- The researchers recreated the Equifax hack and saw everything without direct control
- The ai model successfully carried out an important violation with zero human entry
- Shell’s commands were not necessary, AI acted as a planner and delegated everything else
Large language models (LLM) have been considered useful tools in areas such as data analysis, content generation and code assistance.
However, a new study from the Carnegie Mellon University, conducted in collaboration with Anthrope, has raised difficult questions about his role in cybersecurity.
The study showed that, in the correct conditions, the LLMs can plan and carry out complex cyber attacks without human orientation, which suggests a change of mere assistance to complete autonomy in digital intrusion.
Of puzzle to business environments
The previous experiments with Cybersecurity were mainly limited to “capture-the-format” scenarios, simplified challenges used for training.
The Carnegie Mellon team, led by doctoral candidate Brian Singer, went further by giving LLMS structured guidance and integrating them into a hierarchy of agents.
With these configurations, they were able to try the models in more realistic network settings.
In one case, they recreated the same conditions that led to the violation of Equifax 2017, including vulnerabilities and design documented in official reports.
The AI not only planned the attack but also implemented malware and extracted data, all without direct human commands.
What makes this research surprising is the small RAW coding that the LLM had to carry out. Traditional approaches often fail because the models fight to execute Shell commands or detailed analysis records.
On the other hand, this system was based on a higher level structure where the LLM acted as a planner while delegating actions lower than the sub -managed ones.
This abstraction gave the AI sufficient context to “understand” and adapt to its surroundings.
Although these results were achieved in a controlled laboratory environment, they raise questions about what extent this autonomy could reach.
The risks here are not just hypothetical. If LLMS can carry out network infractions on their own, then the malicious actors could use them to climb attacks far beyond what is feasible with human teams.
Even tools such as the protection of the end point and the best antivirus software can be tested by such adaptive and receptive agents.
However, there are potential benefits for this capacity. A LLM capable of imitating realistic attacks could be used to improve system tests and expose failures that would otherwise go unnoticed.
“It only works in specific conditions, and we have no something that can attack autonomously to the Internet … but it is a first critical step,” Singer said in explaining that this work remains a prototype.
Even so, the ability of an AI to replicate an important violation with a minimum entry should not be ruled out.
Follow -up research is now exploring how these same techniques can be applied in defense, which can even allow ia agents to detect or block attacks in real time.
