BRSL Weekly Brief
Your weekly brief on current events from the Berkeley Risk and Security Lab.
BRSL Weekly Brief
Key Takeaways from Anthropic's Year-long Cyber Threat Map
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This week on the BRSL Weekly Brief Professor Andrew Reddie breaks down the June 3 2026 report from Anthropic analyzing a year in cyber threats and attacks -- and what we can learn from them.
Welcome to the Berkeley Risk and Security Labs Podcast, the BRSL Weekly Brief, where we bring you the latest information on current events from our lab experts. I'm the lab's communications manager, Vivian Bussy Skinner, and I'm here with the BRSL faculty director, Professor Andrew Reddy, to discuss cybersecurity. Today, in particular, we're going to talk about a report that was released by Anthropic last week titled What We Learned Mapping a Year's Worth of AI-enabled cyber threats. So welcome to the podcast, Andrew.
SPEAKER_00Thanks so much, Vivian.
SPEAKER_01So what are the kind of broader cyber risks these days in terms of a global geopolitical perspective?
SPEAKER_00Yeah, I mean, they still remain really significant. I think if we're learning lessons from things like the war in Ukraine, we're seeing the degree to which cyber attacks are ubiquitous and being used by states in order to advance their interests, whether that's supporting cyber criminals in order to garner funds. And so that would be the North Korean case, or else using the cyber domain as a part of what we call gray zone warfare in contexts like Ukraine, attacks on the energy grid, attacks on military networks. And then also just broader kind of espionage, where you'll see attacks from Chinese state-sponsored actors on US government networks, primarily for the purposes of garnering information about how the government works and who's inside of different in different government agencies. And then, of course, you have all of the non-state components too. I'm sure any number of our listeners has been subjected to a cyber attack or an attempt to steal an identity, social security numbers, credit card theft, et cetera. And as we push more and more of our personal information and our financial information into internet-enabled devices. And even in non-internet enabled devices, by the way, you can actually have attacks on assets that aren't connected to the web whatsoever. They become juicy targets for bad actors. And so that's kind of where we sit. And to some extent, uh it's never been more dangerous in the cyber domain as it is sitting here in June of 2026.
SPEAKER_01Yeah. And you touched on those a little bit, but how can you go into kind of how the um targets for these actors have changed over the years and what that looks like now versus a while ago?
SPEAKER_00Yeah. So the way, the way, the shorthand for how I think about this space is in terms of like your overall risk is equal to threats multiplied by vulnerability, multiplied by the consequence. Um and so the threat actors have changed not necessarily in terms of their identity, but certainly in terms of uh the tactics that they have at their disposal in order to try to achieve success instead of a cyber attack. Um and indeed, one of the reasons for that or in the tooling that we'll talk about shortly in the context of the Anthropic report. Um, in terms of the vulnerability space, as I mentioned, um the proliferation of different uh types of IT or internet technology that we all use on a daily basis from fitness trackers to putting your credit cards on your phone, right, or really increasing that attack surface. Um, and of course, inside of critical infrastructure and government context, too, the push towards digitized a lot of the ass, like a lot of the modes of government um has led to increasing vulnerability there as well. And so to give you kind of a concrete example, um you know, two decades ago, if you were running um a water treatment plant, you would actually have staff on site doing the management of that plant in a lot of cases, um, performing all sorts of roles. And what we've tried to do is automate as much of that as possible and do some of that, you know, either autonomously andor right from um a service center that may not even be co-located with the water treatment plant. Um and that's of course in the name of efficiency. Instead of paying for a hundred staff, now I can pay for five. Um, and so that's true in that context. Also the operation of dams, um, the electricity grid, the same. And so um, you know, of course, because you're losing the human fail-safe, the potential cascading consequences of any particular event uh become really significant. And we've seen, you know, all sorts of examples across state actors, non-state actors. Um, so, you know, things like ransomware attacks. Um, you know, recently here at the university, we had an attack on our Canvas system, and our students couldn't access all of the course materials before their final exams. Um, and ultimately the provider decided to pay the ransom to the cyber criminal group in order to get that access. Um, of course, the university had no role in that whatsoever. It was purely the um the application provider that made that call. But these are the types of policy discussions that emanate from uh this expansion in terms of all of threat vulnerability um and a consequence.
SPEAKER_01Yeah. Um, you talked about this a little bit, but how has that threat changed over the years? And is it um becoming more uh more of a threat, would you say?
SPEAKER_00Yeah, I think I mean it to some extent it depends if you're kind of like a glass half full or glass half-empty person. Um I mean, there's no question that um, you know, things weren't great 10 years ago. Um that said, the types of attacks that we were seeing, um, at least modally, were relatively easy to address. So, like a lot of the phishing campaigns, spam emailing, um, et cetera, um, was relatively easy to see. Um I think that in general, things have become a lot more sophisticated and have subsequently driven a lot more risk. There's also, I mean, I think another important kind of change is the disposition of governments in particular to be playing in the cyber domain and how they're playing in the cyber domain. Um, and so for example, US policy documents would suggest that we were only ever playing cyber defense um up through the late none late knots, um, maybe even into the early 20s, depending on which government agency. Now there's a recognition that really what we're having is persistent engagement in the cyber domain, obviously below the level of conflict um between the United States, Russia, China, your any number of our European you know, partners and allies, um, East Asia the same. Um, so you know, I think those are the kind of the shifts that we're seeing inside of this space. Um, and then of course, there's the bigger question about how, you know, in a in a geopolitical context, cyber capabilities knit together with conventional military context and any other other type of other military asset conversation.
SPEAKER_01Yeah. Um, and we're gonna get back to a little bit later um kind of what this means for individuals and how you can change uh what you're doing in order to see less risk. Um But in terms of this anthropic report, what does this what do you make of the findings?
SPEAKER_00Yeah, I mean the findings aren't terribly surprising. It turns out that AI tools are incredibly useful if you're a bad actor attempting to carry out a cyber attack. So effectively, the floor for the attack that you're likely to carry out. So their study focused primarily on malware, right? So um attacks, viruses, trojans, et cetera, that are really designed to steal data, take over a device entirely, um, potentially, you know, to shut down that device until a ransom is paid, et cetera. Uh, but basically the floor for the sophistication of that attack is now higher than it was before. Um, you've also seen a proliferation in what we would call advanced cyber threat actors who are leveraging these tools. Um now there may be something of a selection effect in the data. So they looked at 842, uh, sorry, 832 um threat actors. Um, and of course, those are the actors that selected into using AI tools. So arguably they're already more sophisticated, perhaps, than your average, you know, cyber criminal or what have you. Uh, but in any case, they're number the numbers that were hitting that advanced threshold um were much higher. Um, and so, you know, they're really demonstrating how what was already a pretty significant threat has just been heightened by the proliferation of these um AI tools. Now, it's important to note that it the 832 number was not the only that that wasn't all of the cyber cyber threats that were um that they were finding. So that's one. And then two, of course, presumably there's all sorts of uh cyber threat actors that were not found in the in the process, right, of trying to call the usage statistics to kind of say, okay, this is a bad actor performing a bad action, right, on um on anthropics tooling. Um so um so yeah, effectively, you know, bad news all around, really.
SPEAKER_01Is it is it something like where these people who are behind these cyber attacks are learning how to do them using AI, or that they're using tools, um, AI tools to do, I guess, more effective attacks, or what is it?
SPEAKER_00Yeah, so it was it was both, um, which I think is also interesting. Although I think of the of the most sophisticated types, I think there was a lower proportion. I think they only reported something like 16% um of the uh threat actors that they were looking at ended up using the tool for lateral movement inside of the network. So this would be once you're actually inside of a government agency's network trying to move inside of that network in order to get to a system that is safety critical or that has administrative privileges or might have information that you're actually looking for versus right, the system that you currently are in does not have that. And so um, that's a relatively sophisticated cyber action. And so they were only seeing that in, you know, what is that, 15 or so out of 100 cases compared to the more broad kind of I mean, very, very clearly it's easy to spin up a phishing campaign using these tools and to make something sound very reasonable for somebody to click on and open an attachment for um in a way that's far more sophisticated than you'll remember, like the Prince of Nigeria attacks of the, you know, the late 2000s, right? Where you're like, okay, this is clearly not worth uh not worth clicking on. That's going immediately to spam. Um it's also that that also that type of action is also really important when it's across languages. Um so obviously, when you're dealing with state actors and they're carrying out a spear phishing campaign or a broader phishing campaign, um, and you're coming from a particular linguistic context, it can be very difficult actually to get the language right, um, particularly around idioms and what have you. Um, and so that's much easier to do now with particularly the frontier model firm's tools that come from the United States or Great Britain, because they're all trained on English language sources. Um, so ironically, these are uniquely bad for any American bad actor who would be wanting to use these tools to actually conduct a spear phishing campaign, but very good for the reverse, um, which is kind of interesting. Um now, of course, as AI tools get better at translation in the general, then maybe that that that that accounts less. But again, effectively what's happening here is that you're increasing the floor.
SPEAKER_01Do you notice any sort of um increase in trust of things like that? Like uh spam because of the use of AI? I mean, I guess I'm asking because it's often that you know you'll see um some sort of written correspondence that kind of like reads a little bit like AI these days. And so is that anything that you've seen like that people are more trusting of things that sound like uh AI just because it's so um you know ubiquitous.
SPEAKER_00I don't know. I mean, as a professor, I'm very distrusting anything that sounds like AI, right? Because hopefully um I hope not to see it from everybody my students. Um I mean, maybe obviously I think it's changing the way that we interact with language in general, so you can't discount it. Um I mean, I think one of the things that I note there is that it is people will talk about kind of this offense-defense, they'll describe it as a balance, but it's not. Um, right, like but basically you can use these same tools for defense as well. Um, and that's true. I mean, I think the spam filters are probably better all else equal given the utilization of some of these LLMs. Um the the the the question of is kind of where on the scale is going to be relatively better or worse at any given moment in time, uh kind of pulling that up. Because of course, any particular spam filter is going to have a false positive rate where legitimate messages are not getting to the end user. Um, and that's a problem. And I'm and to your point, that might become a problem down the road as spam filters get good at saying this was AI generated content, but not necessarily from a bad actor. Um, because it probably is the case, right? If you get a confirmation email from an event that you registered to, I mean, it's already sitting here today, AI generated. I'm sure the Lumas that we use for BRSL events are AI generated in a way. Um, and so if that's where the spam filters end, then that's not good because nobody's getting their confirmation QR code. Um so, you know, I think that the the struggle for all of the companies that effectively host a lot of the ways that we engage with the internet have a really hard problem. I guess another piece of that that's worth noting is that, you know, to some extent, our comfort with tools like Google for G Suite and Gmail or Microsoft for Outlook, et cetera. Um there there is an argument that if you want to be better protected against cyber attacks, you might be better off inside of those larger providers because they're able to resource the defense side better than you would as an individual user of the internet, uh setting up your own email on a server or what have you. And so that's another kind of piece of the puzzle, too.
SPEAKER_01Yeah. In terms of kind of like what individuals can do to be better protected, do you have any kind of general recommendations?
SPEAKER_00Yeah, the old rules still apply, uh, particularly when it comes to, I mean, the the modal type of attack that all of us will suffer is effectively phishing through your email account. Um, and so um, you know, be very I be very skeptical of anything that you receive, um, even if it comes from a trusted source. I mean, we had one here on the team where we had somebody trying to impersonate me and telling everybody to buy gift cards from Starbucks. Um, so you know, um, I mean, my team does know I like a London fog, but um, but I think that um that's the type of thing where, you know, I definitely got phone calls from, you know, Dan and others saying, Hey, was this you? And that's exactly the right answer. So, you know, you really do want to pick up the phone, particularly if it's somebody that you know and they're asking for something to like get that kind of effectively multi-factor authentication in real time. So that so that kind of stuff still applies. As an organization with end users, um, I've always been a big fan of treating everybody as if they're TSA employees, right? So give them, right? In in in the in your daily life, you might not see in a particular uh type of you know phishing campaign. And thus it's really important that you actually provide examples and then have people have to mark them as spam um and not reply to them, et cetera. We used to do that in Washington quite a lot. Um, and then of course, um, if you did happen to open the attachment, you got an email saying, hey, you'd open the attachment, don't do that again. Um I had a colleague who got it wrong every time. Um so so that type of right like muscle memory of like getting it right, that that all that all still applies as well. And then I guess on a more macro level, I think one of the things that we're trying to do, particularly in the critical infrastructure space, is really separate out the internet technology where you do have an increasing number of threat actors leveraging an increased number of vulnerabilities with the operating technology that isn't necessarily required to be networked, uh, certainly not to the internet. Now, again, as I said very briefly in the beginning, just because something's not on the internet doesn't mean that it's invulnerable. Um and so there's lots of ways to you know attack um a laptop not connected to internet using RFID, right? Um so you know, you you all of our electronical assets carry with them vulnerabilities that have nothing to do with the internet. Um so you know, there's this pithy saying that the most secure laptop is the one that's used for like, you know, a bookend um on a shelf. That's not even true, right? You know, it's still vulnerable even in that situation. And so um from like a policy perspective, that kind of ITOT split um is really important as well. Um and then, of course, like I said, you know, I think there's really serious conversations to be had about some of the benefits to single users by leveraging the larger cloud providers um insofar as they're able to scale defenses. Um from a like a governance perspective, we've already proliferated a lot of information sharing regimes. Um, unfortunately, I don't think that CISA, which is the uh part of um the Department of Homeland Security that's in charge of cybersecurity and critical infrastructure, uh, one of their major projects under the previous administration was kind of standing up this information sharing regime, particularly for non-technology companies. Obviously, technology companies speak this language. If you were to talk to executives at Microsoft and you said cybersecurity, they would say, Oh, yeah, sure, that's this person, right? And they would point to um a whole in their case, a whole team, right, working on cybersecurity all day, every day. But if you're a grocery or you're a clothing company, right, you don't necessarily think about these risks, at least not to your your to your business at the forward. Um and that's a particularly significant problem because in reality there's two types of firms, right? There's firms that have been attacked and don't know it, and there's firms that have been attacked and don't know it. And so, you know, we need everybody to be prepared. And so those information sharing regimes are something that we pay a lot of attention to.
SPEAKER_01In terms of this report and kind of thinking about going forward and all of those things, how does this report inform how those things should change, like how we better prepare for attacks in the future?
SPEAKER_00So I think that one of the most interesting and perhaps underappreciated things about Anthropics' report and also work in this domain over the last year. Um, and this was also another place for our listeners to go and look is the November 2025 report that actually sought to characterize how Chinese cyber actors in particular were leveraging uh leveraging Claude. Um, is that the AI firms are getting a sense of how their tools are being used and starting to characterize their user base? Um, and so I think that that's a place where um there might be you know path forward for um thinking about the types of attacks that are coming your way, um, and then also kind of broader governance regimes. It's certainly one of the things that um that you know we're working on here at the lab.
SPEAKER_01Well, we're almost done. Is there anything else that you wanted to add on this topic?
SPEAKER_00No, I mean, I think the the th unfortunately the the most important thing to say is just be careful. Um and you know, these challenges aren't getting anywhere. I mean, I will say that there's a tendency, certainly every time that I'm on your podcast, like we always focus about risk, risk, risk. It's important to remember that ultimately the reason that we care so much about the risks is that there's so much, so many opportunities tied to the technologies in the first place. And so obviously, the reason that we care about all this stuff is that it does give us all of these speed benefits, efficiency benefits, et cetera. And so, you know, ultimately it's our job to make sure that we get the juice without being squeezed. Um, and so, you know, that's our job. Yeah.
SPEAKER_01Well, that's a great note to end on. Um, stay safe out there and make sure you subscribe to the BRSL podcast while you're at it. Um, and thanks for listening.
SPEAKER_00Perfect. Thanks, Vivian.