensify across targets, including crypto platforms and DeFi projects.

Anthropic’s findings land against a backdrop of broader volatility in crypto-security incidents. In April, the amount of crypto stolen in hacks rose to $629.7 million, a peak not seen since February 2025. Analysts have linked the spike, in part, to AI-enabled tools that accelerate the discovery of vulnerabilities and the rapid deployment of phishing, malware, and credential-stealing techniques. Cointelegraph highlighted this April surge, noting the potential role of AI in amplifying attacker capabilities.

Security researchers have long warned that AI can magnify both defensive and offensive capabilities. Manuel Aráoz, the founder of the security platform OpenZeppelin, has previously argued that DeFi and broader crypto ecosystems face elevated risk from AI-enabled tooling that can identify weaknesses in smart contracts. In remarks tied to the same discourse, Aráoz has suggested that the intrinsic opacity and speed of AI-driven analysis could outpace traditional security auditing, creating gaps defenders must address.

Anthropic added that the threat landscape is not static. While many AI-driven attacks still focus on initial access and data theft, the company observed instances where AI operated autonomously in at least one notable November case involving a Chinese state-sponsored group. In that scenario, an AI agent conducted an exploit, stole credentials, and made decisions with human input only at key moments. The report describes such autonomous or semi-autonomous AI behavior as emblematic of the trends policymakers and industry players should monitor as AI agents mature.

Looking ahead, Anthropic is preparing to roll out Mythos, its forthcoming large language model designed with cybersecurity capabilities at the forefront. The company has warned that Mythos could further sharpen attackers’ ability to identify and exploit software vulnerabilities, while also raising questions about how to balance powerful AI tools with guardrails that prevent misuse. Mythos joins a broader ecosystem of AI agents whose capabilities have drawn scrutiny from researchers and industry observers who worry about both the security of digital ecosystems and the integrity of AI systems themselves.

For investors and builders in crypto, the implications are twofold. First, security architectures must assume that AI-assisted adversaries can perform more tasks with less human expertise. This reinforces the need for proactive security testing, rigorous smart-contract auditing, and rapid incident response pipelines that can adapt to AI-enabled attack vectors. Second, the evolving risk is a reminder that security-by-design remains the most reliable path forward; as AI tools lower the technical barriers for attackers, platforms must harden defenses and implement multi-layer protections that can withstand autonomous or semi-autonomous AI-driven intrusions.

Analysts and developers should watch how Mythos and similar AI agents affect both attacker capabilities and defensive strategies. The balance between enabling beneficial AI-driven security tools and preventing their misuse will shape policy conversations, product design, and investment theses across the crypto security landscape in the months ahead. As AI models grow more capable, the line between threat and defense may continue to blur, making robust security governance essential for the crypto ecosystem.

Key takeaways

• Anthropic examined 832 accounts for policy violations between March 2025 and March 2026; 560 of those were used to aid cyberattacks with AI.
• AI-assisted activity predominantly supported attack planning, but 6.5% of cases involved AI helping attackers move laterally within compromised systems.
• Threat assessment shifted upward over time: 33% of accounts were medium risk or higher in the first half, rising to 56% in the second half.
• April crypto-hack losses reached $629.7 million, the highest since February 2025, with analysts pointing to AI-enabled attack tools as a contributing factor.
• Anthropic’s forthcoming Mythos AI model is expected to enhance cybersecurity capabilities, prompting ongoing debates about guardrails and defensive use in crypto ecosystems.

AI-enabled threats expand beyond planning to execution in crypto security

The core message from Anthropic’s review is a sobering reminder: AI is increasingly embedded in the full spectrum of cyber threats. While the majority of AI-driven activity in the period studied was oriented toward planning and reconnaissance, the presence of AI in lateral movement underscores how attackers can leverage automation to navigate networks more effectively after initial access. For crypto platforms, this translates into heightened urgency around monitoring for anomalous behaviors, implementing granular access controls, and hardening supply chains against AI-augmented exploitation.

From zero-day opportunities to autonomous AI action

The report aligns with broader industry observations about AI’s dual-use potential. Earlier reporting from security researchers highlighted cases where AI aided the discovery of zero-day vulnerabilities, including an incident where AI contributed to bypassing two-factor authentication for a widely used open-source tool. Anthropic’s own findings add depth to this narrative by showing AI moving into autonomous or semi-autonomous decision-making within breaches, albeit in limited but meaningful instances. Investors and operators should treat these developments as a warning that defensive AI tools must keep pace with offensive innovations.

What readers should watch next

Anthropic’s upcoming Mythos release will be a focal point for both defenders and adversaries in the crypto space. As AI agents become more capable, the industry will need clearer guardrails, more robust auditing, and better incident response frameworks to prevent AI-enabled attacks from eroding trust in decentralized platforms. In the near term, expect further research and disclosure from security-minded AI firms as the ecosystem calibrates to a world where AI-assisted threats are more prevalent—and more sophisticated.

Source attribution: Anthropic’s report on AI-enabled cyber threats, with data spanning March 2025 to March 2026. For broader context on the April crypto-hack losses linked to AI-enabled activity, see Cointelegraph’s coverage: “Crypto hacks cause $630m losses in April—the highest since February 2025.”

Anthropic notes that the trend toward AI-assisted exploitation could intensify as AI agents gain more autonomy, underscoring the need for stronger, proactive defenses across the crypto security landscape.

This article was originally published as Crypto: 67% of banned Anthropic accounts aided AI cyberattacks on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.