On April 28, 2026, a quiet but irreversible shift in cybersecurity is already underway—not because of a new exploit dropped on a dark web forum, but because of what the systems are now capable of doing on their own. The threat isn’t just that AI can write better phishing emails. It’s that AI agents, powered by frontier large language models like Claude Mythos and what some are calling Anthropic’s GPT-5.5, are beginning to conduct full offensive security operations—autonomously.
Key Takeaways
- Agentic offensive security leverages autonomous AI agents capable of end-to-end attack planning, reconnaissance, and exploitation without human intervention.
- Claude Mythos and GPT-5.5-level models have demonstrated capabilities that exceed previous benchmarks in understanding complex system architectures and generating novel exploit logic.
- Ari Herbert-Voss argues the same tools enabling offensive automation could revolutionize defensive automation—if the security community acts now.
- Unlike scripted attacks, agentic attacks adapt in real time, making traditional signature-based detection obsolete.
- Industrialized exploitation is already occurring in limited environments, according to the original report.
Autonomous Agents Are Now the Adversary
Until now, AI in cyberattacks has been auxiliary—helping attackers scale, personalize, or obfuscate. April 28, 2026 changes that. The latest generation of LLMs has crossed a threshold: they can now function as agentic systems, meaning they perceive, plan, act, and learn from feedback loops. These aren’t chatbots. They’re agents that can be directed with a simple objective—”gain access to the internal payroll system”—and then go to work.
They’ll scan for open ports. Probe for misconfigurations. Generate polymorphic payloads. Exploit a zero-day. Pivot laterally. And do it all without pausing for human approval. That’s agentic offensive security. And it’s no longer a theoretical exercise.
Security teams used to have hours, sometimes days, to respond. Now they’re racing against AI agents that operate on millisecond loops. The attacker isn’t just faster. It’s learning from every failed attempt, adjusting tactics in real time. One test environment showed an AI agent cycling through 37 different attack vectors in under four minutes—each one informed by the last failure.
The Offense Has the Advantage—For Now
There’s a brutal asymmetry at play. Offensive automation is easier to deploy than defensive. Why? Because attackers only need to succeed once. Defenders must stop every attempt. And AI agents magnify that imbalance.
Consider reconnaissance. A human red teamer might spend days mapping an enterprise network. An agentic AI, given API access or public surface data, can do it in under a minute. It parses DNS records, analyzes SSL certificates, correlates GitHub commits, and fingerprints backend frameworks—then builds a dynamic attack graph.
And when it strikes, it doesn’t rely on known exploits. These models can generate exploit code. One experiment showed a frontier LLM reverse-engineering a patched vulnerability and creating a working exploit for a variant—something previously thought to require deep expertise and manual effort. The model wasn’t trained on exploit databases. It inferred the logic from context.
Industrialized Exploitation Is Already Here
The original report details early cases of industrialized exploitation—where AI agents are used not by lone hackers, but by well-resourced threat actors to run continuous, scalable attack campaigns. These aren’t proof-of-concepts. They’re operational.
- One financial services firm detected an AI-driven campaign that tested over 200 subdomains for API key leaks, extracting valid credentials from a developer’s public GitHub gist.
- The agent then used those credentials to access a staging environment, where it exfiltrated customer data and launched a follow-up attack on a third-party vendor.
- The entire chain took 14 minutes from initial scan to data exfiltration.
- No human was observed in the kill chain. The agent made decisions autonomously based on environment feedback.
Defensive AI Can’t Play Catch-Up—It Has to Leap
We can’t defend against agentic threats with better perimeter tools. You can’t patch fast enough. You can’t hire fast enough. The only viable countermeasure is agentic defense—AI systems that don’t just detect, but respond, adapt, and outmaneuver offensive agents in real time.
That’s where Ari Herbert-Voss sees an opportunity. “The same capabilities that make these models dangerous for offense,” he said, “are the ones we need most for defense.” His point isn’t academic. He’s seen how these models can simulate attacker behavior, predict next moves, and even generate deceptive countermeasures—like fake credentials or honeypot environments tailored to mislead specific agents.
But most organizations aren’t close. They’re still using AI for log analysis or phishing detection—important, but reactive. What’s needed is proactive, autonomous defense: agents that patrol internal networks, challenge anomalous behavior, and reconfigure security posture on the fly. Think of it as AI-on-AI combat, running in the background, 24/7.
The Tooling Gap Is Real
Developers building security products are caught off guard. Most existing frameworks assume human-in-the-loop decision-making. But when attacks move at AI speed, that loop is a liability. By the time a human approves a response, the breach is done.
The tools for building agentic defenses barely exist. There’s no standard API for AI-driven threat simulation. No open benchmarks for defensive agent performance. No shared datasets of adversarial AI behavior. And worst of all, no urgency in the industry to create them.
That’s ironic. The same companies racing to integrate LLMs into every product are ignoring the fact that those same models could be turned into the most effective attack tools in history. It’s like selling gas stoves while pretending fire doesn’t exist.
Competing in the AI Security Landscape
While companies like Google and Microsoft are making significant investments in AI-powered security solutions, they’re also facing stiff competition from startups like CrowdStrike and Cyberark. These newer players are using AI and machine learning to develop more agile and adaptive security platforms. For instance, CrowdStrike’s Falcon platform uses AI-powered sensors to detect and respond to threats in real-time, while Cyberark’s Privileged Access Management solution utilizes machine learning to identify and mitigate potential security risks.
Meanwhile, researchers at institutions like MIT and Stanford are exploring the potential of AI in security, developing new techniques for detecting and preventing attacks. For example, a team at MIT recently published a paper on using reinforcement learning to develop more effective intrusion detection systems. As the security landscape continues to evolve, it’s likely that we’ll see even more innovative applications of AI in this space.
Technical Dimensions of Agentic Security
From a technical perspective, agentic security relies on the development of advanced AI models that can learn from their environment and adapt to new situations. This requires significant advances in areas like natural language processing, computer vision, and reinforcement learning. For instance, researchers are using techniques like transfer learning and meta-learning to develop AI models that can learn from limited data and generalize to new situations.
Additionally, the development of agentic security systems requires careful consideration of issues like explainability, transparency, and accountability. As AI systems become more autonomous, it’s essential to understand how they’re making decisions and to ensure that they’re aligned with human values and goals. This is an area of ongoing research, with many experts exploring the development of techniques like model interpretability and adversarial testing.
The Bigger Picture
The rise of agentic security has significant implications for the broader cybersecurity landscape. As AI-powered attacks become more common, organizations will need to rethink their approach to security, focusing on proactive and adaptive defenses rather than reactive measures. This will require significant investments in areas like AI research and development, as well as the creation of new standards and frameworks for AI-powered security.
Moreover, the development of agentic security has the potential to disrupt the entire cybersecurity industry, creating new opportunities for innovation and growth. As AI-powered security solutions become more prevalent, we can expect to see new business models emerge, as well as new types of security products and services. However, this also raises important questions about the potential risks and downsides of relying on AI-powered security systems, and the need for careful consideration of issues like bias, accountability, and transparency.
What This Means For You
If you’re a developer, you can’t treat AI as just another feature. You’re now building systems that could be weaponized—or that could be the only thing standing between an attacker and your user data. Start auditing your AI integrations. Ask: Could this model be used to automate an attack? What if it’s jailbroken? What if it’s fine-tuned on malicious data? Assume it will be. Build guardrails that don’t depend on human oversight.
If you’re a security architect, stop focusing only on detection. Invest in autonomous response systems. Test your infrastructure against AI-driven red teams. Demand transparency from AI vendors about agent capabilities and constraints. And push for open standards in defensive agentic AI—because if we don’t build them now, we’ll be reverse-engineering them from breach reports in 2027.
The machines aren’t just helping attackers anymore. They are the attackers. And April 28, 2026 isn’t a deadline. It’s a marker—of how far we’ve already let this go.
Sources: Dark Reading, Wired
