AI Systems Can Execute Autonomous Cyberattacks

Researchers from Carnegie Mellon University have demonstrated that large language models can autonomously plan and execute sophisticated cyberattacks on enterprise-grade network environments without human intervention.

The study, led by Ph.D. candidate Brian Singer from the university's Electrical and Computer Engineering Department, used a hierarchical architecture where an LLM acts as a strategist while specialised agents execute low-level attack tasks like network scanning and exploit deployment.

"Our research shows that with the right abstractions and guidance, LLMs can go far beyond basic tasks," Singer said.

"They can coordinate and execute attack strategies that reflect real-world complexity."

The research, conducted in collaboration with AI company Anthropic, revealed that current AI systems can autonomously exploit vulnerabilities, install malware, and exfiltrate data without human intervention when given appropriate frameworks and guidance.

However, Singer emphasised the prototype nature of the work. "This isn't something that's going to take down the internet tomorrow," he said. "The scenarios are constrained and controlled—but it's a powerful step forward."

The implications are twofold: the research highlights serious long-term safety concerns about the potential misuse of increasingly capable LLMs, but it also opens up transformative possibilities for defensive cybersecurity.

“Today, only large organizations can afford red team exercises to proactively test their defences,” Singer explained.

“This research points toward a future where AI systems continuously test networks for vulnerabilities, making these protections accessible to small organizations too.”

“We're entering an era of AI versus AI in cybersecurity,” Singer said. “And we need to understand both sides to stay ahead.”

The study builds on Singer's previous research into autonomous cybersecurity tools and was presented at an OpenAI-hosted security workshop in May. The resulting paper has been cited in industry reports and is informing safety documentation for AI systems.