AI models in cybersecurity
1. The leap from assistants to autonomous agents: why AI models are changing cybersecurity
The transition from passive conversational interfaces to autonomous agents marks a real shift in how security operates. Instead of using generative systems only to “translate” context or suggest steps, teams begin delegating chained tasks—with planning, execution, and verification—within controlled workflows.
Until recently, analysts treated generative tools as technical oracles: they helped interpret hard logs, generate scripts, and summarize evidence. Now the focus shifts toward systems capable of turning intent into operational action, reducing the gap between discovery, validation, and response.
2. How AI models applied to security work: LLMs, agents, RAG, fine-tuning, and tool orchestration
The operational foundation of modern cybersecurity no longer relies only on static scripts; it increasingly combines architectures in which Large Language Models (LLMs) act as a logical reasoning engine. A pure LLM handles text and code well; the real gain appears when it’s coupled with components that provide reliable context and execute verifiable actions.
In general, this combination assumes four layers:
– RAG (Retrieval-Augmented Generation): retrieves internal information (policies, runbooks, prior tickets, technical documentation) to reduce generic answers.
– Fine-tuning / adaptation: adjusts the model’s behavior to match specific environment patterns (team language, alert formats, report style).
– Agents: allow the model to plan steps, call tools, and evaluate results.
– Tool orchestration: integrates calls to real utilities (queries in SIEM/EDR, checks in inventory systems, controlled execution in a sandbox), while keeping an auditable trail.
The practical result is a system that doesn’t just “explain,” but also operates within the environment’s rules—with defined limits and validations before final action.
3. The Claude Mythos Preview case: offensive capabilities, performance in CTFs, and what the results really mean
Claude Mythos Preview, developed by Anthropic, is cited as a reference point for the transition toward agents with concrete offensive capabilities. In evaluations conducted together with the AI systems Security Institute (AISI), the model was tested in scenarios that approximate automated exploitation flows typically seen in advanced challenges.
The results stand out less for an isolated “number” and more for the type of competence demonstrated: chaining steps until achieving the intended access/impact in the simulated environment. Even so, these performances must be interpreted carefully when extrapolating to real corporate environments—where variables such as heterogeneous telemetry, additional controls, and operational constraints completely change the game.
4. Multi-stage automated attack: vulnerability discovery, chaining failures, and autonomous exploit development
A complex attack rarely boils down to simply identifying an open port. It requires strategic planning: mapping exposed surface area, inferring likely exploitation paths, and adapting when a step fails or encounters mitigation.
Modern autonomous systems have surpassed common limitations of traditional static analysis and isolated fuzzing by adopting internal decision cycles:
1. Discovery: context-guided enumeration (likely services, likely versions, observed patterns).
2. Validation: targeted checks to confirm hypotheses without “burning” attempts.
3. Chaining: sequential use of complementary failures (e.g., privilege escalation + pivoting + persistence).
4. Exploit development: dynamic generation/tuning of payload based on feedback from the simulated target.
5. Final verification: confirmation that the intended effect occurred under test conditions.
This design reduces exclusive dependence on human operators at the tactical stage—though governance is still required when applied outside controlled environments.
5. AI in cyber defense: detection, alert triage, incident response, and SOC automation at scale
In Security Operations Centers (SOCs), data overload makes manual analysis unsustainable. Telemetry generated by global corporate infrastructures produces thousands of alerts per day; without intelligent automation, relevant signals get lost among noise and poorly calibrated priority.
LLM-based models can support defense across three main fronts:
– Assisted detection: correlate scattered events and suggest more probable hypotheses.
– Smart triage: classify alerts by potential impact and confidence in evidence.
– Procedure-driven response: execute standardized actions via SOAR (initial containment), generate technical justifications, and update cases in ticketing systems.
When well integrated into existing ecosystems (SIEM/EDR/SOAR), these systems reduce time-to-decision—not just time-to-notification.
6. Real market metrics: 73% on specialist tasks; over 80% on reproducing/exploring failures; thousands of critical vulnerabilities identified
Quantifying performance in real scenarios helps move away from purely theoretical discussions and brings debate closer to applied engineering. Data cited in evaluations related to the Mythos model—conducted with partnership from the AI Security Institute (AISI)—supports the core idea: there is measurable capability beyond easy text generation.
These numbers are used as arguments for two practical points:
– Partial transfer to specialized tasks, where the model must follow rigorous technical formats.
– Consistent reproduction/exploration, indicating non-trivial ability to turn technical knowledge into actions under test conditions.
Even so, metrics should be paired with qualitative analysis: real semantic/operational success rate depends on the type of simulated target and constraints imposed by the lab.
7. Industry case studies: Anthropic, CrowdStrike, Palo Alto Networks, IBM, Check Point, SentinelOne, and Sophos in the race for AI-driven defense
The growing maturity associated with models that have offensive capabilities has directly influenced commercial strategies in defensive domains. Anthropic’s Claude Mythos Preview is often cited as an example of this progress; in practice it accelerated portfolio changes among companies focused on digital protection.
Among industry moves observed are:
– deeper integration between analytical automation and operational platforms;
– expanded combined use of generative models alongside traditional mechanisms (rules/correlation);
– greater focus on auditable workflows to reduce operational risk;
– gradual adoption in layers (copilots first; semi-autonomous agents afterward).
Even when each vendor implements different approaches internally, the common denominator is clear: AI systems stops being an “extra resource” and becomes part of critical processes across the SOC lifecycle.
8. Critical infrastructure & financial sector: how governments and regulators are responding to offensive-model risk
Autonomous agents with offensive capabilities have changed regulatory matrices for sensitive sectors. Electric grids, public utilities—and especially finance—operate under strict assumptions about continuous availability requirements, integrity of legacy systems,and operational traceability.
Against this backdrop:
– demand grows for prior control over internal use;
– pressure increases for independent assessment (audit/red teaming);
– guidelines emerge around segregation between experimental environments and production;
– governance strengthens over access to sensitive data used for training/adaptation.
The central goal is reducing both technical risk and systemic risk: a failure or abuse cannot quickly scale due to the speed of automated agents.
9. Technical limitations of AI models in cybersecurity: hallucinations,
false positives/negatives,
incomplete context,
computational cost,
and operational reliability
Once you move out of CTF-style challenges into real corporate environments,
difficult barriers appear:
– Hallucinations: convincing answers without factual grounding can lead to wrong decisions.
– False positive/negative: correlations may seem plausible even when evidence is insufficient.
– Incomplete context: LLMs heavily depend on input quality; gaps turn into fragile conclusions.
– Computational cost: repeated execution across multiple iterations increases operational cost.
– Operational reliability: performance varies based on available infrastructure (are logs readable? endpoints accessible? integrations working?).
That’s why many projects adopt technical guardrails: cross-checking against trusted sources via RAG; validation before action; explicit limits for tools invoked by agents; continuous metrics by alert type/size.
10. Ethical risks & dual use: when the same AI accelerates legitimate pentests and malicious attacks at scale
The typical architecture used by autonomous agents doesn’t automatically distinguish authorized auditing from criminal intrusion. If an agent can navigate a simulated or authorized corporate environment—identifying critical vulnerabilities—it can also be adapted for adversarial goals outside that framing.
This creates a classic dilemma:
– legitimate acceleration improves defensive productivity;
– improper acceleration expands offensive capability beyond legal boundaries;
– reduced human effort lowers barriers for less experienced actors.
For this reason there are strict internal policies around access to automated tools (who can run them? where? with what permissions? which logs are mandatory?), along with increasing need for external controls when potential impact involves third parties.
11. Evaluation & governance: CTF benchmarks,
red teaming,
continuous auditing,
guardrails,
and frameworks like NIST for frontier AI
Validating frontier-focused models requires moving beyond simplistic metrics focused only on textual quality or average “accuracy” rate.
In cybersecurity it matters how behavior performs under realistic dynamics:
sequential decisions depend heavily on current environment state.
That’s why benchmarks like Capture The Flag have become a practical standard for assessing offensive/automated capability under clear rules—but always complemented by:
– structured red teaming,
– internal adversarial testing,
– continuous evaluation after model/integration changes,
– auditing based on detailed logs,
– formal implementation of guardrails.
Frameworks discussed by NIST help organize requirements tied to responsible management of these systems (especially when dealing with frontier AI), connecting technical assessment with organizational governance.
12. Practical enterprise adoption architecture:
security copilots,
semi-autonomous agents,
and integration with SIEM/EDR/SOAR
Enterprise adoption works best when the cognitive engine doesn’t operate in isolation; it acts as a layer above existing infrastructure.
The practical architecture usually splits into two tracks:
1) Security copilots
Analyst assistance during triage/analysis/reporting:
they summarize evidence available in SIEM/EDR;
suggest hypotheses;
generate drafts consistent with internal runbooks.
2) Semi-autonomous agents
Workflow-driven execution after human validation or clear automatic criteria:
collect additional artifacts;
enrich context;
propose containment measures;
open/update incidents via SOAR according to predefined rules.
In both cases it’s essential to integrate correctly with systems:
– SIEM for historical correlation,
– EDR for endpoint visibility end-to-end,
– SOAR for controlled automation,
while maintaining full traceability of system actions (who requested it? which tool was called? what evidence supported it?).
13. ROI & operational maturity:
analytical productivity,
MTTR reduction,
vulnerability coverage,
and metrics to justify investment
Justifying adoption goes beyond generic promises like “reduces risk.”
The financial argument tends to rely on measurable gains across the SOC cycle:
– analytical productivity,
– reduced MTTR,
– increased effective coverage in identification/prioritization,
– improved quality of technical reports,
– reduced rework caused by inconsistent triage decisions.
To support investment it’s common to define metrics before deployment:
average time until correct triage;
percentage reduction of incidents reopened;
efficiency by alert type/size;
real impact on the time window between initial detection and effective containment;
plus operational stability measured over weeks after changes in environment or model.
This approach turns “AI” into continuous engineering—supported by clear operational indicators.
14. The near-future future of algorithmic warfare:
offensive versus defensive agents—and competitive scenarios up to 2030
Competitive dynamics are likely to concentrate on the most critical bottleneck:
time-to-human decision versus speed of automated agents.
By mid-to-late this decade shorter cycles are expected both on attacker-side and defender-side—raising requirements for technical governance that already exists today within top corporate programs.
Competitive scenarios up to 2030 will likely favor organizations that:
– integrate intelligence into existing workflows,
– maintain quality under time pressure,
– deliver standardized yet adaptive responses,
– invest continuously in validation/auditing,
thereby reducing risk associated with increasing autonomy speed across their systems.
Conclusion & Further Reading
The era of reactive cybersecurity dependent exclusively on human cognition has ended.
The emergence of models with autonomous capabilities changes pacing across detection → decision → action—but also shifts technical responsibilities into new layers:
rigorous operational governance (guardrails),
effective integration into existing systems (SIEM/EDR/SOAR),
and continuous evaluation based both on benchmarks and realistic red teaming.
Further Reading
Books
1. The Web Application Hacker’s Handbook — Dafydd Stuttard & Marcus Pinto
2. Practical Malware Analysis — Michael Sikorski & Andrew Honig
3. Blue Team Handbook — James Lyne
4. Hands-On Machine Learning for Cybersecurity — [author(s) vary by edition]
Authors / Researchers
1. Bruce Schneier
2. Ross Anderson
3. Dan Geer
4. Katie Moussouris
Links
1. NIST AI Risk Management Framework (AI RMF): https://www.nist.gov/itl/ai-risk-management-framework
2. OWASP Top Ten: https://owasp.org/www-project-top-ten/
3. MITRE ATT&CK Framework: https://attack.mitre.org/