In September 2025, Anthropic disclosed a groundbreaking incident—the world’s first autonomous AI-driven cyberattack. This event, documented as the first large-scale cyber offensive primarily executed by AI with minimal human intervention, underscored the immense threat posed by AI agents in malicious applications.
The attackers posed as representatives of a legitimate cybersecurity firm conducting a defense assessment. They developed a custom orchestration framework, leveraging Claude Code and the Model Context Protocol to break down complex, multi-stage attacks into discrete technical tasks—each appearing legitimate when evaluated in isolation. Throughout the attack, AI autonomously completed 80%-90% of the tasks, with human intervention limited to 4-6 critical decision points per cycle.
The significance of this event lies in its demonstration of AI’s vast potential in cyber warfare. Such systems can operate autonomously for extended periods, executing intricate tasks with minimal human oversight, dramatically increasing the feasibility of large-scale cyberattacks. The report highlights that as attack methodologies rapidly evolve, AI-powered agents can now perform tasks previously requiring entire teams of experienced hackers—including target system analysis, attack code generation, and processing massive stolen data. Even resource-constrained organizations could potentially launch such operations.
The AI-powered cybersecurity market is expanding rapidly, with significant growth projected in the coming years. According to the AI in Cybersecurity Market (2025-2030) report, the global market for AI in cybersecurity was valued at $25.35 billion in 2024 and is expected to reach $93.75 billion by 2030, growing at a compound annual growth rate (CAGR) of 24.4%. The generative AI in cybersecurity market is growing even faster, with a projected CAGR of 26.5%.
Given this environment, “AI vs. AI” has become a critical requirement for both offensive and defensive cybersecurity strategies, with intelligent security frameworks leading the way in defining a new security paradigm. In terms of application, AI has already been deeply integrated into security operations, attack and defense, threat intelligence, and code detection, while gradually expanding into advanced areas such as red team testing and automated response. The growing demand for integrated security capabilities is driving the adoption of AI-driven unified security operations platforms, which are becoming the dominant trend in the industry.
In 2025, the United States prioritized AI-driven cybersecurity, as highlighted in the July release of the U.S. AI Action Plan. This plan designates secure and resilient AI deployment as a core initiative, mandating that AI systems in security-critical sectors incorporate secure-by-design principles and advanced threat detection capabilities. The NIST COSA (Cybersecurity for AI) framework was also introduced to align with federal standards and address AI-specific vulnerabilities.
Globally, leading cybersecurity firms are expanding AI applications across a broader range of security scenarios. Threat detection and security operations remain primary focus areas, with international vendors leveraging multi-agent, multi-vertical LLMs to transition toward real-time, proactive security measures. Vulnerability management represents a cutting-edge AI application scenario, shifting from passive scanning and patching to predictive analysis, intelligent assessment, and automated response.
AI-powered cybersecurity has now fully transitioned to an AI Agent-centric stage, entering a new era of AI vs. AI cyber warfare. In 2025, security LLMs have been increasingly tailored for industry-specific and vertical applications, delivering more precise and efficient solutions.
