Age of AI Ai Warfare (Analyst Angle)

Machine Learning
Michael LewisLeave a Comment on Age of AI Ai Warfare (Analyst Angle)


Cybersecurity is no longer a contest between human enemies – it is rapidly becoming a competition between AI agents operating at machine speeds

In 2003, blaster worms spread across corporate networks and government systems around the world. That payload was crude by today's standards. It included repeated reboots and a denial of service attack on Microsoft's update server, but the impact was very destructive. The team spent several weeks identifying defects, testing patches and deploying them on a machine-by-machine basis. Despite the chaos, the defenders were dominant. The worms are predictable, the repairs are clear, and most importantly, the tempo of the battle unfolded at human speed.

Those days are over. The rise of artificial intelligence has created fault lines in cybersecurity. This rupture is so deep that the assumptions that underpin decades of digital defense are no longer held. Cybersecurity is no longer a contest between human enemies. It is becoming a race between autonomous agents operating at machine speed.

A brief history of escalation

This journey to the fault line is marked by four different eras of attack, each compressing the defender's response window.

  • 2003: Blaster (Human-Pace Chaos). The attack was a global inconvenience, but its simplicity was its weakness. Once that signature was identified, the crisis was controlled by coordinated human efforts in patching and anti-virus updates. When time was measured in a few weeks, it was proven that defense could win.
  • 2010: stuxnet (increased accuracy). Seven years later, Stuxnet changed the game. Designed for surgical interference to Iranian centrifuges, it is blended with zero-day and stealth payload. But even Stuxnet relied on human operators to design and deploy its mission. The tempo was faster, but still surrounded by human cadence.
  • 2017: WannaCry (large scale automation). By combining ransomware and worm-like propagation, Wannacry has laid off global institutions in just a few days. It reused leaked nation-state exploits and demonstrated a “elite for everyone” trend. This gave us the first glimpse into how automation outperforms human responses on a global scale.
  • 2025: Lamehug (autonomy arrives). Today, malware like Lamehug, which is attributed to APT28, uses large-scale language models (LLM) to autonomously generate commands within compromised networks. Adapt in real time, escalate privileges and avoid defenses without direct human input. For the first time, the defender is not facing an attacker with tools. They face the tool itself that acts as independent agents.
image
AI Ai Warfare (Analyst Angle) 2

This history is a story of fundamental acceleration. Each generation of attacks disrupt the defender's response window until the AI ​​finally did it instantly.

The collapse of old assumptions

Three pillars of traditional cybersecurity have quietly collapsed:

  1. Asymmetry of attack. The attacker only needed one opening while the defender had to protect them all. Historically, this has been balanced with the efforts of the attackers. AI destroys this balance. This allows for massive scans and autonomous exploitation, making any potential flaws a critical and immediate threat.
  • The power of patterns. Antivirus and Security Information and Event Management (SIEM) tools were intended to be repeated. However, the generation AI allows for polymorphisms where every intrusion is unique and every payload is variable. If there is no consistent signature, pattern matching will fail.
  • Human cadence. Security Operations Centers (SOCS) rely on analysts to verify, escalate, and determine. However, humans run in minutes or hours, while AI-driven enemies adapt in seconds. By the time the human ooda (observation, orient, decision, action) loop is complete, the attacker has already achieved its goal.

New Enemies

Three forces define this new era of threat:

  1. Elite ability for everyone. DARPA's AI Cyber ​​Challenge has created a tool that autonomously discovers dozens of vulnerabilities. These tools are now open source. Meanwhile, the autonomous bug hunter Xbow Ai has been at the top of the Hackerone leaderboard. What was once a monopoly by a nation-state is now democratized.
  • Machine speed vulnerability. AI coding assistants such as Github Copilot increase developer productivity by more than 55%. However, research shows that around 40% of the generated code contain potential vulnerabilities. Companies are building security obligations at machine speeds while remaining tested.
  • Autonomous intrusion. Lamehug proves that AI can act as an operator rather than just an assistant. Adaptation campaigns are no longer theoretical. They are in the wild. The system recovers itself, so enemies no longer need to pause and recover.

Measures in the AI ​​era

Threats have evolved, but defenses have evolved too. A new generation of AI-Native security is emerging, but its effectiveness is not guaranteed and relies on solving important fundamental challenges.

1. AI-driven threat detection and analysis

Next-generation EDR, XDR and SIEM platforms use machine learning to analyse trillions of data points and identify unusual behaviors that human analysts cannot see.

  • Possibility of effectiveness: Moderate. These systems are extremely effective at finding deviations from known baselines and become powerful against unslearning attacks. However, they are fundamentally analytical and reactive. They are excellent at finding needles in haystacks, but are fooled by generative enemies who create whole new types of needles on the spot or mimic “normal” behavior with near perfect accuracy.
  • Important Issues: Data gaps. Defensive AI is trained on historical attack data. We are effectively training our systems to fight the final war. There is a significant lack of actual data about how autonomous AI enemies behave. This limits their ability to actively model and defend them.

2. Autonomous response and repair

Technologies such as SOAR (Security Orchestration, Automation, and Response) are enhanced to not only detect threats with AI, but also work instantly. This includes actions such as quarantine of endpoints, blocking IP addresses, or deploying patches without human intervention.

  • Possibility of effectiveness: Potentially high and currently low. In theory, this is the perfect counter for machine speed attacks. The DARPA challenge proved that AI can autonomously spot and fix vulnerabilities. In fact, the risk of false positives that can cause catastrophic business disruption, such as automatically shutting down production servers, is immeasurable.
  • Important Issues: Cracks in Trust. This is a matter of governance and leadership, not a technical issue. Can organizational leadership trust to “stop” the machine and make high stakes decisions in milliseconds? Building a framework of confidence, guardrails, and accountability to enable true autonomous responses is the single biggest barrier to recruitment.

3. AI-driven deception technology

Modern honeypots and decoys use AI to create dynamic, believable, fake environments. These systems are designed to seduce automated attackers. This allows defenders to study their methods in a safe environment and return their intelligence to the defense stack.

  • Possibility of effectiveness: High potential. This is one of the most promising frontiers. Not only can Deception Technology block attacks, it can actively waste enemy resources and turn your own automation into them. It is a defense of aggressive intelligence gathering.
  • Important challenge: Scalability traps. It is extremely difficult to build and maintain a compelling deception environment that expands complex enterprise networks. Not only do decoys exist, they also require continuous investment and deep expertise to ensure that they are indistinguishable from real assets to intelligent attack AI.

New Doctrine

There is no single patch of this paradigm shift. The only viable path requires new doctrines. It is fortification, intelligently automating and embracing autonomous defense.

  • It will be strengthened. Relentlessly prioritize important things. Critical systems must be identified and cured, and non-essential assets must be isolated or obsolete. The board must accept that it is a key indicator of success, not just the speed of its features.
  • Intelligently automate. Regular detection and containment for machine speed defense. Human experts need to be promoted from frontline triage operators to strategic roles such as threat hunters, systems architects, and AI trainers.
  • Accept autonomous defense. The most difficult leap is psychological. Leaders need to begin building trust and governance models that allow for defense faster than humans can oversee. This is not about blind faith. It's about creating an accountability system that can depend on when you need to make decisions in microseconds.

Leadership Test

AI fault lines are not predicted. This is a reality confirmed by the open sourcing of DARPA tools, code vulnerabilities generated in AI, and Lamehug's operational reality.

The actual test is whether a leader can abandon legacy assumptions and accept the offensive truth. Cybersecurity is no longer treated as a compliance checkbox or cost center. It must be seen as a central pillar of business resilience. It takes new investments, new doctrines, and courage to trust machines. Those who fail this test will not fail over time. They suddenly fail.

source:

  • darpa. (2025). DARPA AIXCC Results: AI Cyber ​​Inference Tool Releases Open Source. https://www.darpa.mil/news/2025/aixcc-results
  • Dohmke, T. (2022). Research: Github Copilot increases developer productivity by 55.8% with controlled research. Github Blog. https://github.blog/2022-07-14-search-github-copilot-ebroves-developer-productivity
  • Hammond, P., et al. (2021). Are you sleeping on the keyboard? Evaluation of code contribution security for Github Copilot. arxiv. https://arxiv.org/abs/2108.09293
  • Liles, J. (2025). Lamehug Malware on APT28 uses LLMS to generate commands. BleepingComputer. https://www.bleepingcomputer.com/news/security/lamehug-malware-uses-ai-llm-to-craft-windows-data-theft-commands-in-real-time
  • Pozniak, H. (2025). Xbow AI tops Hackelon's US Bug Bounty Leaderboard. TechRepublic. https://www.techrepublic.com/article/news-ai-xbow-tops-hackerone-us-leaderboad



Source link

Related Posts

Rocket Close transforms mortgage document processing with Amazon Bedrock and Amazon Textract

Michael Lewis

GIGABYTE emphasizes human-centric local AI to bring AI experience closer to users in 2026

Michael Lewis

Enhancing transferability of machine learning-based polarizability models in condensed-phase systems via atomic polarizability constraint

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *