There is no shortage of alarmist claims about AI supercharging cyberattacks. Some of it is marketing. Some of it is misunderstanding. The truth sits somewhere in the middle.

Recent research from Anthropic (source: https://www.anthropic.com/news/disrupting-AI-espionage) examines how large language models can support operators across several stages of espionage activity. It is serious work that highlights legitimate risks, but it also needs to be read with a critical eye. Reports calling these attacks “90 percent autonomous” have already been challenged by security researchers, most notably in Ars Technica’s analysis, which argued that the operation was heavily human directed and only partially assisted by AI (source: https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/).

Both things can be true:

  1. The workflow was nowhere near autonomous.
  2. The speed and scale enabled by AI still matter.

AI does not replace attackers. It accelerates them. That acceleration is what defenders need to be preparing for.

Below is a breakdown of the attacker lifecycle phases described by Anthropic and how they intersect with the kinds of exposures organizations must continuously validate.

Phase 1: Reconnaissance and Target Profiling

AI makes recon faster, not more creative.

Anthropic showed how language models help operators collect open source intelligence, extract useful details from long documents, and build initial profiles of target organizations. None of this is new, but AI reduces the time and skill required to do it well.

This creates a simple imbalance: attackers can now analyze your external attack surface more frequently than most organizations do themselves.

Cloud assets appear and disappear. DNS drifts. Certificates expire. Firewall changes open services unintentionally. These shifts used to be caught quarterly. AI driven recon may revisit them daily.

This is where solutions like Sprocket’s attack surface monitoring provide value by watching for changes, not simply maintaining inventories. When a new exposure appears, validation begins immediately.

Phase 2: Information Access and Exploitation Support

AI helps identify possible weaknesses, but humans still determine what is exploitable.

Anthropic found that language models can help interpret access controls, identify potentially weak configurations, or analyze where expected defenses may be absent. This speeds up triage for attackers, but AI does not independently confirm exploitability.

That still requires real access, real chaining, and real testing against an actual environment.

This is the line between hypothetical and material risk. Automated tools may highlight potential weaknesses. Attackers, like pentesters, still need to validate them.

This is why continuous offensive security is built around validation rather than scanning. Automation flags possibilities. Human testers confirm what is real.

Phase 3: Multi Step Operations and Planning

AI assists with planning, not intuition.

Anthropic’s research showed that AI can help outline broad steps for intrusion sequences, privilege escalation, and lateral movement. These suggestions look like a cleaned up version of information already available in technical guides or training material.

What AI cannot do is adapt in real time to environmental friction. Real intrusions require creativity when things do not go as planned, such as:

  • Segmentation stopping a pivot
  • Logging controls limiting tool use
  • Authentication controls breaking a planned chain
  • Privilege levels not matching what the model assumed

Attackers still need intuition. AI helps with the outline, not the execution.

This mirrors how Sprocket’s internal testing works. Testers use real constraints inside each customer environment to determine what is genuinely possible.

Phase 4: Evasion and Operational Security Support

AI helps attackers be quieter, not more capable.

Anthropic demonstrated that AI can help operators reason through how to remain stealthy: avoid actions that generate alerts, lean on native tools instead of binaries, and use known techniques for living off the land.

This mirrors what advanced adversaries already do, because the most effective intrusions look like normal administrative behavior.

This is why low noise, native tooling, and realistic attacker movement matter during testing. If your detection controls cannot recognize misuse of legitimate tools, they cannot recognize real attackers either.

Phase 5: Analysis, Summarization, and Reporting

AI improves data processing, not compromise capabilities.

Anthropic showed that AI can help attackers summarize exfiltrated data or pull meaning out of large datasets quickly. This matters in one critical way: it shortens the time between access and impact.

In other words, if attackers can analyze data faster, defenders must reduce exposure faster.

This is where continuous retesting and shrinking the window between discovery and closure matter. The less time an exposure sits open, the less useful AI assisted analysis becomes.

Addressing the Autonomy Debate

Some early headlines suggested that the intrusion Anthropic modeled was nearly autonomous. The Ars Technica article correctly points out that this is misleading. The model supported the operator. It did not replace them. Researchers reviewing Anthropic’s work noted that the majority of meaningful steps still required human direction (source: https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/).

This debate is important because it grounds expectations.

The threat is not AI acting independently. The threat is human attackers moving faster, making fewer mistakes, and exploring more paths in the same amount of time.

Acceleration, not autonomy, is the operational risk.

How Continuous Validation Helps Defenders Keep Pace

If attackers can revisit your environment more frequently, defenders must validate exposures more frequently. This is the heart of continuous testing.

A few examples of how continuous validation aligns with the AI accelerated threat model:

  • New exposures trigger testing immediately rather than waiting for the next engagement.
  • Human testers validate what is actually exploitable instead of relying on theoretical risk.
  • Findings map to MITRE ATT&CK so teams understand which behaviors their controls cover or miss.
  • Fixes are retested continuously so exposure windows shorten.

This lets organizations adapt defensively at the same tempo attackers adapt offensively.

AI accelerates attackers. Continuous validation helps defenders keep up.