To Defend Against Cyber Attacks, We Must Teach AI Agents to Hack

TL;DR

This paper argues that defending against AI-driven cyber attacks requires developing offensive AI capabilities in controlled environments, as current defenses are insufficient against adaptive adversaries exploiting AI vulnerabilities.

Contribution

It introduces a new strategic approach emphasizing offensive AI development for cybersecurity, including benchmarks, trained agents, and governance frameworks.

Findings

Existing defenses are ineffective against adaptive AI adversaries.

Offensive AI capabilities are essential for robust cybersecurity.

Proposed actions include comprehensive benchmarks and controlled development environments.

Abstract

For over a decade, cybersecurity has relied on human labor scarcity to limit attackers to high-value targets manually or generic automated attacks at scale. Building sophisticated exploits requires deep expertise and manual effort, leading defenders to assume adversaries cannot afford tailored attacks at scale. AI agents break this balance by automating vulnerability discovery and exploitation across thousands of targets, needing only small success rates to remain profitable. Current developers focus on preventing misuse through data filtering, safety alignment, and output guardrails. Such protections fail against adversaries who control open-weight models, bypass safety controls, or develop offensive capabilities independently. We argue that AI-agent-driven cyber attacks are inevitable, requiring a fundamental shift in defensive strategy. In this position paper, we identify why existing defenses cannot stop adaptive adversaries and demonstrate that defenders must develop offensive security intelligence. We propose three actions for building frontier offensive AI capabilities responsibly. First, construct comprehensive benchmarks covering the full attack lifecycle. Second, advance from workflow-based to trained agents for discovering in-wild vulnerabilities at scale. Third, implement governance restricting offensive agents to audited cyber ranges, staging release by capability tier, and distilling findings into safe defensive-only agents. We strongly recommend treating offensive AI capabilities as essential defensive infrastructure, as containing cybersecurity risks requires mastering them in controlled settings before adversaries do.