In a groundbreaking development at the intersection of artificial intelligence and cybersecurity, researchers at Carnegie Mellon University, in partnership with Anthropic, have demonstrated that large language models (LLMs) can autonomously plan and carry out sophisticated cyberattacks on enterprise-grade networks without human intervention.
The research, led by Ph.D. candidate Brian Singer from the Department of Electrical and Computer Engineering, showed that when integrated with high-level planning capabilities and specialized agent frameworks, LLMs can simulate network intrusions that closely mirror real-world breaches. Remarkably, the team’s controlled experiments included an LLM replicating the 2017 Equifax data breach, autonomously exploiting vulnerabilities, installing malware, and exfiltrating data.
Cyber Technology Insights : SecurityBridge Acquires CyberSafe to Deliver Contextual SSO, MFA and Passwordless for SAP Users
“Our findings indicate that with the right structure and guidance, LLMs are capable of far more than basic tasks,” Singer explained. “They can plan and accomplish attack strategies that reflect the complexity of actual cyber intrusions.”
The team designed a hierarchical architecture in which the LLM functions as a strategist, creating attack plans and issuing high-level commands, while a combination of LLM and non-LLM agents executed low-level tasks such as network scanning and deploying exploits. This reach proved significantly more effective than earlier models that relied solely on LLMs issuing shell commands.
This research builds on Singer’s previous work aimed at developing autonomous attacker and defender tools that are accessible and programmable for human developers. Ironically, the ideas that simplified these systems for humans also made it easier for LLMs to carry out similar tasks autonomously.
While the research demonstrates powerful capabilities, Singer stressed that it remains at the prototype stage.
“This isn’t a threat that will take down the internet tomorrow,” he said. “The experiments were conducted in constrained, controlled environments—but it’s a significant step forward.”
Cyber Technology Insights : Commvault Unveils Clumio Backtrack for Amazon DynamoDB
The implications are twofold: the findings raise long-term safety concerns about potential misuse of advanced LLMs for malicious purposes, while also suggesting transformative defensive applications.
“Currently, only large organizations can afford comprehensive red team exercises to test their cybersecurity defenses,” Singer noted. “Our research suggests a future where AI systems can continuously test networks for vulnerabilities, making proactive protection accessible to smaller organizations as well.”
The project involved close collaboration with Anthropic, which provided both technical consultation and model credits. Faculty members and students from Carnegie Mellon University’s CyLab, the institution’s renowned security and privacy research center, also participated in the study. An early version of the findings was presented at a security workshop hosted by OpenAI in May.
Their paper, titled “On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks,” has already been cited in several industry reports and is helping shape safety guidelines for next-generation AI systems. The research was guided by faculty advisors Lujo Bauer and Vyas Sekar, co-directors of CMU’s Future Enterprise Security Initiative.
Looking ahead, the research team plans to explore how similar AI architectures can be leveraged to build autonomous defensive systems capable of detecting and responding to attacks in real time.
“We’re entering an era where cybersecurity will become AI versus AI,” Singer said. “Understanding both sides is crucial to staying ahead of threats.”
Cyber Technology Insights : Starseer Raises $2 Million Seed from Gula Tech to Boost AI Security, Transparency and Trust
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
