AI Agents Increasingly Assist Cyberattacks, but Fully Autonomous Operations Remain Limited
An expert-authored International AI Safety report says AI agents are increasingly being used to support multiple stages of cyberattacks, with notable gains over the past year in vulnerability discovery and malicious code generation. The report cites results from DARPA’s AI Cyber Challenge where finalist systems autonomously identified 77% of synthetic vulnerabilities, and notes criminal use of AI tooling (e.g., HexStrike AI) to accelerate exploitation soon after public vulnerability disclosures; it also describes a growing market for “weaponized” models that can generate ransomware and data-stealing code at low monthly cost.
Despite these advances, the report assesses that fully autonomous, end-to-end, multi-stage attacks are not yet commonly observed because current AI systems struggle to reliably execute long, complex sequences without human oversight, including poor error recovery and irrelevant command execution. Separately, CSO Online highlights risk-management concerns that large numbers of deployed AI agents could “go rogue,” underscoring governance and control challenges as organizations operationalize agentic AI at scale.
Related Entities
Organizations
Sources
Related Stories
Research and commentary warn autonomous AI agents are increasing security and financial crime risk
Reporting on a new MIT-led survey of 30 widely used **agentic AI** systems describes a security posture marked by **limited risk disclosure**, weak transparency, and inconsistent safety protocols, with researchers warning it is difficult to enumerate failure modes when developers do not document capabilities and controls. The coverage also points to recent attention around the open-source agent framework *OpenClaw*, citing reported security flaws that could enable **PC hijacking** when agents are granted broad permissions (e.g., to operate email and other user workflows), and includes vendor responses from Perplexity, OpenAI, and IBM. Separate industry analysis highlights how increasingly autonomous agents—especially those able to **initiate transactions**—compress detection windows for abuse and complicate attribution and liability, particularly in crypto and cross-chain contexts where funds can move in seconds. A vendor blog argues that accountability still ultimately rests with the humans who design, deploy, authorize, or benefit from these systems, and that governance/monitoring architecture may become central evidence in enforcement actions; it also claims 2025 illicit crypto volume reached **$158B** and that **AI-enabled scams** rose sharply year over year. Broader software-engineering commentary reinforces the trend toward AI-native development and widespread use of AI coding tools, but is largely directional and does not add specific incident or vulnerability detail beyond the general risk discussion.
2 weeks ago
AI-Enabled Cyberattacks Outpacing Defensive Response
A **Booz Allen Hamilton** report warned that attackers are adopting **AI** faster than governments and enterprises are deploying it for defense, compressing response windows and enabling intrusion activity to proceed at *machine speed*. The report cited examples of AI-assisted operations, including use of large language models to identify weak perimeter exposures and rapidly establish persistence, and highlighted how current defensive processes such as patching against newly listed **KEV** vulnerabilities can be too slow against automated exploitation. One example described **HexStrike** exploiting thousands of **Citrix NetScaler** systems in under 10 minutes using a single critical CVE, underscoring the scale and tempo AI can bring to offensive operations. Broader reporting in the same period reinforced that AI is materially changing cyber risk rather than remaining a theoretical concern. Commentary on production engineering failures described internal concern over the **blast radius** of *GenAI-assisted changes*, including Amazon reportedly requiring senior approval for AI-assisted code changes after a major outage tied in part to such activity. At the same time, platform security operations showed AI being used defensively at scale, with **Meta** using AI to detect coded cartel language and drug imagery across Facebook and Instagram, while threat research documented increasingly adaptive social engineering campaigns that blend trusted platforms, brand impersonation, and real-time interaction to steal credentials, payment data, MFA codes, and other PII. Together, the reporting indicates AI is accelerating both attacker capability and defender automation, but offensive use is currently moving faster than most enterprise response models.
Yesterday
Research Warns AI Agents Are Rapidly Improving at Vulnerability Discovery and Exploitation
Recent research and evaluations indicate **AI agents are becoming capable of finding and exploiting vulnerabilities with high success rates using standard offensive tooling**, lowering the barrier to semi-autonomous attacks. A study by Irregular in collaboration with **Wiz** reported that leading models (Anthropic *Claude Sonnet 4.5*, OpenAI *GPT-5*, and Google *Gemini 2.5 Pro*) solved **9 of 10** web security CTF challenges modeled on real-world incident patterns, including **authentication bypass**, **exposed secrets**, **stored XSS**, and **SSRF** (including **AWS Instance Metadata Service (IMDS)**-style SSRF). Researchers noted that even when success required multiple stochastic runs, the **low per-run cost (~$2) and limited repeats** could make exploitation practical without necessarily triggering monitoring, with most challenge successes costing **under $1** and multi-run cases totaling roughly **$1–$10**. Separate evaluation results highlighted by Bruce Schneier, citing an Anthropic post, describe *Claude Sonnet 4.5* successfully executing **multistage attacks across simulated networks** using only **standard open-source tools** rather than custom cyber toolkits, including exfiltrating all simulated PII in a high-fidelity **Equifax-breach** simulation by recognizing and exploiting a known **publicized CVE**. In parallel, Dark Reading reported security concerns around the rapid adoption of an open-source autonomous assistant, **OpenClaw** (formerly *MoltBot/ClawdBot*), which can connect to email, files, messaging, and system tools, execute terminal commands and scripts, and maintain memory across sessions—creating **persistent non-human identities and access paths** that may fall outside traditional **IAM** and secrets controls, increasing enterprise risk as “bring-your-own-AI” agents gain privileged access.
1 months ago