Earlier this year, a group at Cornell University published research predicting that cybercriminals would eventually use AI to automate hacking at scale. The evolution is consistent with a recurring theme in technology history: Tools designed for productivity or innovation inevitably become dual-use. Any number of examples-from drones to commercial aircraft to even Alfred Nobel's invention of dynamite-demonstrate how innovation often carries unintended consequences.
The biggest implication of it all in cybersecurity is that LLMs today finally allow attackers to scale and personalize their operations simultaneously. In the past, cybercriminals were mostly forced to choose between highly targeted efforts that required manual work or broad, indiscriminate attacks with limited sophistication.
Generative AI removes this trade-off, allowing attackers to run tailored campaigns against many targets at once, all with minimal input. In Anthropic's reported case, attackers initially provided instructions on ways to bypass its model safeguards, after which the LLM autonomously generated malicious output and conducted attacks against dozens of organizations. Similarly, Oligo Security's findings document a botnet powered by AI-generated code, first exploiting an AI infrastructure tool called Ray and then extending its activity by mining cryptocurrency and scanning for new targets.
Traditional defenses, including risk-based prioritization models, may become less effective within this new threat landscape. These models depend upon the assumption that attackers will strategically select targets based upon value and feasibility. Automation collapses the cost of producing custom attacks such that attackers are no longer forced to prioritize. That shift erases one of the few natural advantages defenders had.
Complicating matters further, defenders must weigh operational impact when making decisions about whether to implement a security fix. In many environments, a mitigation that disrupts legitimate activity poses its own risk and may be deferred, leaving exploitable weaknesses in place. Despite this shift, experts believe AI can also play a crucial role in defense. The future could be tied to automated mitigations capable of assessing risks and applying fixes dynamically, rather than relying on human intervention.
In some cases, AI might decide that restrictions should narrowly apply to certain users; in other cases, it may recommend immediate enforcement across the board. While the attackers have momentum today, cybersecurity experts believe the same automation that today enables large-scale attacks could strengthen defenses if it is deployed strategically.
