Forewarned is Forearmed: A Survey on Large Language Model-based Agents in Autonomous Cyberattacks

TL;DR

This survey reviews the rise of LLM-based autonomous agents in cyberattacks, highlighting their capabilities, threat potential, and the current challenges in defending against such sophisticated, scalable threats across various network types.

Contribution

It provides a comprehensive overview of LLM-based cyberattack agents, analyzing their functionalities, effectiveness, threat bottlenecks, and defense strategies, which is a novel synthesis in this emerging field.

Findings

LLM-based agents can autonomously execute complex cyberattacks.

Existing defenses are inadequate against autonomous LLM-driven attacks.

Future research is needed for effective defense mechanisms.

Abstract

With the continuous evolution of Large Language Models (LLMs), LLM-based agents have advanced beyond passive chatbots to become autonomous cyber entities capable of performing complex tasks, including web browsing, malicious code and deceptive content generation, and decision-making. By significantly reducing the time, expertise, and resources, AI-assisted cyberattacks orchestrated by LLM-based agents have led to a phenomenon termed Cyber Threat Inflation, characterized by a significant reduction in attack costs and a tremendous increase in attack scale. To provide actionable defensive insights, in this survey, we focus on the potential cyber threats posed by LLM-based agents across diverse network systems. Firstly, we present the capabilities of LLM-based cyberattack agents, which include executing autonomous attack strategies, comprising scouting, memory, reasoning, and action, and facilitating collaborative operations with other agents or human operators. Building on these capabilities, we examine common cyberattacks initiated by LLM-based agents and compare their effectiveness across different types of networks, including static, mobile, and infrastructure-free paradigms. Moreover, we analyze threat bottlenecks of LLM-based agents across different network infrastructures and review their defense methods. Due to operational imbalances, existing defense methods are inadequate against autonomous cyberattacks. Finally, we outline future research directions and potential defensive strategies for legacy network systems.