{"name":"ankya — LLM uplift (AI as weapon) v2026.06","versions":{"layer":"4.5"},"domain":"enterprise-attack","description":"How materially current LLMs change an adversary's cost, speed, scale or reach per technique, graded 0-4 by ankya pty ltd. Built on MITRE ATT&CK (c) The MITRE Corporation. Full interactive version: https://ankya.ai/research/llm-attack-navigator","gradient":{"colors":["#202940","#2C5F86","#C2913A","#CC6630","#C2362B"],"minValue":0,"maxValue":4},"legendItems":[{"label":"0 — No shift","color":"#202940"},{"label":"1 — Emerging","color":"#2C5F86"},{"label":"2 — Moderate","color":"#C2913A"},{"label":"3 — High","color":"#CC6630"},{"label":"4 — Critical","color":"#C2362B"}],"techniques":[{"techniqueID":"T1589","score":3,"comment":"LLMs collapse hours of manual OSINT into seconds — correlating leaked records, social graphs and public filings into a ranked target dossier, then drafting the angle of approach. Field signal: GTIG and model-provider reports attribute live victim-research use to multiple state-linked actors."},{"techniqueID":"T1598","score":3,"comment":"Pretext generation is near-free. Models produce fluent, context-aware, locally idiomatic elicitation messages tuned to a specific role or vendor relationship. Field signal: Provider disclosures show actors iterating lures and translations through commercial and jailbroken models."},{"techniqueID":"T1591","score":2,"comment":"Summarisation of sprawling corporate footprints — supply chains, tooling, org charts — into an exploitable map. Field signal: Routinely observed as a productivity aid rather than a novel capability."},{"techniqueID":"T1585","score":4,"comment":"Generative media manufactures convincing personas at scale — coherent histories, voice, video and writing style — enabling long-con infiltration and fraudulent employment. Field signal: Nation-state insider-placement campaigns increasingly lean on AI-forged identities and deepfake-assisted interviews."},{"techniqueID":"T1587","score":3,"comment":"Models scaffold tooling, port exploits between languages and explain unfamiliar code — compressing the skill and time floor for capable-enough malware. Field signal: Jailbroken 'dark' LLM services are marketed specifically for malware and BEC support."},{"techniqueID":"T1588","score":2,"comment":"Faster triage of which public exploits and tools fit a given target stack. Field signal: Incremental efficiency gain."},{"techniqueID":"T1566","score":4,"comment":"The best-evidenced uplift anywhere on this matrix. Flawless grammar, per-recipient tailoring and volume together push campaign success rates up while erasing the classic linguistic red flags. Field signal: Microsoft/OpenAI and ENISA reporting tie measurable improvements in large-scale phishing to generative tooling."},{"techniqueID":"T1566.004","score":4,"comment":"Real-time voice cloning turns help-desk and approval workflows into a fast foothold that sidesteps endpoint controls entirely. Field signal: Deepfake-assisted help-desk fraud is now a recurring root cause in major intrusions."},{"techniqueID":"T1199","score":2,"comment":"AI sharpens the pretext for abusing a partner or supplier channel, though access still hinges on the underlying trust path. Field signal: Supporting role within social-engineering chains."},{"techniqueID":"T1059","score":3,"comment":"Malware can generate its commands on-demand from a model at runtime, fitting actions to the exact host it lands on rather than shipping fixed scripts. Field signal: LAMEHUG issues live LLM queries to synthesise system commands tailored to the local environment."},{"techniqueID":"T1204","score":2,"comment":"More persuasive decoys and instructions raise the odds a user runs the payload. Field signal: Amplifies the social half of the chain."},{"techniqueID":"T1106","score":1,"comment":"Marginal — AI helps author the code, but the technique itself is unchanged. Field signal: Low direct uplift."},{"techniqueID":"T1136","score":2,"comment":"AI helps craft plausible account names and supporting artefacts that blend into directory noise. Field signal: Supporting, not transformative."},{"techniqueID":"T1547","score":1,"comment":"Code-authoring help only; mechanics are well-trodden and well-detected. Field signal: Low direct uplift."},{"techniqueID":"T1068","score":2,"comment":"Models accelerate vulnerability research and PoC drafting, but reliable end-to-end exploitation under real conditions is still uneven — a research aid more than an autonomous capability. Field signal: Academic agents show progress on guided exploitation; field reliability lags the demos."},{"techniqueID":"T1548","score":1,"comment":"Minimal change to a heavily-instrumented technique. Field signal: Low direct uplift."},{"techniqueID":"T1027","score":4,"comment":"A genuinely novel pattern: malware that calls an LLM to rewrite or regenerate its own code each run, defeating static signatures by never holding still. Field signal: PROMPTFLUX morphs itself via live model queries; PROMPTSTEAL/LAMEHUG query LLMs mid-execution."},{"techniqueID":"T1620","score":2,"comment":"AI eases in-memory loader development but detection surface is unchanged. Field signal: Indirect uplift."},{"techniqueID":"T1110","score":2,"comment":"ML-guided guessing and smarter wordlist generation improve hit-rates against weak and reused secrets. Field signal: Identity remains the dominant intrusion vector; passwords still anchor most identity attacks."},{"techniqueID":"T1056","score":1,"comment":"Little change to the technique itself. Field signal: Low direct uplift."},{"techniqueID":"T1083","score":2,"comment":"Once inside, models triage vast collections quickly — surfacing the crown-jewel data among noise far faster than manual review. Field signal: Reported abuse of AI inside compromised environments to find what matters."},{"techniqueID":"T1087","score":2,"comment":"Summarisation of directory and group structure into an attack path. Field signal: Efficiency gain within hands-on-keyboard operations."},{"techniqueID":"T1057","score":1,"comment":"Marginal. Field signal: Low direct uplift."},{"techniqueID":"T1021","score":2,"comment":"Research shows LLM agents can plan and partly execute multi-host movement; reliability and stealth in real networks remain the gating factors. Field signal: Feasibility demonstrated in controlled multi-host studies."},{"techniqueID":"T1210","score":2,"comment":"AI-accelerated exploit selection feeds movement, bounded by the same exploitation-reliability ceiling. Field signal: Emerging."},{"techniqueID":"T1119","score":3,"comment":"Models prioritise and summarise as they gather — turning bulk theft into curated, intelligence-led collection of the highest-value material first. Field signal: Attackers reported using LLMs to mine stolen data for what is worth taking."},{"techniqueID":"T1114","score":2,"comment":"Rapid synthesis of mailbox contents into actionable leverage or onward pretexts. Field signal: Supporting capability."},{"techniqueID":"T1213","score":2,"comment":"Semantic search across wikis and ticketing turns sprawl into targeted extraction. Field signal: Efficiency gain."},{"techniqueID":"T1102","score":3,"comment":"Legitimate model-provider APIs double as a covert decision-and-command channel — traffic to a trusted AI endpoint looks unremarkable and rides existing allow-lists. Field signal: PROMPTFLUX / LAMEHUG-class malware reach back to public LLM APIs at runtime."},{"techniqueID":"T1071","score":2,"comment":"AI assists in shaping protocol-blending traffic, though the channel concept is established. Field signal: Indirect uplift."},{"techniqueID":"T1573","score":1,"comment":"Unchanged at the crypto layer. Field signal: Low direct uplift."},{"techniqueID":"T1567","score":2,"comment":"AI helps choose and blend with high-trust services; the staging benefits more than the transfer. Field signal: Modest direct uplift."},{"techniqueID":"T1041","score":1,"comment":"Mechanically unchanged. Field signal: Low direct uplift."},{"techniqueID":"T1491","score":3,"comment":"Generative text, image and video industrialise disinformation and brand-impersonation at a scale and believability that manual production never reached. Field signal: A leading driver of the rise in reported generative-AI harm incidents."},{"techniqueID":"T1486","score":2,"comment":"AI streamlines target triage, negotiation drafting and operational tempo rather than the encryption itself. Field signal: Productivity layer across the ransomware lifecycle."},{"techniqueID":"T1565","score":2,"comment":"Convincing fabricated records and tampering at scale become cheaper to author. Field signal: Emerging integrity-attack concern."}]}