Anthropic News | AI Cyber Threat Analysis and Claude Code 2.1.162

[1] Annual Mapping of AI-Assisted Cyber Threats Published — AI Misuse Shifting to Post-Compromise Phase

On June 3, 2026 (JST), Anthropic published its annual mapping of AI-assisted cyber threats. The report analyzes 832 accounts suspended for malicious cyber activity over the 12-month period from March 2025 to March 2026, mapping their attack techniques against the industry-standard MITRE ATT&CK framework. Source: Anthropic official announcement (AI-enabled cyber threats and MITRE ATT&CK).

Three major findings stand out. First, 67.3% of threat actors used AI for malware development, while 6.5% applied AI to advanced techniques such as lateral movement (post-intrusion traversal). During the study period, the proportion of medium-to-high-risk threat actors grew from 33% to 56% — approximately 1.7 times. Second, AI usage is deepening from initial intrusion to post-compromise activities. While use in account reconnaissance rose +8.9%, AI-assisted phishing declined −8.6%, indicating that attackers are applying AI deeper in the attack lifecycle.

Third, traditional risk assessment frameworks are becoming less effective. Skill level no longer correlates with the number of techniques used (16–20 techniques across all risk tiers), and the access surface (Claude Code, API, or chat) does not predict threat severity. What distinguishes high-risk actors is "organized attack chains that operate autonomously with minimal human intervention." The report also highlights a structural limitation of MITRE ATT&CK itself: it lacks categories to represent AI-specific behaviors such as autonomous agent coordination, sequential decision-making, and chained execution.

Impact rating for engineers: ★★★. The implications for defenders are concrete. The conclusion — that detecting autonomous orchestration capabilities and chained execution should take priority over measuring attacker sophistication through traditional indicators like tools used or skill level — speaks directly to security practitioners and SOC teams. At a time when proactive cyber defense frameworks are being formalized in Japan as well, this is worth reading through the lens of "how threat assessment metrics are evolving in the AI era." Note that figures such as 832 accounts and 67.3% are values published based on Anthropic's own internal data.

[2] Claude Code v2.1.161 / v2.1.162 — Slash Command Autocomplete Behavior Change and Permission Rule Fix

The developer tool Claude Code received back-to-back releases with v2.1.161 and v2.1.162. Sources: claude-code v2.1.161 release notes, claude-code v2.1.162 release notes.

v2.1.161, released at 21:58 JST on June 2, 2026, includes the following changes.

Key changes in v2.1.161

• Improved robustness so that a failed Bash command in a parallel tool call batch no longer cancels other calls
• Clipboard support for wl-copy / xclip / xsel in Linux fullscreen environments
• The /effort dialog and animations now respect the "reduce motion" accessibility setting

Bug fixes in v2.1.161

• Background auxiliary output corrupting stdout
• Telemetry events being silently discarded
• MCP secrets being exposed in the terminal

v2.1.162, released at 21:31 JST on June 3, 2026, includes the following changes.

Key changes in v2.1.162

• Slash command autocomplete now inserts commands into the prompt field rather than executing them immediately, preventing accidental execution
• Search tools (Grep / Glob) are now explicitly enumerated and provided in native builds
• The /effort command now displays a confirmation that the selected level has been set as the default
• Improved terminal rendering performance

Bug fixes in v2.1.162

• Hang on startup when the configuration directory is read-only
• WebFetch permission rules not being applied to built-in pre-approved domains
• Permission rules not working correctly for paths with Windows backslashes or mixed-case characters
• Errors occurring when emoji appeared near output truncation boundaries

Impact rating for engineers: ★★. The change from "immediate execution" to "insertion into the input field" for slash command autocomplete is a practical improvement that reduces a common source of unintended command execution — existing users should be aware of this behavior change. The fixes to permission rules around Windows paths and pre-approved domains will benefit teams with strict permission configurations. The fix for MCP secrets being exposed in the terminal is also a significant security update.

[3] Services Track and Partner Hub Added to the Claude Partner Network

On June 3, 2026 (JST), Anthropic announced the addition of two new mechanisms to the Claude Partner Network, which launched in March. Source: Anthropic official announcement (Services Track and Partner Hub).

The first addition is the Services Track — a three-tier certification program that evaluates provider capabilities based on the number of certified practitioners, production deployments, and customer case studies. The Select tier requires 10+ certified practitioners, 2+ production customers, and 1+ public case study; Preferred requires 100+ practitioners, 15+ customers, and 3+ case studies; the top-tier Global Premier requires 1,000+ practitioners, 100+ customers across 3+ regions, 15+ case studies, and a named executive sponsor. Tier reviews are held twice a year (January 1 and July 1), with 90 days' notice given for downgrades. The second addition is the Claude Partner Hub, a portal that displays partner credentials and helps customers find the right provider for their needs.

Supporting figures are also provided. More than 40,000 companies have applied to participate, and over 10,000 consultants have already earned Claude certification. Major participants include Accenture (30,000 trained), Cognizant (350,000), Deloitte (470,000), KPMG (276,000+), Infosys, and PwC. Anthropic has committed $100 million in investment to support training, technical assistance, and marketing.

Impact rating for engineers: ★★. While the direct impact on day-to-day development work is limited, the formalization of "provider selection" for Claude deployment support is useful background information for technical leads and PMs considering enterprise adoption. The fact that major SIs and consultancies are rolling out Claude certification training at a scale of hundreds of thousands of employees is evidence that enterprise adoption of Claude is accelerating. For domestic outsourcing and SES firms, this signals the emergence of "certified partner" as a new axis of differentiation.

What to Watch Next

Today's overarching theme is "making realities visible" and "operating safely." The AI-assisted cyber threat mapping pairs naturally with the Project Glasswing we covered previously — which focused on vulnerability detection for defenders — to give a three-dimensional view of "the reality on the attacker's side." The key questions going forward are how to detect autonomously chained attack sequences, and how threat assessment metrics will be updated. Claude Code continues to improve its permission rules and accidental-execution safeguards, and teams with strict permission configurations are entering a phase where they stand to benefit the most. On the ecosystem side, the introduction of the Services Track is beginning to make deployment support quality visible through certification. The Clauder Navi editorial team will continue to track developments across the company, products, and ecosystem.

Sources

• Anthropic official announcement (Annual mapping of AI-assisted cyber threats / MITRE ATT&CK): https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack
• Claude Code v2.1.161 release notes: https://github.com/anthropics/claude-code/releases/tag/v2.1.161
• Claude Code v2.1.162 release notes: https://github.com/anthropics/claude-code/releases/tag/v2.1.162
• Anthropic official announcement (Services Track and Partner Hub): https://www.anthropic.com/news/services-track-partner-hub