- Researchers recreated Equifax -Hacked and then AI do everything without direct control
- AI model performed successfully a large break with zero human input
- Shell commands were not needed, AI acted as a planner and delegated everything else
Large language models (LLMs) have long been considered useful tools in areas such as data analysis, content generation and code help.
However, a new study by Carnegie Mellon University, conducted in collaboration with anthropic, has raised difficult questions about their role in cyber security.
The study showed that under the right conditions, LLMs can plan and perform complex cyber attacks without human guidance, suggesting a shift from pure help to full autonomy in digital intrusion.
From riddles to corporate environments
Previous experiments with AI in Cyber Security were mostly limited to the “Capture-The-Flag” scenarios, simplified challenges used for training.
Carnegie Mellon -Team, led by Ph.D. -Candidate Brian Singer, went on by giving LLM’s structured guidance and integrating them into a hierarchy of agents.
With these settings, they were able to test the models in more realistic network setups.
In one case, they recreated the same conditions that led to the Equifax violation in 2017, including vulnerabilities and layout documented in official reports.
AI not only planned the attack, but also implemented malware and extracted data, all without direct human commands.
What makes this research striking is how little raw coding llm had to perform. Traditional approaches often fail because models struggle to perform Shell commands or analyzed detailed logs.
Instead, this system depended on a higher level structure where LLM served as a planner while delegating lower -level actions.
This abstraction gave AI enough context to “understand” and adapt to its environment.
Although these results were obtained in a controlled laboratory setting, they raise questions about how far this autonomy could go.
The risk here is not only hypothetical. If LLMs can perform network fractures on their own, malicious actors can potentially use them to scale attacks far beyond what is possible with human teams.
Even tools like Endpoint Protection and the best antivirus software can be tested by such adaptive and responsive agents.
Nevertheless, there are potential benefits of this capacity. An LLM capable of mimicking realistic attacks can be used to improve system tests and expose deficiencies that would otherwise go unnoticed.
“It only works under specific conditions, and we don’t have anything that can just autonomously attack the Internet … But it’s a critical first step,” Singer said in explaining that this work remains a prototype.
Still, an AI’s ability to repeat a major violation with minimal input should not be rejected.
Follow-up studies are now investigating how these same techniques can be used in the defense, which potentially enables AI agents to detect or block real-time attacks.
