The short answer: AI turns cyberattacks into managed workflows

The most important shift in AI-enabled cybercrime is not better phishing copy. It is the emergence of attack workflows where AI helps connect one stage of an intrusion to the next.

When an attacker can use an AI system to identify accounts, interpret a compromised environment, recommend next steps, generate commands, and assist with lateral movement, the threat model changes. The attacker no longer needs to personally master every technical discipline required for a sophisticated intrusion. The AI becomes a layer of operational judgment.

That is why agentic cyber threats deserve serious board-level attention. They compress the distance between intention and execution.

The risk is not simply that attackers have better tools. The risk is that attackers can now assemble decision systems around those tools.

A recent analysis by Anthropic's Frontier Red Team examined 832 accounts blocked between March 2025 and March 2026 for malicious cyber activity and mapped them against the MITRE ATT&CK framework. The headline is not that AI was used. We already knew that. The real issue is where AI was used: not only in preparation, but increasingly in stages that traditionally required experience, patience, and deep technical understanding.

The uncomfortable numbers behind the shift

The most common AI-assisted activity in the analysis was still malware development, observed in 560 of the 832 accounts. That is serious, but not surprising.

The more strategic signal is the appearance of AI use in later-stage intrusion activity. According to the findings, 54 accounts used AI for lateral movement. That means activity inside an already compromised environment: identifying accounts, moving between systems, finding permissions, and getting closer to sensitive assets.

This matters because the economic damage of a cyberattack is usually not determined at the first click. It is determined after entry, when the attacker discovers what can be accessed, exfiltrated, encrypted, manipulated, or held hostage.

There was another important signal. During the first half of the research period, roughly one-third of the actors were assessed as medium risk or higher. In the second half, that figure rose to 56 percent. That is not a statistical curiosity. It suggests that AI is raising the operational ceiling for lower-skilled attackers and speeding up the learning curve for everyone else.

For enterprise leaders, the implication is direct: security strategies built mainly around preventing initial access are no longer enough. The decisive layer is moving inward, toward detection, containment, identity governance, behavioral monitoring, and rapid response after compromise.

Why old cyber risk models are starting to fail

Traditional cyber risk assessment often tries to evaluate attackers by their techniques, tools, infrastructure, and visible sophistication. That still matters. But AI weakens the link between human expertise and operational capability.

A less experienced attacker can use AI to produce a chain of actions that looks more advanced than their personal skill set. A more advanced attacker can use AI to scale, test, and accelerate operations. From the defender's perspective, both may produce similar telemetry if we only count techniques.

The better question is no longer only, What did the attacker do?

The better questions are:

  • Did the attacker use AI to connect multiple stages of the intrusion?
  • Was the model used as a tactical advisor or as part of an execution loop?
  • Did the workflow reduce the need for human judgment?
  • Were prompts, tools, scripts, and infrastructure orchestrated as one system?
  • Did the attacker adapt based on feedback from the target environment?

This is the core of agentic risk. A model that answers a malicious question is dangerous. A system that uses a model to plan, execute, observe, and adjust is far more dangerous.

MITRE ATT&CK needs an agentic layer

MITRE ATT&CK remains one of the most useful frameworks in cybersecurity. It gives defenders a shared language for tactics, techniques, and procedures. But the agentic AI era exposes a gap.

The current framing is strong at describing what attackers do. It is weaker at describing how AI systems may coordinate actions across time.

There is a difference between a human attacker using a model to generate a command and an AI-assisted workflow that decides which command to generate, when to run it, how to interpret the result, and what to do next. The second scenario is not just a technique. It is orchestration.

Security teams should begin adding their own internal classification for AI-assisted behavior, including:

  • AI-generated code or payloads
  • AI-assisted reconnaissance
  • AI-supported credential discovery
  • AI-guided lateral movement
  • AI-orchestrated multi-step attack chains
  • Suspicious use of internal AI tools against enterprise systems
  • Repeated model interactions that indicate cumulative malicious intent

This is also a message to model providers. Safety cannot rely only on blocking individual prompts. A single request may look harmless. A sequence of requests across a session may reveal intent. Security controls must learn to evaluate accumulation, context, and trajectory.

The enterprise impact is operational, not only technical

Boards and CFOs should resist the temptation to treat AI cyber risk as another line item inside the security budget. This is an operating model issue.

AI changes the cost structure of attacks. It can reduce the labor required to execute complex steps. It can help attackers scale experiments. It can make mid-tier actors more capable. It can also shorten the defender's response window.

That affects finance in several ways:

  • Higher probability of business interruption
  • Greater pressure on cyber insurance underwriting
  • More investment required in identity, monitoring, and response automation
  • Increased need for employee AI literacy and secure usage policies
  • Higher risk from poorly governed internal automation
  • More scrutiny from customers, regulators, and partners

The mistake would be to respond by slowing AI adoption. Enterprises cannot defend against AI-enabled attackers by avoiding AI internally. They need to become better, safer, more disciplined users of AI.

The defender also needs agents, but with governance

Agentic AI is not only an attacker advantage. It can be a major defensive advantage when implemented professionally.

AI can help security teams triage alerts, summarize incidents, correlate logs, draft response playbooks, review suspicious scripts, and identify abnormal sequences across identity and network data. The operational value is significant because security teams are already overwhelmed by volume.

But the same principle applies on the defensive side: AI is not merely technical. It requires deep domain knowledge, process design, management discipline, and strong governance. A security agent connected to sensitive systems without clear permissions, auditability, and human escalation rules can create risk instead of reducing it.

The right model is not human-free automation. It is scalable human-in-the-loop operations.

That distinction matters. If every AI-assisted process requires a human to approve every minor step, the organization gains little. The goal is different: one expert who previously handled one investigation should now supervise dozens or hundreds of AI-supported investigations, with clear thresholds for escalation.

Human judgment remains critical, but it must move upward in the process. Humans should supervise policy, exceptions, high-risk decisions, and ambiguous cases. Agents should handle repeatable analysis, evidence gathering, summarization, and first-line recommendations.

AI literacy and AI agents must advance together

Many organizations are treating AI adoption as a choice between giving employees tools or building agents. That is the wrong framing. Enterprises need both tracks.

AI literacy is essential because employees must learn how to communicate effectively with models, validate outputs, protect sensitive information, and understand the limits of probabilistic systems. This is becoming a core professional skill, not a nice-to-have.

Agent development is equally important because agents can execute defined workflows without forcing every employee to change daily habits. In many cases, agents may be easier to adopt operationally than general-purpose AI tools, even if they look more complex technically.

The practical enterprise roadmap should include:

  • Broad AI literacy for employees and managers
  • Secure model usage policies
  • Internal capability to design and manage AI agents
  • A governed platform for agent deployment
  • Clear ownership for monitoring, permissions, and lifecycle management
  • Security review before agents touch production systems
  • Continuous measurement of operational value and risk

In the future, information systems departments will increasingly look like human resources departments for AI agents. They will onboard agents, assign roles, manage permissions, monitor performance, investigate misconduct, and retire agents that no longer serve a business purpose.

Tools matter, but architecture matters more

Enterprises are already making platform decisions. Claude is one of the strongest systems for broad enterprise adoption, especially because of its practical reasoning quality and the speed at which Anthropic has been moving. Claude Code and collaborative Claude-based workflows are among the more effective AI tools currently available for real implementation work.

At the same time, security challenges must be handled seriously. Strong capability without strong governance is not an enterprise strategy.

Microsoft Copilot remains an important infrastructure tool, particularly for organizations deeply invested in the Microsoft ecosystem. Copilot Studio is a reasonable route for building agents in that environment, and recent improvements show that Microsoft is accelerating. Still, large platform companies often move differently from more focused AI labs.

We are also seeing tools such as n8n enter environments that once would have considered them unsuitable for large enterprises. That shift is important. Workflow automation and AI orchestration are converging, and organizations will need a disciplined view of where these tools belong.

The winning architecture is not about choosing the trendiest model. It is about building an enterprise platform that can safely create, deploy, monitor, and improve AI agents.

Beware the self-appointed AI expert

AI cybersecurity is multidisciplinary. It requires an understanding of models, business processes, management, software, data, controls, and human behavior. Academic depth matters. Practical experience matters. Business judgment matters.

This is not a field where slogans are enough.

Large enterprises are usually better at filtering weak advice. Small and mid-sized businesses are more exposed. They may be persuaded by opportunistic consultants who speak confidently about AI but lack the professional background to design stable, secure, and financially sensible implementations.

The cost of poor AI advice is not only wasted budget. In cybersecurity, it can create attack surfaces, governance gaps, false confidence, and operational fragility.

What leaders should do now

The response to AI-powered cyber threats should be practical and immediate.

First, update threat models to include AI-assisted lateral movement and agentic orchestration. Do not stop at phishing and malware generation.

Second, strengthen identity security. If attackers are using AI to discover accounts and navigate environments, identity becomes one of the primary battlegrounds.

Third, monitor sequences, not only events. A single action may look normal. A chain of actions may reveal an AI-guided operation.

Fourth, govern internal AI tools as potential security infrastructure. Employees using AI for productivity and teams building agents need clear boundaries, logging, and review.

Fifth, build internal AI capability. Outsourcing all AI judgment is not sustainable. Organizations need people who understand both the business process and the AI implementation.

Sixth, make human-in-the-loop scalable. The goal is not to place a person in front of every click. The goal is to design supervision models where experts oversee many automated processes effectively.

The real battle is speed with judgment

AI is pushing cyber conflict toward a contest between autonomous and semi-autonomous systems. Attackers will use agents to move faster, test more options, and reduce their dependence on rare expertise. Defenders will need AI to absorb volume, detect patterns, and respond within shrinking windows.

But speed alone is not enough. Enterprises need speed with judgment.

That requires educated teams, mature governance, strong platforms, and leaders who understand that AI is not just a technical upgrade. It is a new operating layer for both business and risk.

Organizations that treat AI security as a compliance appendix will be late. Organizations that build disciplined AI capability now will not only defend better. They will operate better.