Agentic AI Is Pushing Cyberattacks Beyond Human-Led Hacking

Agentic AI is changing cyber offense because it can move from advice to action. Instead of only writing phishing text or suggesting exploit ideas, an AI agent can plan tasks, call tools, collect data, test paths, and adjust its next step with limited human input.

A new The Hacker News analysis argues that this shift lowers the barrier for weak attackers and increases the speed of experienced ones. The central concern is not that AI invented cybercrime, but that it can automate parts of the work that once required patience, tooling knowledge, and hands-on experience.

For defenders, the practical message is clear. Security teams must prepare for attacks that move faster, look more personalized, and use automation across reconnaissance, social engineering, vulnerability testing, and malware adaptation.

From AI Assistant to AI Operator

For the past few years, many attackers used AI as an assistant. It could draft messages, explain code, rewrite scripts, or summarize public information. The human still had to decide what to run, where to run it, and how to adapt when something failed.

Agentic AI changes that model. It can take a goal, split it into steps, use external tools, inspect results, and continue working toward the objective. That makes it more useful for both authorized security teams and malicious actors.

The same capability has a defensive side. The SANS SEC535 course describes offensive AI training around AI-assisted reconnaissance, automated attack techniques, and practical ways to understand how adversaries may use these tools.

Old AI use in attacks	Agentic AI use in attacks	Defensive impact
Writes phishing drafts	Builds target profiles and manages conversations	Template-based phishing detection becomes weaker
Suggests exploit ideas	Tests likely paths and reports findings	Patch windows need to shrink
Explains malware code	Refactors code and adapts behavior	Behavior-based detection becomes more important
Summarizes open-source intelligence	Runs repeated reconnaissance workflows	Exposed assets face more constant probing

Lower Skill Barriers Mean More Capable Entry-Level Attackers

One of the biggest risks is that agentic AI can help less-skilled attackers produce more polished campaigns. They may not understand the full technical chain, but they can ask an agent to research a target, prepare messages, suggest infrastructure, and explain results.

This can create a wider pool of attackers who operate above their actual skill level. It also means many weak actors may use similar models and default workflows, creating repeated patterns that defenders can learn to spot.

The THN analysis describes this as a move from assistant-style AI to agents that execute work. That distinction matters because automation can scale the number of attempts even when the attacker remains inexperienced.

• Phishing messages can become more personal and less obviously templated.
• Reconnaissance can run continuously against public data sources.
• Basic exploit matching can happen faster across exposed systems.
• Attackers can use agents to explain errors and propose next steps.
• Defenders may see more volume, not always more originality.

Skilled Attackers Gain Speed, Not Just Capability

Experienced attackers already understand tooling, infrastructure, tradecraft, and target selection. For them, agentic AI mainly compresses time.

Tasks that once required manual research, scripting, testing, and reporting can move in parallel. A human operator may supervise multiple agent workflows instead of manually performing each step.

That could make intrusion attempts faster from first contact to exploitation. It could also shorten the time defenders have to patch newly exposed assets, close misconfigurations, or detect suspicious activity.

Attacker level	What agentic AI changes	Likely defender signal
Entry-level attacker	Improves quality of basic campaigns	More convincing but repetitive activity
Mid-level attacker	Automates reconnaissance and tool chaining	Faster movement across exposed services
Advanced attacker	Scales parallel operations and testing	Lower dwell time before action
Authorized red team	Tests defenses against realistic AI-enabled workflows	Better validation of controls and response speed

Personalized Social Engineering Gets Harder to Detect

Agentic AI can make social engineering more difficult to recognize because it can connect public facts into fluent, individualized messages. Public profiles, conference talks, company pages, job posts, and press releases can all become inputs.

Old phishing defenses often relied on visible mistakes, reused templates, poor grammar, or mass-delivery patterns. Those signals still exist in weaker campaigns, but they become less reliable when an AI agent can write a fresh message for every target.

This means defenders must lean more heavily on infrastructure and behavior signals. Sender reputation, authentication, unusual login attempts, impossible travel, abnormal device use, and suspicious link behavior matter more when language looks clean.

Governments Are Treating Frontier AI as a Cyber Risk

The concern around agentic AI is no longer limited to security researchers and training providers. Reuters reported that Five Eyes intelligence partners warned that frontier AI could reshape cyber offense and defense on a timeline of months.

The same warning comes as frontier model access faces tighter scrutiny. Anthropic said a U.S. export-control directive required it to suspend access to Claude Fable 5 and Claude Mythos 5.

The official Anthropic statement does not frame the issue as a normal product update. It describes a government directive affecting access to advanced models, which shows how seriously policymakers now treat frontier AI capability.

Defenders Need to Test AI-Enabled Attacks Safely

The SANS Secure AI Blueprint organizes AI security into three tracks: Protect AI, Utilize AI, and Govern AI. That structure helps separate three related jobs: securing AI systems, using AI inside security operations, and setting governance around safe use.

The SANS Secure AI Blueprint places “Utilize AI” inside the security function, including SOC, digital forensics, incident response, and red team work. That matters because defenders cannot understand AI-enabled attacks only from policy documents.

Organizations need controlled testing. A security program should measure whether email defenses, asset management, patching, identity controls, logging, and incident response still work when an attacker uses automation to move faster.

• Run authorized phishing simulations that account for personalized AI-generated messaging.
• Test whether exposed assets get patched before attackers can chain public findings.
• Monitor for unusual tool-driven behavior, not just known malware signatures.
• Use human approval for high-impact AI-driven security actions.
• Build audit trails for agent tool use, data access, and decisions.
• Train analysts to challenge AI conclusions instead of trusting confident output.

The Biggest Risk Is Overtrust

Agentic AI can sound certain even when it is wrong. It may match clues to a vulnerability, assume a service is reachable, or claim a path exists without fully proving the conditions.

This creates risk on both sides. Attackers can waste effort chasing false positives, while defenders can trust incomplete analysis and miss the real issue. In authorized testing, every AI conclusion still needs validation through evidence, logs, configuration checks, and human judgment.

The SANS blueprint is useful here because it does not treat AI as only a governance problem. It also makes AI an operational security issue that needs proof, controls, measurement, and accountability.

Training Is Moving Toward Offensive AI

Security teams now need staff who understand how AI agents behave in offensive workflows. That does not mean turning every defender into an attacker. It means giving teams enough practical knowledge to recognize, test, and contain the methods already entering the threat landscape.

The SEC535: Offensive AI – Attack Tools and Techniques course reflects that shift. SANS describes it as training for using AI tools and techniques to enhance offensive operations, automate attack workflows, and improve penetration testing capability in authorized settings.

For organizations, the training question is no longer whether AI belongs in security. It is whether defenders understand AI-enabled attacks well enough to test controls before real adversaries do.

What Security Leaders Should Prioritize

Agentic AI will not remove the need for skilled defenders. It changes where skill matters. The most important work becomes judgment, validation, containment, and deciding when a machine-generated recommendation should not be trusted.

Executives should treat AI-enabled cyber risk as a business issue, not only a security tooling issue. The Five Eyes warning reported by Reuters shows that governments now view frontier AI as a near-term cyber risk for public and private organizations.

Security teams should assume that attackers will automate more steps. The defensive response should focus on faster patching, tighter identity controls, stronger monitoring, safer AI deployment, and human review where agentic systems can cause damage.

Priority	Why it matters
Asset visibility	AI-enabled scanning can find forgotten systems quickly
Patch speed	Attackers can move from discovery to testing faster
Identity security	Better phishing increases account compromise risk
Behavior analytics	Clean language and customized lures reduce old phishing signals
AI governance	Internal agents need limits, logging, and approval gates
Red team validation	Controls need testing against realistic AI-enabled workflows

Agentic AI Makes Human Judgment More Important

Agentic AI can automate the mechanical parts of cyber work, but it cannot replace accountability. It can recommend a path, but it cannot know the full legal, business, and ethical context of taking that action.

This is why security programs need human-in-the-loop controls for AI agents, especially when systems can send messages, access tools, run tests, change configurations, or trigger security actions.

The reported Five Eyes assessment makes the timeline clear. Organizations should not wait for agentic AI threats to become fully mature before adapting defenses. The safer move is to test, govern, and monitor now.

FAQ