Cyber Risk and Autonomous AI Attackers

AI agents can already find some software vulnerabilities and write exploits. What happens when those capabilities scale? A clear-eyed walk through the data.

40 min · Reviewed 2026

The Capability Curve

Offensive cyber has been an AI-relevant domain for years. What is new — since roughly 2024 — is agentic capability: models that take multi-step actions, use tools, and pursue goals across hours of operation. This has moved AI from an assistant for human hackers to a plausible operator.

What agents can do (as of ~2025-2026)

Solve low-to-medium Capture the Flag challenges autonomously (published METR, AISI evaluations)
Write working exploits for known, well-documented vulnerabilities
Perform recon: enumerate assets, identify plausible vulnerabilities, generate credential lists
Partially automate phishing campaigns with personalized content
Find some novel vulnerabilities in real open-source code (Google Project Zero, Anthropic demos)

Why defense is not symmetric

Attackers need one path. Defenders must close all paths.
AI helps both, but asymmetric gains may favor attackers in specific domains (scale of phishing, exploit development)
AI-assisted defense — automated patching, anomaly detection, log analysis — is also accelerating
Net effect is not yet clear; 2024-2025 data suggests roughly offsetting gains with high variance by sector

What is being done

Frontier labs run cyber-specific pre-deployment evaluations (OpenAI preparedness, Anthropic RSP)
CISA, UK NCSC, and partners publish AI cyber guidance
DARPA AIxCC (AI Cyber Challenge) develops defensive AI
Bug bounty programs are being restructured for AI-driven findings

We're in the strange position of hoping the offense-defense balance stays close, because any big asymmetry either way breaks a lot of what holds the internet together.
— Heather Adkins, Google / board member commentary (paraphrased from public talks)

The big idea: AI in cyber is not science fiction. It is a real, scaling capability with measured progress on both sides. The question for the next several years is whether defense keeps up — and what policy levers help it.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-safety2-cyber-risk-ai-creators

What new capability distinguishes AI in cyber operations since approximately 2024?
1. Faster processing of encryption algorithms
2. The ability to generate images and videos
3. Agentic capability that takes multi-step actions and pursues goals over extended periods
4. The ability to process large amounts of text data
In cybersecurity evaluation contexts, what does CTF stand for?
1. Computer Threat Framework
2. Capture the Flag
3. Cyber Threat Factor
4. Central Testing Facility
Why does the lesson argue that defense is fundamentally harder than offense in cybersecurity?
1. Defenders are required to operate during business hours only
2. Attackers need only one successful path while defenders must close all possible paths
3. Defenders have less sophisticated tools than attackers
4. Attackers can use encryption but defenders cannot
What economic change would occur if autonomous AI attackers reach high capability levels?
1. The marginal cost of cybercrime would fall dramatically
2. All cyberattacks would require human oversight
3. Insurance premiums would decrease significantly
4. Cybercrime would become more expensive due to increased AI costs
Which organization is specifically mentioned as developing defensive AI through the AIxCC program?
1. The National Security Agency
2. DARPA
3. The Federal Bureau of Investigation
4. The United Nations
What does the lesson say about the current state of AI-assisted defensive tools like automated patching and anomaly detection?
1. They are progressing rapidly but have not yet reached practical utility
2. They have completely solved the defender's challenge
3. They are only useful for small organizations
4. They are not being developed by any organization
What specific limitation causes AI agents to fail during extended cyber operations?
1. Maintaining operational security, pivoting between systems, and evading detection across long time periods
2. They require constant human input for every action
3. They are unable to connect to the internet
4. They cannot process text inputs
What makes AI-assisted phishing potentially more dangerous than traditional phishing?
1. It can only send generic messages
2. It combines scale with personalized content at lower cost
3. It can only target corporate email accounts
4. It requires significant human labor for each target
The lesson quotes an expert saying the internet depends on what condition regarding offense and defense?
1. The complete elimination of all cyberattacks
2. A complete victory for defense
3. A complete victory for offense
4. The offense-defense balance staying close
What are frontier AI labs like OpenAI and Anthropic doing to address cyber risks before deploying AI systems?
1. Waiting for government regulations to test their systems
2. Releasing systems immediately without testing
3. Only testing systems for non-cyber applications
4. Running cyber-specific pre-deployment evaluations
How does the lesson characterize the net effect of AI on offense and defense capabilities as of 2024-2025?
1. Roughly offsetting gains with high variance by sector
2. Offense has clearly won
3. Defense has clearly won
4. AI has had no measurable impact
What capability do current AI agents demonstrate in vulnerability research?
1. They can write working exploits for known, well-documented vulnerabilities
2. They can only suggest theoretical vulnerabilities
3. They cannot identify any security issues
4. They can defeat all security measures
Which government agencies are mentioned as publishing AI cyber guidance?
1. FBI and CIA only
2. NASA and NOAA
3. FDA and EPA
4. CISA and UK NCSC
What is happening to bug bounty programs in response to AI-driven findings?
1. They are being moved to government control
2. They are being restructured for AI-driven findings
3. They are refusing to accept AI submissions
4. They are being eliminated entirely
What is the lesson's main argument about AI in cybersecurity?
1. It has already been completely solved by current technology
2. It only affects large corporations, not individuals
3. It is a real, scaling capability with measured progress on both attack and defense sides
4. It is purely science fiction and not a real concern

← Back to interactive lesson

Tendril · Creators · Ethics & Society