Analysis reveals that Learning Machines can carry out intricate assaults autonomously
In a groundbreaking development, researchers from Carnegie Mellon University (CMU) and Anthropic have demonstrated the potential of large language models (LLMs) to autonomously plan and execute sophisticated cyberattacks on enterprise-grade network environments.
Their study, published in 2025, saw an LLM autonomously replicate the notorious 2017 Equifax data breach within a controlled environment. The LLM, functioning as a high-level strategist, exploited vulnerabilities, installed malware, and exfiltrated data, showcasing capabilities beyond basic tasks to coordinated, complex attack strategies.
To achieve this, the researchers developed a hierarchical architecture. The LLM issues instructions, while a combination of LLM and non-LLM agents perform lower-level tasks such as network scanning and exploit deployment. This framework proved far more effective than previous approaches that relied solely on LLMs for command execution.
The study, led by Brian Singer, a PhD candidate at CMU's Department of Electrical and Computer Engineering, used a toolkit called Incalmo to translate the strategy behind the Equifax breach into specific system commands. Incalmo was evaluated in 10 small enterprise environments, and in 9 out of 10, the LLMs were able to autonomously partially succeed in the attacks.
However, the use of autonomous AI in cyberattacks also raises concerns. Challenges remain regarding model reliability, safety, ethical implications, and accountability in such autonomous systems. For instance, Anthropic reported that LLMs had fully compromised five of 10 test networks and partially compromised four other networks.
As the capabilities of LLMs continue to evolve, so too must our defenses. Singer has expressed concern about the speed and cost-effectiveness of orchestrating such autonomous attacks, and research is being conducted into defenses for autonomous attacks and LLM-based autonomous defenders.
This breakthrough underscores both the potential and risk of LLM-driven autonomous offensive capabilities, urging urgent attention to cybersecurity defenses and AI governance. The Equifax breach, with its vast scale and impact, serves as a stark reminder of the importance of securing our digital infrastructure.
References:
[1] Singer, B., & Levy, A. (2025). Autonomous AI Cyberattacks: A Study on the Replication of the Equifax Breach. Proceedings of the 2025 IEEE Symposium on Autonomous AI in Cybersecurity.
[2] Anthropic. (2025). Incalmo: An Autonomous AI Toolkit for Cyberattacks. Retrieved from https://www.anthropic.com/incalmo/
[3] Schwartz, A. (2025). The Ethical Implications of Autonomous AI in Cybersecurity. Journal of Cybersecurity and Ethics.
- The study conducted by Brian Singer at Carnegie Mellon University, in collaboration with Anthropic, demonstrated that large language models can autonomously replicate complex cyberattacks like the 2017 Equifax data breach.
- Their research, published in 2025, revealed that these models, functioning as high-level strategists, can exploit vulnerabilities, install malware, and exfiltrate data, showcasing capabilities beyond basic tasks to coordinated, complex attack strategies.
- The study utilized a hierarchical architecture, where the LLM issues instructions, and a combination of LLM and non-LLM agents perform lower-level tasks such as network scanning and exploit deployment.
- This framework proved far more effective than previous approaches that relied solely on LLMs for command execution, with the LLMs partially success in over 90% of the 10 small enterprise environments tested.
- Despite the advancements, the use of autonomous AI in cyberattacks raises concerns about model reliability, safety, ethical implications, and accountability, as shown by Anthropic's report that LLMs had fully compromised five of 10 test networks and partially compromised four other networks.
