The Looming Threat of AI Agent-Powered Attackers

The transition of artificial intelligence-powered agents from laboratory research to active deployment is reshaping the cyberthreat landscape. Recent field evidence shows threat actors are already integrating large language models into offensive operations, with Ukrainian CERT documenting APT28 malware using natural language tasking. "What will be transformative is when you start seeing the decision-making of the human being handed off to machine reasoning," said Gianpaolo Russo, head of AI and autonomous cyber operations at Mitre. This paradigm shift enables adversaries to operate at machine speed across multiple network locations simultaneously, fundamentally challenging traditional defensive approaches. The implications extend beyond speed to scale and sophistication. "Large language models have this incredible dual nature, to not only ingest natural language, but also use that and create more machine-readable types of code or tunnel scripting," said Marissa Dotter, lead AI engineer at Mitre. In a video interview with Information Security Media Group at Black Hat USA 2025, Dotter and Russo also discussed:

• The role of digital twin environments in testing autonomous AI agents;
• How AI agents demonstrate self-improvement capabilities through performance optimization;
• The computational resource requirements of AI-powered malware and their implications for detection strategies.
Russo is an applied researcher solving hard cyber problems at the Mitre Corporation. His interdisciplinary research experience has spanned the reverse engineering and analysis of embedded and cyber-physical systems, the development of distributed sensor networks, mobile network communications analysis, vulnerability disclosure policy, and applied behavioral science. At Mitre, Dotter leads AI research and development in machine learning applications such as computer vision, natural language processing, and acoustics. With more than eight years of experience, she oversees projects including AI system assurance and autonomous cyber operations.

---

Source: Originally published at BankInfoSecurity on August 14, 2025.

Frequently Asked Questions (FAQ)

What is the primary concern regarding AI agent-powered attackers?

The main concern is the ability of AI agents to operate at machine speed across multiple network locations simultaneously, making traditional defensive strategies insufficient.

How are large language models (LLMs) being integrated into offensive operations?

Threat actors are using LLMs to ingest natural language, process it, and generate machine-readable code or tunnel scripting, thereby enhancing their offensive capabilities.

What are the dual nature aspects of LLMs mentioned in the article?

LLMs have the dual nature of understanding natural language input and generating machine-readable code or scripts for offensive operations.

What role do digital twin environments play in testing AI agents?

Digital twin environments are used for testing the capabilities and behaviors of autonomous AI agents in a controlled setting.

How do AI agents demonstrate self-improvement?

AI agents show self-improvement by optimizing their performance based on feedback and results from their operations.

What are the detection implications of AI-powered malware's computational resource requirements?

The computational resource demands of AI-powered malware can influence detection strategies, as higher resource usage might be a signature that security systems can identify.

Crypto Market AI's Take

The advancement of AI agents in cyber warfare, as detailed in this article, underscores a critical shift in the threat landscape. This evolution directly impacts the security protocols and strategies necessary for safeguarding digital assets. At AI Crypto Market, we leverage advanced AI for robust security measures, including comprehensive threat detection and proactive defense mechanisms. Our platform's architecture is designed to anticipate and counter sophisticated threats, ensuring the safety of user data and assets in an increasingly complex digital world. Understanding the capabilities of AI, both for offense and defense, is paramount in navigating the future of cybersecurity.

More to Read:

• AI Agents Are Broken: Can GPT-5 Fix Them?
• AI Disruption Accelerates Market Shifts
• AI-Powered Crypto Scams Surge 456%