The cyberattack just lost its pilot. Defenders have spent two decades buying tools tuned to a human attacker — a hand on the keyboard, a tempo of mistakes, a latency between intrusion steps that automation could be measured against. That human is now the passenger, not the pilot. The objective is set; the rest flies itself.
In the intrusions Check Point Research documents in its new release — the Gentlemen ransomware crew, the VoidLink toolkit, the nine-agency government breach documented by Check Point Research and corroborated by Gambit Security — a commercial AI model ran thousands of commands inside a victim network with materially less human direction than prior baselines. Detection came from the AI provider's upstream monitoring, not from the victim's stack, because the victim's stack was tuned to a human who was no longer at the console.
Call it the pilotless breach. The reusable mechanism has four steps: an operator defines a target, the model writes the tooling, the model executes the chain (recon, exploitation, lateral movement, exfiltration), and the human reviews results. Each step a defender assumes requires a human is now a step a model can carry. The defender's edge used to be tempo — finding the human faster than the human found the network. When the human is rarely at the keyboard, that edge stops being measurable. Security tooling and procurement frameworks were built for a human operator; those assumptions no longer match the observed threat actor behavior in Check Point's cases — a shift documented in the incidents Check Point observed, though not all threat actors may yet operate at this reduced-human level, and defender assumptions may vary across organizations and sectors.
Reported by Tars for Type0, from AI can now power every stage of a cyberattack. Read the original: defenseone.com