The Autonomous Adversary

For as long as we've defended systems, one quiet constant held the whole game together: an attack moved at the speed of a person. A human had to read the foothold, decide the next step, type the command, and wait. Every response budget we've ever built was tuned to that human rhythm: how fast we detect, how fast we respond, the analyst we keep on call. This week's Sysdig report is the clearest sign yet that the rhythm is changing. In the incident Sysdig documented, an attacker broke into an exposed notebook tool and handed the rest to an AI agent. The agent took it from there: it found cloud credentials, replayed them through a spread of addresses to dodge alarms, pulled a private key out of a secrets store, hopped to an internal server, opened eight sessions at once, and dumped an entire database. Start to finish in under an hour. The striking part isn't a new exploit. It's that the agent was deciding as it went, composing commands in real time and improvising as it learned the environment. The honest caveat fits in one breath: this is one firm's investigation, and a human still chose the target and pointed the agent. But the minute-to-minute hacking, the part that used to demand a skilled human at a keyboard, ran itself. So here's the thesis I keep landing on: you've tuned your defenses for a human adversary who is becoming optional. The mean-time-to-respond targets, the on-call rotations, the "we'll catch it on review" assumptions: all of it was sized against an opponent who needed sleep and could only do one thing at a time. An agent that works in parallel, never tires, and adapts on the fly collapses the window you were counting on. And as that capability turns into cheap, copyable tooling, the cost of mounting a competent attack falls, which means the cost of being worth attacking falls with it. So stop optimizing for an attacker who sleeps. Assume the adversary never tires, never pauses, and runs ten moves at once, then harden the environment it has to cross: least privilege, tight blast radius, detection that watches for stolen outcomes at machine speed. The human attacker isn't gone. He just doesn't have to show up for work anymore.