Now, literally anyone can launch a cyberattack.
Cybersecurity has long been in a race against time: defenders patch a hole, attackers find a workaround, and then the cycle repeats. Now, generative AI has fully entered the fray. Until recently, talk of neural networks as a tool for real-world attacks sounded more like a warning for the future. Now, confirmed examples are growing. Models are already helping attackers find vulnerabilities , develop exploits, and launch phishing campaigns on a much larger scale. Defenses are responding in kind, integrating AI into their tools because they can't keep up with this new pace without automation.
The turning point isn't a single high-profile attack, but a lowering of the barrier to entry into cybercrime. Generative models are taking on some of the work that previously required time, experience, and a large team. They make it easier to analyze a target's infrastructure, write and edit code more quickly for a specific task, and more conveniently break operations into stages and automate routine tasks. As a result, even a relatively weak group can launch a campaign that would previously have required far more resources.
The picture is clear in a recent report by Amazon researchers. They described a campaign in which attackers exploited several commercial generative AI services to plan, coordinate, and execute attacks against organizations in more than 55 countries. These attacks targeted companies with misconfigured firewalls . The activity was recorded in January and February, targeting over 600 systems protected by FortiGate devices.
The scenario was simple, and that's precisely the point. The attackers searched for public login pages on the internet that could be used to access companies' internal networks, then attempted to log in using credentials that users frequently reuse. After successful login, the group dumped the account databases and switched to a backup infrastructure. All of this can indeed be considered a warning sign, as this sequence of actions often precedes a ransomware attack .
According to Amazon, the campaign largely failed to achieve its goals. The researchers noted something else: AI enabled a relatively inexperienced team to launch an operation on a scale that would previously have required far more resources. Generative models act as an accelerator in such cases. A neural network doesn't transform a novice into a strong specialist, but it does help quickly close skill gaps and dramatically increase the amount of work the team can handle.
An even more illustrative example came from New York University. A researcher named PromptLock constructed a fully autonomous ransomware attack. While the project didn't reach the point of actual deployment in a criminal environment, it was a proof-of-concept demonstration of the feasibility of the attack. But even the prototype demonstrated just how far automation can go.
The malware used large language models to generate code on the fly for a specific task, search the infected system for sensitive data, and then compose personalized ransom notes based on the information found. The danger here lies elsewhere: the malware is no longer a rigidly defined set of commands. Instead of a pre-prepared template, it becomes a system that adapts to the situation as the attack progresses.
At the same time, the speed of intrusions is changing. According to CrowdStrike , the average breakout time will drop to 29 minutes by 2025. This term refers to the time between the initial penetration of a network and the subsequent movement of an attacker through other systems within the infrastructure. A year earlier, this figure was 65 percent higher. A direct link to AI hasn't been proven, but the general trend is clear without further ado: attackers are moving significantly faster, while defenders have less time to detect and contain the threat.
Of particular concern are cases where generative models are being used not as an assistant for individual tasks, but as a fully-fledged tool within a larger operation. In November, Anthropic announced that it had discovered the use of Claude Code in a large-scale espionage campaign, which the company linked to a Chinese state-controlled group. According to Anthropic, the attackers used jailbreaks—special requests to bypass the model's built-in limitations—and fragmented the operation itself into numerous smaller subtasks, each of which appeared relatively harmless.
This approach clearly illustrates how AI-powered work is changing. Instead of a single, clearly malicious request, attackers break the attack into smaller, seemingly harmless fragments. The model receives individual parts of the task, assisting at each step, while the overall plan is assembled by the attacker. Anthropic claims that AI was used to automate 80 to 90 percent of the campaign's work. The company estimates that the volume of work performed by the model would have required a huge investment of time from a human team. At its peak, the system sent thousands of requests, sometimes several per second. Such a pace would have been virtually impossible for a human team to achieve.
But the same logic is gradually changing defense as well. AI is already being built not only into incident analysis products but also into tools that help proactively identify weaknesses. In February, Anthropic introduced Claude Code Security , a system capable of scanning infrastructure for vulnerabilities and suggesting fixes. While the tool isn't yet a full-fledged replacement for rapid response tools, it can't stop intrusions in real time. But the announcement itself showed where the market is headed. Following the news, as Reuters reported, shares of traditional cybersecurity companies dropped significantly.
Other players are following suit. CrowdStrike has released two AI agents: one analyzes malware and suggests defense options, while the other searches for new threats within systems. Darktrace is also developing tools that automatically monitor suspicious network activity. The logic is simple: if attackers gain speed through AI, defenses without comparable automation will begin to lose out, at least in terms of response time.
One of the most promising areas involves not attack repulsion, but controlled simulation. Aikido Security has released a tool that uses agents to conduct penetration testing for every new software product within the company. In other words, the system behaves like an attacker: it tries to find weaknesses and then helps to immediately close them.
For defenders, the benefits here are quite practical. Traditional pentesting requires limited expertise, is expensive, and takes a long time. Because of this, companies typically under-test everything and far less frequently than is truly necessary. By outsourcing some of this work to agents, security audits become cheaper, more regular, and more accessible to a larger number of teams. The winner will no longer be the one who has conducted a thorough audit once, but the one who can continually test new services and quickly fix any issues found.
What's the bottom line? Generative AI hasn't abolished the old cybersecurity logic, but rather dramatically accelerated it. Attackers now have a tool that helps them more quickly assemble campaigns from pre-built blocks, scale phishing, refine code, and compensate for their skills shortages. Defenses now have a way to test products more frequently, analyze malicious samples more quickly, and automate vulnerability searches. The advantage will go not to those who first reach a more powerful model, but to those who quickly integrate such systems into everyday work. The balance of power in the new phase of the old cyber race increasingly depends on the speed of this transformation.
Cybersecurity has long been in a race against time: defenders patch a hole, attackers find a workaround, and then the cycle repeats. Now, generative AI has fully entered the fray. Until recently, talk of neural networks as a tool for real-world attacks sounded more like a warning for the future. Now, confirmed examples are growing. Models are already helping attackers find vulnerabilities , develop exploits, and launch phishing campaigns on a much larger scale. Defenses are responding in kind, integrating AI into their tools because they can't keep up with this new pace without automation.
The turning point isn't a single high-profile attack, but a lowering of the barrier to entry into cybercrime. Generative models are taking on some of the work that previously required time, experience, and a large team. They make it easier to analyze a target's infrastructure, write and edit code more quickly for a specific task, and more conveniently break operations into stages and automate routine tasks. As a result, even a relatively weak group can launch a campaign that would previously have required far more resources.
The picture is clear in a recent report by Amazon researchers. They described a campaign in which attackers exploited several commercial generative AI services to plan, coordinate, and execute attacks against organizations in more than 55 countries. These attacks targeted companies with misconfigured firewalls . The activity was recorded in January and February, targeting over 600 systems protected by FortiGate devices.
The scenario was simple, and that's precisely the point. The attackers searched for public login pages on the internet that could be used to access companies' internal networks, then attempted to log in using credentials that users frequently reuse. After successful login, the group dumped the account databases and switched to a backup infrastructure. All of this can indeed be considered a warning sign, as this sequence of actions often precedes a ransomware attack .
According to Amazon, the campaign largely failed to achieve its goals. The researchers noted something else: AI enabled a relatively inexperienced team to launch an operation on a scale that would previously have required far more resources. Generative models act as an accelerator in such cases. A neural network doesn't transform a novice into a strong specialist, but it does help quickly close skill gaps and dramatically increase the amount of work the team can handle.
An even more illustrative example came from New York University. A researcher named PromptLock constructed a fully autonomous ransomware attack. While the project didn't reach the point of actual deployment in a criminal environment, it was a proof-of-concept demonstration of the feasibility of the attack. But even the prototype demonstrated just how far automation can go.
The malware used large language models to generate code on the fly for a specific task, search the infected system for sensitive data, and then compose personalized ransom notes based on the information found. The danger here lies elsewhere: the malware is no longer a rigidly defined set of commands. Instead of a pre-prepared template, it becomes a system that adapts to the situation as the attack progresses.
At the same time, the speed of intrusions is changing. According to CrowdStrike , the average breakout time will drop to 29 minutes by 2025. This term refers to the time between the initial penetration of a network and the subsequent movement of an attacker through other systems within the infrastructure. A year earlier, this figure was 65 percent higher. A direct link to AI hasn't been proven, but the general trend is clear without further ado: attackers are moving significantly faster, while defenders have less time to detect and contain the threat.
Of particular concern are cases where generative models are being used not as an assistant for individual tasks, but as a fully-fledged tool within a larger operation. In November, Anthropic announced that it had discovered the use of Claude Code in a large-scale espionage campaign, which the company linked to a Chinese state-controlled group. According to Anthropic, the attackers used jailbreaks—special requests to bypass the model's built-in limitations—and fragmented the operation itself into numerous smaller subtasks, each of which appeared relatively harmless.
This approach clearly illustrates how AI-powered work is changing. Instead of a single, clearly malicious request, attackers break the attack into smaller, seemingly harmless fragments. The model receives individual parts of the task, assisting at each step, while the overall plan is assembled by the attacker. Anthropic claims that AI was used to automate 80 to 90 percent of the campaign's work. The company estimates that the volume of work performed by the model would have required a huge investment of time from a human team. At its peak, the system sent thousands of requests, sometimes several per second. Such a pace would have been virtually impossible for a human team to achieve.
But the same logic is gradually changing defense as well. AI is already being built not only into incident analysis products but also into tools that help proactively identify weaknesses. In February, Anthropic introduced Claude Code Security , a system capable of scanning infrastructure for vulnerabilities and suggesting fixes. While the tool isn't yet a full-fledged replacement for rapid response tools, it can't stop intrusions in real time. But the announcement itself showed where the market is headed. Following the news, as Reuters reported, shares of traditional cybersecurity companies dropped significantly.
Other players are following suit. CrowdStrike has released two AI agents: one analyzes malware and suggests defense options, while the other searches for new threats within systems. Darktrace is also developing tools that automatically monitor suspicious network activity. The logic is simple: if attackers gain speed through AI, defenses without comparable automation will begin to lose out, at least in terms of response time.
One of the most promising areas involves not attack repulsion, but controlled simulation. Aikido Security has released a tool that uses agents to conduct penetration testing for every new software product within the company. In other words, the system behaves like an attacker: it tries to find weaknesses and then helps to immediately close them.
For defenders, the benefits here are quite practical. Traditional pentesting requires limited expertise, is expensive, and takes a long time. Because of this, companies typically under-test everything and far less frequently than is truly necessary. By outsourcing some of this work to agents, security audits become cheaper, more regular, and more accessible to a larger number of teams. The winner will no longer be the one who has conducted a thorough audit once, but the one who can continually test new services and quickly fix any issues found.
What's the bottom line? Generative AI hasn't abolished the old cybersecurity logic, but rather dramatically accelerated it. Attackers now have a tool that helps them more quickly assemble campaigns from pre-built blocks, scale phishing, refine code, and compensate for their skills shortages. Defenses now have a way to test products more frequently, analyze malicious samples more quickly, and automate vulnerability searches. The advantage will go not to those who first reach a more powerful model, but to those who quickly integrate such systems into everyday work. The balance of power in the new phase of the old cyber race increasingly depends on the speed of this transformation.
