{"id":408324,"date":"2026-02-05T00:15:11","date_gmt":"2026-02-05T00:15:11","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/408324\/"},"modified":"2026-02-05T00:15:11","modified_gmt":"2026-02-05T00:15:11","slug":"ai-agents-cant-pull-off-fully-autonomous-cyberattacks-yet-the-register","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/408324\/","title":{"rendered":"AI agents can’t pull off fully autonomous cyberattacks \u2013 yet \u2022 The Register"},"content":{"rendered":"

AI agents and other systems can’t yet conduct cyberattacks fully on their own \u2013 but they can help criminals in many stages of the attack chain, according to the International AI Safety report.<\/p>\n

The second annual report<\/a>, chaired by the Canadian computer scientist Yoshua Bengio and authored by more than 100 experts across 30 countries, found that over the past year, developers of AI systems have vastly improved their ability to help automate and perpetrate cyberattacks.<\/p>\n

Perhaps the best, and scariest, evidence of that finding appeared in Anthropic’s November 2025 report about Chinese cyberspies abusing its Claude Code AI tool<\/a> to automate most elements of attacks directed at around 30 high-profile companies and government organizations. Those attacks succeeded in “a small number of cases.”<\/p>\n

“At least one real-world incident has involved the use of semi-autonomous cyber capabilities, with humans intervening only at critical decision points,” according to the AI safety report. “Fully autonomous end-to-end attacks, however, have not been reported.”<\/p>\n

Two areas where AI is especially useful to criminals are scanning for software vulnerabilities<\/a> and writing malicious code<\/a>.<\/p>\n

During DARPA’s AI Cyber Challenge (AIxCC)<\/a> \u2013 a two-year competition in which teams built AI models to find vulnerabilities in open source software that undergirds critical infrastructure \u2013 finalist systems autonomously identified 77 percent<\/a> of the synthetic vulnerabilities used in the final scoring round, according to competition organizers.<\/p>\n

And while that is an example of defenders using AI to find and fix vulnerabilities, rather than attackers using AI to find and exploit them, criminals are using models in similar ways. Last northern summer, we saw attackers on underground forums claiming to use HexStrike AI<\/a>, an open-source red-teaming tool, to target critical vulnerabilities in Citrix NetScaler appliances within hours of the vendor disclosing the problems.<\/p>\n

Additionally, AI systems are getting much better at malware writing<\/a>, and criminals can trade weaponized models that write ransomware and data-stealing code for as little as $50 a month<\/a>.<\/p>\n

The good news for now, according to the report\u2019s authors, is that AI systems still aren’t great at carrying out multi-stage attacks without human help.<\/p>\n

“Research suggests that autonomous attacks remain limited because AI systems cannot reliably execute long, multi-stage attack sequences,” according to the report. “For example, failures they exhibit include executing irrelevant commands, losing track of operational state, and failing to recover from simple errors without human intervention.”<\/p>\n

Keep in mind, however, that this all was written before the security dumpster fire<\/a> that is OpenClaw \u2013 the AI agent previously known as Moltbot and Clawdbot<\/a> \u2013 and Moltbook, the vibe-coded social media platform for AI agents.<\/p>\n

So it’s also entirely plausible that the world won’t end with a sophisticated, autonomous multi-stage cyberattack dreamed up by a nation-state crew or criminal mastermind, but rather a single agent that goes off the rails. \u00ae<\/p>\n","protected":false},"excerpt":{"rendered":"AI agents and other systems can’t yet conduct cyberattacks fully on their own \u2013 but they can help…\n","protected":false},"author":2,"featured_media":408325,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[554,733,4308,86,56,54,55],"class_list":{"0":"post-408324","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-technology","12":"tag-uk","13":"tag-united-kingdom","14":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/408324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=408324"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/408324\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/408325"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=408324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=408324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=408324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}