top of page

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Search

Agentic AI is Changing CyberSecurity Faster Than Expected..

  • 56 minutes ago
  • 5 min read

Written by Anthony Giandomenico


The Shift: Not New, But Moving Fast


Agentic AI is not a new concept. At this point, most people in the industry have heard about it, and many have been experimenting with it in different forms. The idea of systems that can observe, plan, act, and iterate is not something that just showed up overnight.


What is changing, though, is the rate at which these systems are improving.

We are seeing models move beyond simple assistance into actually reasoning through problems. They are getting better at understanding systems, identifying vulnerabilities, and connecting steps together in ways that start to resemble how an attacker would think. That progression is happening quickly, and that is the part that stands out.

For those who have been following this space closely, this may not feel surprising. But for others who have been more skeptical or waiting to see how real this would become, a clear signal was recently sent to the cybersecurity industry that this shift is already underway.


The Signal: Project Glasswing


That signal is what we are starting to see with Project Glasswing from Anthropic. This is not really about one model or one company as much as it is about what the effort represents.


Glasswing is centered around a model called Mythos, which is being made available to a limited group of organizations under controlled access. The focus is on cybersecurity use cases, where the model can analyze code, identify vulnerabilities, reason through how those vulnerabilities could be exploited, and even suggest how to fix them.

None of those things on their own are entirely new, but the level of capability and the speed at which it is improving is what stands out.


What matters here is not just what the model can do, but how access is being handled. When you see capabilities like this introduced through controlled programs, it usually means the people building them understand the dual use nature of what they have created. The same capability that helps a defender find and fix a vulnerability faster can also help an attacker discover and exploit that same weakness at scale.

It is also worth thinking about who is getting access to something like this. While not everything is publicly detailed, it is clear that large, established players in the technology and security space are involved. Companies like Cisco, Microsoft, Google, Palo Alto Networks, and CrowdStrike are the types of organizations you would expect to see in programs like this.


That is a good thing, because it means the initial focus is on understanding and mitigating risk before these capabilities become more broadly available. At the same time, it raises an important question about whether this becomes the norm moving forward. Do we start to see advanced capabilities introduced through controlled early access before general release?


The Market Response: Low Human in the Loop Offense


If you take that signal and project it forward, it is not surprising that the market is already moving in this direction.


We are starting to see a new category emerge around what people are calling autonomous or near autonomous red teaming. A better way to describe it is low human in the loop offensive systems. Not because humans are removed entirely, but because the amount of manual effort required to explore and validate an environment is starting to decrease.


Companies like Armadin are building toward this model on the enterprise side, focusing on understanding how attackers move through environments rather than just identifying isolated issues. At the same time, companies like XBOW are applying similar ideas at the application layer, continuously testing and validating vulnerabilities.

What connects these approaches is the shift from point in time testing to continuous validation. Instead of identifying issues and stopping there, these systems are starting to validate whether those issues actually matter, how they can be chained together, and what they enable.


When you combine that with models that can reason through problems, you start to see the emergence of continuous attack loops. Not fully autonomous systems replacing human operators, but environments where machines are doing a significant portion of the exploration, testing, and iteration.


Walking the Attack: Where AI Changes the Game, and Where It Doesn’t


If you walk through an attack step by step, you can start to see pretty clearly why agentic AI is having the impact it is right now. It is not that it is suddenly great at everything. It is that it is already very strong in the parts of the attack process that matter most for speed, scale, and discovery.


On the reconnaissance side, a lot of this was already fairly mature before agentic AI. We have had scanners, OSINT tooling, and attack surface management platforms for years. Finding assets, identifying services, and collecting data was not the hard part. What is changing now is how that data gets used. Instead of just gathering information, these systems are starting to correlate it, map relationships between users and systems, and build a more complete picture of how an environment actually fits together.


It is also not just about discovering what exists anymore. It is about understanding the technology itself, how it is deployed, and where weaknesses might exist based on that context. That starts to blur the line between simple discovery and forming early hypotheses about how something could be attacked.


Where things start to shift more meaningfully is in vulnerability discovery. We are moving from tools that primarily identify patterns to systems that can reason about how something could actually be exploited. It is no longer just about flagging that something looks vulnerable. It is increasingly about understanding why it is vulnerable and what that means in practice.


From there, you get into lateral movement and attack path discovery, which is where this really starts to play to the strengths of these systems. Modern environments are essentially large graphs made up of identities, permissions, systems, and trust relationships. Machines are very good at working through those kinds of problems.

The piece that stands out the most is iteration. This is a superpower. An agentic system can test, adjust, and retry continuously, far beyond what a human operator could realistically do.


But then you see the limits.


When it comes to operational security, stealth, and judgment, this is not the same story. Knowing when to move, when to slow down, and how actions will be perceived in a real environment still requires human intuition. Real environments are messy, and that layer is not easily automated.


There is a difference between knowing the path and knowing whether you should take it.


Closing the Loop: What This Means for Defense


If offense is accelerating, defense has to evolve as well.


Most organizations are already trying to understand what vulnerabilities actually mean in their environment. The issue is not awareness. It is execution. Today, that process is slow, manual, and difficult to scale, which directly impacts how quickly organizations can remediate risk.


Instead of relying on manual analysis, organizations can start using these capabilities to validate exploitability, understand attack paths, and assess real impact in their environment. That improves decision making and speeds up remediation without removing human control.


And this is where things come full circle.


This is also where you start to see how this is materializing in the market. Companies like Armadin are building toward exactly this model, where environments are continuously tested and validated. Not just identifying issues, but proving what matters.

Offense and defense start to feed each other.

Offensive capabilities improve validation. Defensive needs drive continuous testing. And the result is a loop where environments are constantly being tested, validated, and improved.


In the end, this is not about eliminating vulnerabilities. It is about understanding risk faster and responding to it more effectively than before.

 

 
 
 

Comments

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

SOCIALS 

Facebook

Twitter

Instagram

Linkedin

RSS Feed

SUBSCRIBE 

Keeping you informed | Latest News

© 2018 Dr. Chaos 

bottom of page