New research from Anthropic's Frontier Red Team should change how every SOC triages a threat. Mapping 832 banned malicious accounts onto the MITRE ATT&CK framework, the team found that the link between an attacker's skill and an attacker's risk has come apart.
The headline number is stark: the share of actors scoring medium-risk or higher climbed from 33% to 56% in a single year, and they didn't get more skilled to do it. The metric most triage models lean on, technical sophistication, barely predicts risk at all (a correlation of 0.28). Technique count is no better (0.27).
So what predicts risk now, if not skill? Anthropic's answer is one line worth pinning to the wall:
"The dividing line between low and high-risk actors is no longer technical skill but orchestration."
The techniques themselves are familiar. The most common one in the dataset - malware development - showed up for two-thirds of actors, and the detection rules that caught it last year still catch it. A web shell is still a web shell. What changed is the spacing. AI-enabled actors now chain known techniques back-to-back at machine speed, with no human pauses between steps.
The clearest example is the actor Anthropic scored at maximum risk, GTG-1002, behind an espionage campaign disrupted last November. It didn't use exotic tradecraft, it used 30 techniques, barely above the median of 16. What made it a 100-out-of-100 was how it ran them: it wired open-source tools into an AI agent through the Model Context Protocol to build, in Anthropic's words, "an autonomous attack platform rather than a code-writing assistant." The AI didn't just suggest the commands. It executed them, across reconnaissance, exploitation, lateral movement, and exfiltration.
And here's the gap that should get every defender's attention: that orchestration layer has no MITRE ATT&CK mapping. There is no technique ID for "the machine ran the whole playbook by itself." The thing that now separates a nuisance from a maximum-risk actor is precisely the thing our frameworks don't yet describe.
This is the part I live every day in our SOC, so I'll say it plainly.
If the attacker's edge is removing the human from the loop, the defender's edge is putting the right human back in, at the right moment. Autonomous investigation can and should run at machine speed: it's the only way to match the cadence. But the irreversible, high-impact actions - the ones you can't take back - belong to a named practitioner who can see the full reasoning chain and answer for the call. Machine speed for investigation. Human pace for consequence.
Autonomous investigation at machine speed; a named practitioner signs off on every high-impact action.
That's not a slower SOC, and it's not a fully autonomous one. It's a deliberate line, and it's why we show customers what we actually found and did, not just what we promise. Radical Transparency, not a black box.
The practical takeaway from the research is short. Keep your technique-mapped detections, they still work, but treat them as necessary, not sufficient. Watch tempo and sequence, not just whether a technique fired. Watch the orchestration surfaces: the agent harnesses and agent-to-tool interfaces where the autonomy actually lives. And close the window between a vulnerability and a fix, because the exploitation side isn't waiting.
The threat got faster, not smarter. The answer is a SOC that's fast where speed is safe, and deliberate where it isn't - with a name attached to every consequential decision.
Source: Anthropic Frontier Red Team (Kyla Guru, Alex Moix, Jacob Klein), "Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator," June 3, 2026.