- The researchers recreated the hacking of Equifax and watched AI do everything without direct control
- The AI model has achieved a major violation with zero human entry
- Shell orders were not necessary, AI acted as a planner and delegated everything else
Great languages (LLM) models have long been considered useful tools in areas such as data analysis, content generation and code assistance.
However, a new study by Carnegie Mellon University, conducted in collaboration with Anthropic, raised difficult questions about their role in cybersecurity.
The study has shown that under the right conditions, LLM can plan and carry out complex cyber attacks without human guidance, suggesting a passage from simple assistance to complete autonomy in digital intrusion.
Puzzles with corporate environments
Previous experiences with cybersecurity AI were mainly limited to the “Capture-Dhail” scenarios, simplified challenges used for training.
The Carnegie Mellon team, led by doctoral candidate Brian Singer, went further by giving structured LLMS advice and integrating them into a hierarchy of agents.
With these parameters, they were able to test the models in more realistic network configurations.
In one case, they have recreated the same conditions that led to the violation of Equifax 2017, including the vulnerabilities and the layout documented in official reports.
The AI not only planned the attack, but also deployed malware and extracts the data, all without direct human orders.
What makes this research striking is the little raw coding that the LLM had to do. Traditional approaches often fail because models are struggling to execute Shell orders or analyze detailed newspapers.
Instead, this system relied on a higher level structure where the LLM acted as a planner while delegating levels lower than sub-agents.
This abstraction gave the AI enough context to “understand” and adapt to its environment.
Although these results were obtained in the controlled laboratory, they raise questions on the path of autonomy.
The risks here are not only hypothetical. If the LLM can carry out network violations by themselves, malicious actors could potentially use them to set up attacks far beyond what is possible with human teams.
Even tools such as the protection of final points and the best antivirus software can be tested by adaptive and reactive agents.
However, there are potential advantages to this capacity. An LLM capable of imitating realistic attacks could be used to improve system tests and expose faults that would otherwise go unnoticed.
“It only works in specific conditions, and we do not have something that could simply attack the internet independently … But this is an essential first step,” said Singer explaining that this work remains a prototype.
However, the ability of an AI to reproduce a major violation with a minimum of contribution should not be rejected.
The search for follow -ups now explores how these same techniques can be applied in defense, which even allows AI agents to detect or block attacks in real time.
