惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
P
Privacy International News Feed
Security Latest
Security Latest
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Last Watchdog
The Last Watchdog
S
Schneier on Security
Engineering at Meta
Engineering at Meta
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Cyberwarzone
Cyberwarzone
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
A
Arctic Wolf
博客园 - 聂微东
I
Intezer
腾讯CDC
罗磊的独立博客
T
Tailwind CSS Blog
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
L
Lohrmann on Cybersecurity
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 【当耐特】
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
W
WeLiveSecurity
N
News and Events Feed by Topic
SecWiki News
SecWiki News
S
Security Affairs
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
F
Fortinet All Blogs
T
Troy Hunt's Blog
N
News and Events Feed by Topic
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
酷 壳 – CoolShell
酷 壳 – CoolShell
M
MIT News - Artificial intelligence
I
InfoQ
Hacker News: Ask HN
Hacker News: Ask HN
T
The Blog of Author Tim Ferriss
Schneier on Security
Schneier on Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
Vercel News
Vercel News
博客园 - 三生石上(FineUI控件)
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Threat Intelligence – ThreatDown by Malwarebytes

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor - ThreatDown by Malwarebytes CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security Machine-scale cybercrime: The 2026 State of Malware report How to prevent a rootkit attack Inside EDR-Freeze: How ThreatDown stops the attack before it spreads EDR vs MDR vs XDR – What’s the Difference? KMSpico explained: No, KMS is not “kill Microsoft” When you shouldn’t trust a trusted root certificate - ThreatDown by Malwarebytes Ransomware in April 2025—RansomHub is gone Ransomware in March 2025
AI-orchestrated cyberattacks
ThreatDown Writer · 2025-12-18 · via Threat Intelligence – ThreatDown by Malwarebytes

Sophisticated attackers once struggled to scale. Now, experienced groups can scale by adding agents to their workforce, and inexperienced or under‑resourced groups can attempt large‑scale operations with AI support.

In the January release of our ThreatDown 2025 State of Malware report, we made a prediction: 2025 would be the year adversaries use AI agents to launch their first autonomous cyberattacks.

The reasoning was simple. Cybercriminals targeting businesses face a scale constraint. Every intrusion relies on human operators who know how to break into networks, navigate systems, extract data, and run extortion campaigns. Their growth is limited by the number of skilled people they can put on an operation. But as agentic AI became more capable at the end of 2024, that limitation suddenly looked negotiable. These systems can interpret environments, make decisions, and execute multi-step operations without waiting for human direction.

We didn’t have to wait long for confirmation.

In August 2025, Anthropic documented the first case of an AI coding agent, Claude Code, supporting scaled data extortion operations. A single cybercriminal used the AI to conduct reconnaissance, harvest credentials, and automate network penetration across multiple international targets. The report’s key finding: “A single operator can achieve the impact of an entire cybercriminal team through AI assistance.”

Then, in November 2025, Anthropic released details of a further escalation: the first reported AI-orchestrated cyber-espionage campaign. This time, AI didn’t simply assist. The system executed up to 90% of tactical operations autonomously, across 30 targets, with minimal human involvement.

The methodology matters more than the attribution. Yes, this operation targeted technology companies and government agencies. Yes, investigators linked it to state-sponsored actors. But those details are secondary. What matters for organizations defending their networks is this: AI-orchestrated cyberattacks are real, operational, and will become cheaper and more sophisticated.

From assistance to orchestration in four months

The August case showed AI as a force multiplier. The actor tracked as GTG‑2002 used Claude Code to automate reconnaissance, credential harvesting, data analysis, and ransom‑note generation across 17 organizations in a single month. The AI functioned as an advanced tool, fast and efficient, but still under direct supervision of an operator. This alone represented a major shift: what once required a coordinated intrusion crew could now be done by an individual.

The November campaign, designated GTG-1002, marked the next stage. Human operators selected targets and set strategy. Nearly all tactical activity, including scanning, exploitation, lateral movement, and data operations, ran autonomously across multiple Claude Code agents. The operator intervened only at strategic decision points: approving the move from reconnaissance to active exploitation, authorizing use of stolen credentials for lateral movement, and making final calls about data exfiltration scope.

The system ran operations at physically impossible speeds for humans. The AI executed thousands of requests per second and kept session context stable for days. This structure kept complex intrusions active for long periods without manual rebuilds or coordination.

Why this matters: The scaling problem is gone

A key finding from the investigation was that attackers did not rely on sophisticated malware. Instead, they used standard penetration testing tools linked to automation frameworks—exactly the playbook practiced by human attackers. The power came from orchestration, not specialized code.

Ransomware and espionage groups have always struggled with scale. Skilled operators are scarce. Coordinated, multi‑stage attacks require expertise and time. That limitation has defined the threat landscape for more than a decade. The dozens of active ransomware groups have rarely managed more than a few hundred attacks between them in a month.

AI agents remove this barrier. In the GTG‑1002 campaign, a single operator targeted roughly 30 entities, with investigations validating multiple successful intrusions supported by autonomous AI agents. The AI maintained separate contexts for each target, adapted strategies based on discovered infrastructure, and independently progressed through attack phases.

This is a structural shift in how attacks can be carried out, and as models improve, adoption will grow.

AI hallucination as the last short-term speed bump

Anthropic’s report highlights a constraint that shapes near‑term adoption. AI systems still make operational mistakes that human operators must correct. Claude overstated findings at times and occasionally fabricated data during autonomous operations, such as claiming to have obtained credentials that didn’t work.

This limitation matters because it defines the only real friction cybercriminals face today. It slows them down, but not by much, and the friction is shrinking quickly. As models improve, error rates will fall. The barrier that remains is temporary, and it will not slow adversary adoption of autonomous attack methods for long.

What comes next

Sophisticated attackers once struggled to scale. Now, experienced groups can scale by adding agents to their workforce, and inexperienced or under‑resourced groups can attempt large‑scale operations with AI support. GTG‑1002 shows how quickly autonomy escalates. The August operations kept humans firmly in the loop. The November campaign needed far less human involvement despite its larger scope.

ThreatDown predicted this development in early 2025, and it has already arrived. AI agents can now carry out significant portions of cyberattacks, and the cost curve continues to drop.

This is the inflection point the industry needs to acknowledge. AI‑orchestrated operations are becoming a practical option for a much larger set of threat actors, and the skills required to run campaigns are dropping fast.

For the time being, malicious agents are using the same playbooks as human attackers, so organizations need to adapt for more and faster attacks, but not for novel tactics. Defenders must be ready to respond immediately to an increasing volume of Endpoint Detection and Response alerts, day or night, using services like ThreatDown’s Managed Detection and Response.