We demonstrate the operational feasibility of autonomous AI agents in the post-exploitation phase of cyber operations. Our proof-of-concept uses a commercial USB device to deploy an AI agent that conducts reconnaissance, exfiltrates data, and spreads laterally—all without human intervention.

Development took one engineer one week; operation costs are under $1 per engagement. This shifts the economics for attackers: tasks that slow human teams down can now be automated at scale. State actors including APT28 are already deploying similar AI-driven capabilities in active campaigns.

Learn more