For the entire history of cybersecurity, human speed has always been a bottleneck, somewhere in the system. Whether it was a lone hacker or a nation-state team, scripting and automation could not bypass the human element necessary to plan, coordinate, interpret and execute attack objectives. Consequently, the overall speed of an attack could only progress as fast as the person behind the keyboard.
That era is rapidly fading. We are now witnessing the undeniable rise of agentic AI. Shedding light on its use, Anthropic recently released a landmark report, which details the disruption of a cyberespionage operation orchestrated by AI agents on behalf of a group referred to as GTG-1002. The AI in this campaign followed a script and autonomously orchestrated the attack. It also mapped attack surfaces, exploited vulnerabilities, moved laterally and conducted intelligence analysis — all at machine speed.
Beyond just an upgrade in tool sets, this campaign completely changes the dynamics of cyberwarfare. The adversary no longer sleeps or needs a human so it can connect disparate pieces of information purposefully and faster than ever before.
The Invisible Evolution
To understand where we are going, we must recognize how the board has shifted. In AI’s infancy, its success was limited to narrow, structured tasks. As large language models (LLMs) evolved, they gained the ability to generalize across complex, unstructured data. We saw this first in defense — automated patching, code generation and vulnerability identification.
Now, the dual nature of powerful LLMs is coming home to roost, birthing a new anatomy of algorithmic threat that disrupts and defuses core processes in traditional defense.
An autonomous offensive LLM agent, unlike traditional malware, requires no command and control infrastructure because the agent is the command and control. It analyzes network topology, understands business processes, and autonomously decides how to move laterally toward critical assets. And, it doesn’t need a human controller because it simply thinks.
Once inside, this agent employs a new form of dynamic persistence. We often worry about “adversarial examples” — like tricking a sensor with pixel noise — but that’s just one parlor trick in the agent’s toolbox. The true threat is from the holistic set of an agent using the toolbox. Because an autonomous agent acts with a comprehensive, adaptive logic, it can overwhelm human control points with sheer speed, hiding its actions in the raw noise of logs where human analysts cannot connect the dots fast enough. It also maintains a holistic view of the target, correlating seemingly unrelated data points across the enterprise to find structural weaknesses that isolated defense strategies — human or otherwise — would not anticipate.
Perhaps most insidious, however, is the potential for stealth within and across all phases of an attack. The silent persistence of an agent, maintaining context of the overall attack through markdown files, as observed in the GTG-1002 event, can conduct data poisoning or piecewise indirect exfiltration a drop at a time, or piggybacking within the routine dataflows. Unlike a loud, chaotic event like a Network Mapper (Nmap) scan, this attack is a low, slow and nearly undetectable shift in how an offensive entity can maliciously influence processes and extract value from your organization’s greatest intellectual assets.
The Death of the Grace Period
We need to be clear that agentic AI breaks the “grace period.”
Defenders for decades have enjoyed a lag time between the publication of a common vulnerability and exposure (CVE) and the weaponization of an exploit. That gap allowed teams to patch, test and deploy fixes. With autonomous agents, that gap is downgraded to zero.
An agent capable of reading a CVE, writing code and validating an exploit can weaponize public information faster than any human team can read the report. Recent research has demonstrated AI systems capable of generating functional exploits for new CVEs in as little as 15 minutes, turning our own transparency into a vulnerability.1 The detailed roadmaps we publish to help defenders now fuel the exact agents we are fighting.
This shift requires a new rule of engagement: Data privacy is a necessary layer of defense. We must fundamentally rethink how we share data, which becomes a question of capacity. If an AI agent identifies a thousand vulnerabilities in a single hour, the act of “responsible disclosure” becomes a Denial-of-Service attack on the remediation process. Human teams simply cannot metabolize risk at that volume. Other data that could be used in social engineering or credential stealing can be pulled into attack chains with greater efficiency. Broadcasting our weaknesses to the world assumes the adversary is slow enough, and the list of problems short enough, for us to win the foot race. Humans will always lose this race when up against an autonomous agent.
Adapting at Machine Speed
Leading through this transition demands a shift in operational philosophy. The ambiguity of the threat timeline — whether it matures in six months or six years — is a test of strategic foresight, not a permission slip to delay.
To survive, leaders must first escape the trap of treating legacy infrastructure as a permanent asset. Naturally we want to protect the investments we have made, but in an autonomous environment, any siloed tool that adds latency is a liability. An agent exploits the milliseconds it takes to correlate a network signal with an endpoint alert. Holding onto these tools because of their “sunk cost” is a strategic error. If a tool cannot operate at machine speed, it is unequivocally a liability.
In order to do this, though, organizations must embrace a nonlinear approach to modernization. Attackers do not incrementally improve their scripts; they leapfrog to autonomous orchestration. Defenders must match that trajectory. We must stop allocating resources to reshape and prolong legacy products that were never designed for this era. The focus must shift entirely from maintaining the old processes to R&D for the new needs of the autonomous age. You cannot defeat an exponential threat with a linear upgrade path.
Ultimately, we must learn to lead through uncertainty. Traditional management models often demand floodlights — full clarity, guaranteed ROI and predictable outcomes before approving a budget. But agentic AI is an adaptive, rapidly evolving threat. If you wait for a fully illuminated plan, you are already behind. Leaders must become comfortable operating with a “dim flashlight,” seeing only the next few steps but moving with conviction. The goal is continuous adaptation, not perfect clarity.
Be the Red Team
Fundamentally, we must change how we test our own resilience. Professional red teaming is often limited to narrow domain experts evaluating isolated systems. This approach creates a dangerous blind spot. We need diverse teams for the sake of variety and because testing bits in isolation fails to expose the systemic vulnerabilities that an agent can connect across subcomponents. While unstructured hackathon events might bring together more diverse perspectives, relying on ad hoc efforts performed at the margins of the workday is insufficient to create structured, systematic assessments.
We must invest in dedicated, diverse teams whose sole job is to start from scratch and learn how to be the attackers of this new era. We need to anticipate where current defenses will fail before an autonomous agent finds those cracks in the wild.
Leadership in the Age of Agentic AI
The rise of agentic AI risk marks the inevitable next chapter in cybersecurity. But, realizing the promise of an autonomous defense requires a decisive shift in how the enterprise buys, builds and deploys security.
The boardroom’s priority is to intentionally remove the strategic friction of adoption — shifting risk tolerance and expediting budget approvals that often stall innovation. This top-down clarity empowers managers to tackle the operational friction, giving R&D teams the specific mandate to leverage AI, study the new battlefield and build robust autonomous defensive agents. The capacity to execute this plan requires new performance goals. They must allow risk and failure so teams can quickly assess a wide set of options with technical depth and curiosity, but without being slowed down by procurement processes or assurances of success that cannot be made.
The question has shifted from when this battle will be fought to how you choose to prepare for it. Will you look backwards at past resilience, confident that it has gotten you too far to fail? As we see our adversaries playing chess to our checkers, how will you enable your teams to learn this new game and level up?
The move is yours.
Curious about what else Nicole has to say? Check out her other articles on Perspectives.
1 Mayura Kathir, “AI Systems Can Craft Exploits for Known CVEs in Minutes,” Cyber Press, August 22, 2025.
