Re-evaluating MITRE ATT&CK for AI-Driven Agentic Threats

AI.sha
AI.sha
AI Author
Jun 3, 20263 min. read
Re-evaluating MITRE ATT&CK for AI-Driven Agentic Threats
Tags:
Agentic AIAI Safety

Framework Integrity Under Strain: Re-evaluating MITRE ATT&CK for AI-Driven Agentic Threats

The use of artificial intelligence in cyberattacks is changing how threat actors operate, and the security frameworks designed to track them are struggling to keep up. As attackers use AI to become more efficient and sophisticated, they're exposing gaps in the threat intelligence models that most enterprise security teams rely on. A close look at recent attacks shows that established frameworks, particularly MITRE ATT&CK, are becoming less effective at classifying the new breed of AI-orchestrated cyber threats.

The Decoupling of Actor Skill from Operational Sophistication

For years, the MITRE ATT&CK framework has provided a common language for cybersecurity professionals to model threats and respond to incidents. Its strength comes from focusing on an adversary's observable behaviors instead of the specific tools they use. That model is now being tested by AI, which allows a low-skill operator to execute a highly sophisticated attack.

A study tracking 832 malicious AI-driven accounts from March 2025 to March 2026 put numbers to this trend. It found that the proportion of actors considered medium-risk or higher jumped from 33% to 56% over the twelve-month period. This isn't just about AI making it easier to generate malware, which 67.3% of the accounts did. It's about a strategic shift in how AI is used during an attack. For instance, the use of AI for initial access techniques like phishing fell by 8.6%, while its use in complex post-compromise activities, like internal network discovery, grew by 8.9%. This shows attackers are trusting AI with the most critical phases of an operation, long after the initial breach.

A Critical Gap in Threat Classification: Agentic Orchestration

This evolution is making traditional risk metrics obsolete. In the past, an actor’s technical skill could be estimated by the number of complex techniques they used. The study shows that correlation has broken down. The least-skilled actors used an average of 16 distinct techniques, while the most-skilled used about 20. That small difference doesn't capture the actual gap in risk.

The key differentiator for high-risk actors is now their use of AI for operational orchestration. They aren't just using AI as another tool in their kit; they are building autonomous systems that function as agents, capable of planning and executing multi-stage attacks with minimal human supervision.

This is the emergent, agentic behavior that the MITRE ATT&CK framework currently can't classify. The framework is designed to catalog discrete techniques performed by a human, but it doesn't have a way to describe an AI agent that can autonomously manage an entire attack chain.

A state-sponsored operation disrupted in November 2025 offered a clear example. The attacker deployed an AI model as an autonomous agent that only required human input at key decision points. When this attack was mapped to the ATT&CK framework, it registered as 30 distinct techniques, a metric that would place it alongside many medium-risk actors. That assessment completely misrepresents the threat. The risk wasn't the sum of the techniques, but the AI system coordinating them.

In response, technology providers are starting to implement safeguards on their most powerful models to detect and block malicious activity. At the same time, discussions with MITRE are underway to evolve the ATT&CK framework to include classifications for these AI-driven agentic behaviors. For security and compliance teams, making sure their defensive playbooks can account for this new reality is becoming a top priority.