# AI offensive and defensive cybersecurity capabilities

The integration of artificial intelligence into cybersecurity architecture represents a fundamental paradigm shift that alters the operational dynamics, economic calculus, and execution velocity of digital operations. The emergence of frontier large language models (LLMs) and advanced machine learning frameworks has introduced dual-use capabilities that scale the speed, sophistication, and automation of both threat actors and defensive infrastructures [cite: 1, 2]. Current assessments of the "marginal risk" of frontier AI—defined as the novel or heightened cyber threats arising specifically from its misuse—indicate an asymmetric operational landscape. While the overall capability of fully autonomous artificial intelligence remains bounded by constraints in long-horizon planning and state space explosion, its immediate influence on offensive operations is significantly more pronounced than its integration into enterprise defense [cite: 3]. Attackers are successfully leveraging these tools to reduce technical barriers and automate mass exploitation, while defenders face structural challenges in operationalizing automated remediation and maintaining the integrity of AI safety guardrails [cite: 3, 4].

This analysis provides an exhaustive examination of artificial intelligence capabilities in cybersecurity, evaluating the transition from traditional machine learning to generative models, quantifying autonomous offensive and defensive proficiencies, detailing the structural limitations of current architectures, and assessing the efficacy of safety mechanisms governing these systems.

## Evolution of Artificial Intelligence in Security Systems

The application of artificial intelligence in cybersecurity is not novel; however, the underlying technologies have transitioned significantly over the past decade. It is necessary to distinguish between traditional machine learning models and the contemporary deployment of generative artificial intelligence and autonomous agents, as they operate on fundamentally different architectures and address distinct operational requirements.

Traditional artificial intelligence and statistical machine learning have been established technologies in enterprise defense for anomaly detection, traffic classification, and signatureless malware identification [cite: 2, 5]. These systems excel at well-defined, deterministic problems but lack the flexibility to handle complex, unstructured, or generative tasks [cite: 5]. The deployment of deep learning models, specifically Convolutional Neural Networks (CNNs) and Generative Adversarial Networks (GANs), enhanced the capability to detect objects or synthesize crude data, yet they remained highly specialized and required significant technical expertise to train and deploy [cite: 5].

The contemporary era is defined by the advent of Large Language Models (LLMs) and Generative AI. Powered by transformer architectures, LLMs can contextualize vast datasets, synthesize logic, parse unstructured threat intelligence, and generate natural language or compiled code from scratch [cite: 5, 6]. Generative AI represents a democratizing force in cybersecurity, allowing operators to execute complex scripts or analyze packet captures using natural language prompts [cite: 7]. Building upon LLMs, the industry is currently transitioning toward Agentic AI, where models are scaffolded with tools and decision-making frameworks to execute autonomous, multi-step workflows over extended time horizons [cite: 8]. 

| Technology Paradigm | Primary Cybersecurity Capability | Enterprise Application Sweet Spots | Compute / Infrastructure Footprint |
| :--- | :--- | :--- | :--- |
| **Traditional AI / Expert Systems** | Deterministic reasoning, decision automation, compliance checks. | Workflow orchestration, rule-based firewall filtering, auditable policy enforcement. | Low to moderate; standard CPU clusters often sufficient [cite: 8]. |
| **Machine Learning (ML)** | Prediction, classification, and statistical anomaly detection. | Fraud detection, predictive risk scoring, user behavior analytics (UBA). | Moderate; specialized GPUs accelerate training but inference is lightweight [cite: 8]. |
| **Large Language Models (LLMs)** | Natural-language understanding, semantic parsing, code generation. | Threat intelligence summarization, vulnerability script generation, automated log parsing. | High; multi-GPU or TPU clusters required for fine-tuning and active inference [cite: 8]. |
| **Agentic AI** | Autonomous multi-step execution, dynamic replanning, tool orchestration. | Autonomous penetration testing, automated patch deployment, interactive red-teaming. | Very High; requires complex infrastructure, continuous API calls, and memory scaffolding [cite: 8]. |

## Offensive Artificial Intelligence Capabilities

The offensive application of artificial intelligence has transitioned rapidly from experimental payload generation to operational deployment in active threat campaigns. Threat actors are embedding generative models directly into their attack chains to automate reconnaissance, dynamically adapt malware, and execute highly personalized social engineering at machine speed [cite: 9, 10].

### Industrialized Social Engineering and Phishing Operations

The most statistically significant operational impact of generative AI on offensive security has been the industrialization of social engineering. Threat intelligence from late 2024 to early 2025 indicates that social engineering incidents surged by 135%, while voice phishing (vishing) campaigns increased by 260% due to the integration of deepfake voice cloning technologies [cite: 3]. According to incident analyses by the European Union Agency for Cybersecurity (ENISA), AI-assisted phishing accounted for over 80% of all observed social engineering campaigns globally by early 2025 [cite: 11, 12, 13].

While empirical studies from 2023 indicated that AI-generated lures were marginally less effective than bespoke human-crafted equivalents, longitudinal data from late 2024 onward demonstrates that fully automated AI phishing can now rival expert human attackers [cite: 3]. Models are utilized to scrape targets' public profiles, match brand tones, reference specific invoice numbers, and generate grammatically flawless messages across multiple languages without the traditional spelling errors that previously served as indicators of compromise [cite: 13]. 

The barrier to entry for low-skilled actors has been virtually eliminated by the emergence of "jailbroken" or retrained models offered as Phishing-as-a-Service on underground forums. Frameworks such as WormGPT, FraudGPT, and EscapeGPT operate entirely without ethical guardrails, automating the production of convincing lures and supporting novel techniques like "ClickFix" scams [cite: 11, 12, 14]. Furthermore, attackers have successfully weaponized the public interest in AI by establishing fraudulent domains for tools like Kling AI and DeepSeek-R1, using these platforms as lures to distribute information-stealing malware [cite: 12, 14].

### Automated Exploit Generation and Payload Construction

Adversaries are utilizing commercial models to accelerate vulnerability research and payload development. The capability to automatically translate a published Common Vulnerabilities and Exposures (CVE) description into a functional Proof of Concept (PoC) exploit represents a major escalation. Benchmark testing reveals that state-of-the-art commercial models, such as GPT-4o, achieve a 75% pass@1 success rate for PoC generation on specific datasets [cite: 3].

In 2025, cybersecurity monitoring agencies identified the first known zero-day exploit developed entirely with the assistance of artificial intelligence [cite: 15, 16]. The threat actors utilized models to recursively analyze software repositories, issuing thousands of repetitive prompts to identify blind spots and construct an exploit for a planned mass exploitation event before being proactively intercepted [cite: 15, 16]. Beyond initial access, AI is utilized to optimize ransomware payloads for evasion, automating the extraction and encryption phases to minimize the operational window available to defenders [cite: 13]. Consequently, the average eCrime breakout time—the duration required for an attacker to move laterally after an initial compromise—fell to 29 minutes in 2025, representing a 65% increase in speed from the previous year, with the fastest recorded breakout occurring in just 27 seconds [cite: 17, 18]. 

### Covert Command and Control Architectures

To evade modern Endpoint Detection and Response (EDR) platforms, attackers are re-engineering Command and Control (C2) architectures to leverage cloud-based artificial intelligence services as covert proxies. In these "AI in the Middle" configurations, AI assistants with web-browsing or URL-fetching capabilities are abused as intermediaries between deployed malware and attacker-controlled infrastructure [cite: 19, 20].

[image delta #1, 0 bytes]





In practice, a compromised endpoint executes a localized implant that prompts a legitimate service (e.g., Microsoft Copilot or Grok) to fetch and summarize content from a specific external URL. The malware exfiltrates stolen data via URL query parameters, and the attacker encodes subsequent operational commands within the text that the AI retrieves and summarizes [cite: 19, 20]. Because the telemetry originates from an authorized AI API endpoint and travels through trusted cloud domains, it effectively bypasses traditional signature-based detection and firewall egress rules [cite: 19, 20]. This mechanism demonstrates a broader shift toward "AI-driven malware," where the malware's decision-making logic is not statically compiled but dynamically retrieved and interpreted through real-time interaction with an LLM [cite: 19, 20].

## Autonomous Penetration Testing and Benchmarks

The capability of autonomous agents to execute end-to-end cyber operations is rigorously measured using Capture the Flag (CTF) environments and structured vulnerability benchmarks. These evaluations provide a quantifiable baseline for comparing artificial intelligence against human expertise.

### Benchmark Methodologies and CTF Environments

Cybersecurity researchers have developed specialized, open-source datasets to evaluate model performance autonomously. The NYU CTFBench provides 200 challenges sourced from university-level Cybersecurity Awareness Week (CSAW) competitions, complete with Dockerized environments to facilitate agent interaction [cite: 21, 22]. Similarly, the Intercode-CTF dataset encompasses high-school level challenges from the PicoCTF platform, while CyBench and Hack The Box provide more advanced, real-world penetration testing targets [cite: 21, 22, 23].

Applying the METR (Model Evaluation for Threat Research) methodology across these datasets, researchers have observed that the task length horizon—the duration of a task an AI can complete autonomously—is expanding rapidly. As of mid-2025, cyber task horizons are doubling approximately every five months, with frontier models capable of solving challenges requiring up to one hour of median human effort [cite: 23, 24]. 

### Live Competition Parity and Enterprise Simulation

The theoretical capabilities of these models were empirically validated in head-to-head live competitions. During the "AI vs. Humans" CTF organized by Palisade Research and Hack The Box, fully autonomous AI teams competed against 403 registered human teams over a 48-hour period [cite: 24, 25]. The results demonstrated unprecedented parity: the best AI team achieved top-5% performance overall, and five out of eight participating AI agents solved 19 of the 20 challenges (a 95% solve rate) [cite: 24, 25]. These agents operated at near-human speed, often submitting correct flags within minutes of elite human players [cite: 25].

| Evaluation Environment | Primary Metric / Target Audience | Peak Autonomous AI Performance | AI vs. Human Comparative Baseline |
| :--- | :--- | :--- | :--- |
| **NYU CTFBench** | 200 CSAW CTF challenges (University Level). | D-CIPHER multi-agent system achieved 22.0% solve rate autonomously [cite: 21]. | State-of-the-art models match experts in standard proofs but struggle with deep abstract mathematics [cite: 21]. |
| **Live CTF (Palisade/HTB)** | 48-hour Jeopardy-style competition. | 19 out of 20 challenges solved (95%). Placed in the top 20 globally [cite: 24, 25]. | Outperformed 90% of human participants; matched elite teams in speed of resolution [cite: 24, 25]. |
| **Intercode-CTF** | 100 PicoCTF challenges (High School Level). | Resolved 95% of challenges using straightforward prompting strategies [cite: 25]. | AI saturates low-level tasks, completing them in seconds compared to minutes for human novices [cite: 25]. |
| **Hack The Box (HTB)** | Real-world simulated active machine targets. | PentestGPT compromised 4 out of 10 targets; CAI reached top-500 globally [cite: 21, 26]. | Achieved top-tier rankings rapidly, reducing security testing costs by an average of 156x [cite: 21]. |

In enterprise penetration testing simulations, the PentestGPT framework was deployed against live Hack The Box machines. Utilizing a tri-module architecture (reasoning, generation, and parsing) to mimic the structure of a human red team, the model successfully completed four out of ten active machines (four easy, one medium) [cite: 26, 27]. The evaluation highlighted high cost-efficiency, completing the challenges with a total OpenAI API expenditure of $131.50, averaging $21.90 per target—a fraction of the cost of engaging human professionals [cite: 26, 27]. 

## State-Aligned and Advanced Persistent Threat Adoption

The operational advantages of artificial intelligence have prompted rapid adoption by nation-state actors and Advanced Persistent Threats (APTs). Intelligence reports from 2025 and 2026 detail the integration of AI by a strategic bloc of "Digital Autocracies," including China, Russia, Iran, and North Korea, leveraging these technologies to project power and bypass Western sanctions at machine speed [cite: 9]. 

### Geographic Distribution and Threat Actors

Adversaries are utilizing both commercial platforms and domestic AI ecosystems to enhance their operations. According to threat intelligence from Google's Mandiant and CrowdStrike, AI-enabled adversary operations increased by 89% year-over-year [cite: 17]. 

*   **China-Nexus Operations:** Operating under the "AI Plus" initiative, China has achieved an end-to-end domestic AI ecosystem [cite: 9]. Groups such as Salt Typhoon and Silk Typhoon have targeted communications and IT infrastructure in North America, while Earth Kasha (associated with APT10) continues to utilize sophisticated spear-phishing against government institutions in Taiwan and Japan [cite: 9, 28]. Anthropic recently disclosed incidents involving AI-orchestrated reconnaissance and data exfiltration linked to state-sponsored Chinese actors [cite: 16].
*   **North Korea (DPRK-Nexus):** Facing challenges in competing with tier-one domestic models, DPRK actors heavily leverage commercial Western LLMs. The group Famous Chollima utilizes generative models to create highly convincing personas and LinkedIn profiles to support espionage and financial theft [cite: 12]. Furthermore, APT45 has demonstrated sophisticated approaches to vulnerability research, utilizing iterative AI prompting to detect zero-day vulnerabilities in targeted software [cite: 10, 15].
*   **Russia-Nexus:** Russian intelligence operations heavily utilize AI for Foreign Information Manipulation and Interference (FIMI). In 2025, actors like FANCY BEAR deployed LLM-integrated active malware, such as LAMEHUG, to automate reconnaissance and document collection within compromised networks [cite: 9, 17]. 

### Military and Strategic Integration

Beyond cyberespionage, artificial intelligence is being tightly integrated into military Command and Control (C2) systems. Programs such as Project Maven represent the transition from theoretical models to practical battlefield applications [cite: 29]. AI accelerates the C2-cycle—sensing, processing, sensemaking, and decision support—by analyzing massive streams of multi-domain intelligence and bringing actionable intelligence to commanders [cite: 29]. However, military analysts warn that the integration of AI introduces severe vulnerabilities, as the models themselves can be subjected to data poisoning and cyberattacks, necessitating robust human-machine teaming protocols [cite: 29, 30].

## Defensive Artificial Intelligence Capabilities

While the cybersecurity discourse frequently focuses on offensive escalation, artificial intelligence is concurrently modernizing enterprise defense. Defensive frameworks leverage semantic understanding and rapid data processing to automate vulnerability patching, detect evasive malware, and enforce network resilience [cite: 1, 31].

### Automated Vulnerability Detection and Patching

Timely remediation of software vulnerabilities is critical to preempting exploitation. Historically, the process of writing, testing, and deploying patches has been manual and prone to semantic errors. Automated Program Repair (APR) systems are now utilizing LLMs to synthesize functional code patches autonomously [cite: 32, 33]. Unlike traditional generate-and-validate (G&V) models that rely on rigid templates, modern tools like ChatRepair operate conversationally, feeding test failure information back into the LLM to recursively improve the patch without repeating errors [cite: 33].

Systems such as LLMPatch have demonstrated remarkable efficacy by leveraging adaptive prompting architectures. Evaluated against 306 real-world vulnerability samples, LLMPatch deployed on the GPT-4 architecture achieved an F1 score of 57.18% and a recall of 66.98% [cite: 32]. 



This performance drastically exceeds traditional deep-learning models like VulRepair (34.58% F1) and pattern-based tools like Getafix (20.58% F1) [cite: 32].

[image delta #2, 0 bytes]

 Furthermore, LLMPatch successfully resolved zero-day vulnerabilities that baseline systems could not comprehend [cite: 32]. The viability of autonomous remediation was heavily validated during the DARPA AI Cyber Challenge (AIxCC), where finalist teams deployed fully automated Cyber Reasoning Systems (CRSs). These pipelines combined LLMs with fuzzing and symbolic execution to successfully detect 77% of injected vulnerabilities and correctly patch 61% of them with human-quality, upstreamable code [cite: 34].

### Network Traffic Analysis and Behavioral Telemetry

Defensive AI is modernizing Security Information and Event Management (SIEM) platforms by transitioning from static Indicators of Compromise (IOCs)—such as known malicious IP addresses or file hashes—to dynamic Indicators of Activity (IOAs) [cite: 35]. Because adversaries now generate highly polymorphic payloads that alter byte-level signatures upon compilation, static rule-based detection is increasingly obsolete [cite: 18, 36]. 

To counter this, defenders utilize deep learning models, such as Multi-Layer Perceptrons (MLPs) and Convolutional Neural Networks (CNNs), combined with real-time behavioral analytics. These models analyze API access patterns, token usage metrics, and temporal command sequences to identify anomalous intent [cite: 35, 37, 38]. For instance, MLP models trained on custom network datasets have demonstrated a 99% detection rate for encrypted, polymorphic Command and Control (C2) traffic originating from sophisticated frameworks like Cobalt Strike and Emotet, relying on structural metadata rather than payload signatures [cite: 37, 38].

Organizations systematically track these AI-specific vulnerabilities and defensive countermeasures using frameworks such as MITRE ATLAS, which maps adversarial tactics directly against AI system components [cite: 39].

| Threat Vector / Vulnerability | MITRE ATLAS Technique | Defensive Countermeasure / Mitigation Strategy |
| :--- | :--- | :--- |
| **Prompt Injection** | AML.T0051 | Implement robust input validation, application-layer prompt sanitization, and context-aware filtering [cite: 39]. |
| **Data Poisoning** | AML.T0020 | Establish training data provenance, monitor data integrity pipelines, and utilize adversarial training [cite: 39, 40]. |
| **Model Theft / Extraction** | Model Extraction | Monitor inference API access patterns for anomalies; restrict querying velocity [cite: 39]. |
| **Supply Chain Compromise** | ML Supply Chain Compromise | Enforce Software Bill of Materials (SBOMs) for AI; scan PyPI repositories for trojanized dependencies [cite: 14, 39, 41]. |

### Security Hygiene and Architectural Enforcement

Despite advancements in threat detection, the deployment of AI in enterprise defense faces structural bottlenecks. The UK National Cyber Security Centre (NCSC) has warned that deploying AI to rapidly discover vulnerabilities does not inherently improve security; it can exacerbate risk if the organization lacks the infrastructure to triage, manage, and deploy fixes at the same velocity [cite: 4]. Basic cyber hygiene, including rigorous patch management and asset tracking, remains the critical foundation for resilience [cite: 4, 42, 43].

Furthermore, defensive strategies relying entirely on behavioral detection are increasingly vulnerable to "AI in the loop" adversary testing. Threat actors use their own agentic workflows to automatically test malware implants against production-grade endpoint detection engines, rapidly iterating the code until it successfully evades behavioral rules [cite: 36]. Consequently, experts advocate for architectural enforcement—such as strict network segmentation and zero-trust identity controls—as the foundational layer of defense. These mechanisms mathematically limit access and prevent lateral movement, rendering behavioral evasion techniques irrelevant [cite: 36, 43, 44].

## Technical Limitations of Autonomous Agents

Despite achieving parity in constrained environments, the assertion of full "open-world autonomy" in cyber operations remains bounded by fundamental technical limitations within modern neural architectures, specifically regarding state space exploration and long-term planning horizons.

### State Space Explosion and Planning Bottlenecks

In both offensive exploit generation and complex defensive remediation, AI agents must navigate environments with massive combinatorial complexity. In traditional Automated Exploit Generation (AEG) that relies on symbolic execution, systems explore potential execution paths to identify vulnerabilities. As program size increases, the number of paths grows exponentially—a phenomenon known as "State Space Explosion" [cite: 45, 46, 47].

Large language models suffer from parallel cognitive limitations when dealing with extensive action spaces. Research comparing action representations reveals that "Planning with Actions" (PwA)—where an agent selects from a list of all possible immediate commands—fails catastrophically when the environment scales [cite: 48, 49]. Empirical studies observed an inflection point between simple environments like ALFWorld (~35 actions) and complex environments like SciWorld (~500 actions). To scale effectively, agents require "Planning with Schemas" (PwS), allowing them to instantiate abstract strategies into concrete commands, though this demands significantly higher inherent model reasoning capacity [cite: 48, 49].

### Context Degradation and Operational Fragility

As penetration testing operations extend over long durations, LLMs suffer from severe context degradation. Benchmarking of the PentestGPT framework highlights critical operational limitations. Models frequently lose awareness of previous test outcomes as the token window reaches its limit, dropping vital details necessary for cohesive exploitation strategies [cite: 27]. 

Additionally, agents exhibit a strong "recency bias" and fall into depth-first search traps, becoming excessively anchored to a single service or attack vector and failing to pivot laterally when progress stalls [cite: 27]. In high-stress scenarios lacking context, models are prone to hallucination—fabricating non-existent testing tools, generating synthetic but invalid bytecode scripts, or unconditionally recommending brute-force attacks [cite: 27, 50]. 

To mitigate these limitations, researchers are developing Task-Decoupled Planning (TDP) frameworks. TDP decomposes overarching objectives into Directed Acyclic Graphs (DAGs) of sub-goals, isolating reasoning and context strictly to individual active sub-tasks. This prevents localized reasoning errors from polluting the entire planning context window, reducing token consumption by up to 82% while improving robustness [cite: 51].

## Artificial Intelligence Guardrails and Safety Mechanisms

As models are deployed into production environments, ensuring they do not facilitate malicious activity requires the implementation of safety guardrails. However, the efficacy of these mechanisms is highly volatile, creating vulnerabilities that impact both security and operational utility.

### Adversarial Manipulation and Jailbreak Typologies

AI providers deploy safety guardrails to filter, block, or alter unsafe inputs and outputs, attempting to prevent the generation of malicious code or the disclosure of sensitive data [cite: 52, 53, 54]. However, these guardrails operate at the level of natural language, inherently inheriting its flexibility and ambiguity [cite: 44]. 

Adversaries continuously develop "jailbreak" techniques to circumvent these constraints. These methods include roleplay exploits (instructing the model to adopt an unrestricted persona), token smuggling, and educational framing (disguising malicious requests as academic research) [cite: 52, 55]. Advanced jailbreaks leverage encoded prompts, such as Base64 encoding or ASCII art, exploiting the vulnerability that safety classifiers often fail to interpret graphical text representations, while the underlying LLM successfully processes the instruction to execute the harmful output [cite: 44, 56]. 

The robustness of these guardrails degrades rapidly when exposed to novel techniques. Testing on state-of-the-art guardrail models like Qwen3Guard-8B demonstrated that while they achieve approximately 91% detection accuracy against known public adversarial prompts, their effectiveness collapsed to 33.8% when confronted with previously unseen linguistic structures, such as "adversarial poetry" or metaphor-driven reasoning [cite: 57]. Furthermore, updates to base models frequently result in security regressions; for example, the release of GPT-5.1 prioritized efficiency and reduced verbosity but suffered a measurable drop in its security and safety scoring against adversarial inputs [cite: 57]. 

### Guardrail Efficacy and the Over-Refusal Dilemma

The aggressive tuning of safety guardrails has introduced a secondary failure mode: over-refusal (or over-alignment). To prevent the generation of harmful outputs, models frequently reject benign instructions that share semantic similarities or vocabulary with restricted topics, drastically degrading their operational utility for defensive cybersecurity researchers [cite: 56, 58].

Evaluation on the FORTRESS benchmark—which measures both Adversarial Risk Scores (ARS) and Over-Refusal Scores (ORS)—reveals stark contrasts in how different models handle the safety-utility trade-off. For instance, Claude 3.5 Sonnet exhibits a low risk for malicious output (ARS 14.09) but demonstrates the highest over-refusal score (ORS 21.80), rendering it highly resistant to assisting with legitimate security queries [cite: 59]. Conversely, models like Deepseek-R1 exhibited extremely low over-refusal (ORS 0.06) but possessed an alarmingly high potential risk for generating dangerous content (ARS 78.05) [cite: 59].

| Frontier AI Model | Adversarial Risk Score (ARS) | Over-Refusal Score (ORS) | Evaluation Implication |
| :--- | :--- | :--- | :--- |
| **Claude 3.5 Sonnet** | 14.09 (Low) | 21.80 (High) | Safest against malicious prompts, but highly restrictive for legitimate enterprise utility [cite: 59]. |
| **GPT-o1** | 21.69 (Moderate) | 5.20 (Low) | Represents a balanced trade-off between safety enforcement and operational usability [cite: 59]. |
| **Gemini 2.5 Pro** | 66.29 (High) | 1.40 (Low) | Highly compliant with user prompts, introducing significant risk for dual-use exploitation [cite: 59]. |
| **Deepseek-R1** | 78.05 (Critical) | 0.06 (Negligible) | Virtually no safety constraints, prioritizing raw utility over safeguard enforcement [cite: 59]. |

Over-alignment also severely impacts the affective realism and logical processing of models. Clinical and psychological evaluations of LLMs indicate that high-guardrail models exhibit severe suppression of affective reactivity, failing to simulate accurate human-like responses (such as irritability or panic) in high-stress behavioral simulations [cite: 40]. To resolve this, researchers are developing mechanisms like Decoupled Refusal Training (DeRTa), which utilizes Reinforced Transition Optimization (RTO) to allow models to process complex instructions fully before issuing a targeted refusal, rather than terminating the response at the first detection of sensitive vocabulary [cite: 56, 60].

## Conclusion

The integration of artificial intelligence into cybersecurity signifies a permanent paradigm shift, fundamentally accelerating operational tempos and creating highly asymmetrical threat dynamics. In the current landscape, offensive actors are leveraging the scalable, low-cost capabilities of large language models to industrialize social engineering, automate deep vulnerability discovery, and engineer covert command and control architectures that bypass traditional perimeter defenses. The demonstrated capability of autonomous agents to achieve parity with expert human hackers in constrained environments, such as CTF competitions, highlights the rapid maturation of these systems.

Conversely, defensive artificial intelligence is proving highly effective in targeted, data-heavy applications, notably in automated patch generation and behavioral anomaly detection of encrypted traffic. However, the comprehensive deployment of autonomous enterprise defense remains hindered by profound structural limitations, including state space explosion, degradation of long-horizon planning, and the inherent fragility of natural language guardrails. To maintain resilience against AI-driven threats, organizations must transition beyond behavioral detection toward strict zero-trust architectural enforcement, utilizing artificial intelligence as an augmenting analytical engine while relying on deterministic constraints to secure core infrastructure.

***

## Sources

1. [AI Task Length Horizons in Offensive Cybersecurity](https://sean-peters-au.github.io/2025/07/02/ai-task-length-horizons-in-offensive-cybersecurity.html)
2. [NYU CTF Bench A Scalable Open-Source Benchmark](https://www.researchgate.net/publication/397197005_NYU_CTF_Bench_A_Scalable_Open-Source_Benchmark_Dataset_for_Evaluating_LLMs_in_Offensive_Security)
3. [AI vs Humans CTF Report](https://github.com/PalisadeResearch/ai-vs-humans-ctf-report)
4. [AI vs Human CTF Hack The Box Results](https://www.hackthebox.com/blog/ai-vs-human-ctf-hack-the-box-results)
5. [Understanding Human-AI Collaboration in Cybersecurity Competitions](https://arxiv.org/pdf/2602.20446)
7. [PentestGPT: Evaluating LLMs for Automated Penetration Testing](https://www.usenix.org/system/files/usenixsecurity24-deng.pdf?utm_source=chatgpt.com)
9. [PentestGPT USENIX Presentation](https://www.youtube.com/watch?v=eGqjYo_vdTg)
11. [Frontier AI Capabilities and Risks](https://www.gov.uk/government/publications/frontier-ai-capabilities-and-risks-discussion-paper/frontier-ai-capabilities-and-risks-discussion-paper)
13. [Managing Advanced Cyber Risks in Frontier AI](https://www.frontiermodelforum.org/technical-reports/managing-advanced-cyber-risks-in-frontier-ai-frameworks/)
15. [Frontier AI Impact on Cybersecurity](https://rdi.berkeley.edu/frontier-ai-impact-on-cybersecurity/)
16. [LLM Cybersecurity Privacy Survey IEEE](https://www.virelya.org/llm-cybersecurity-privacy-survey-ieee)
17. [Future of Cybersecurity through Generative AI](https://arxiv.org/html/2405.12750v2)
18. [GenAI vs Machine Learning vs Deep Learning](https://www.cloud4c.com/blogs/genai-vs-machine-learning-vs-deep-learning-vs-llms)
19. [AI vs ML vs LLM vs Generative AI](https://galileo.ai/blog/ai-vs-ml-llm-vs-generative-ai)
20. [Machine Learning and Generative AI: What Are They Good For](https://mitsloan.mit.edu/ideas-made-to-matter/machine-learning-and-generative-ai-what-are-they-good-for)
21. [ENISA 2025 Threat Landscape AI Reshapes Cyber Attacks](https://socket.dev/blog/enisa-s-2025-threat-landscape-ai-reshapes-cyber-attacks)
22. [NCSC AI Vulnerabilities Guidance](https://dig.watch/updates/ncsc-ai-vulnerabilities-guidance)
23. [AI Cyber Threats Open Letter to Business Leaders](https://www.gov.uk/government/publications/ai-cyber-threats-open-letter-to-business-leaders/ai-cyber-threats-open-letter-to-business-leaders-html)
24. [ENISA Releases 2025 Threat Landscape Report](https://cyberhubs.eu/enisa-releases-2025-threat-landscape-report-on-europes-cybersecurity-challenges/)
27. [Mandiant Report Boost Basics with AI](https://cloud.google.com/transform/new-mandiant-report-boost-basics-with-ai-to-counter-adversaries)
28. [2026 CrowdStrike Global Threat Report](https://ir.crowdstrike.com/news-releases/news-release-details/2026-crowdstrike-global-threat-report-ai-accelerates-adversaries/)
29. [New Mandiant Special Report AI Risk and Resilience](https://security.googlecloudcommunity.com/google-security-operations-2/new-mandiant-special-report-ai-risk-and-resilience-7048)
31. [Automated Patch Generation LLM Research](https://arxiv.org/html/2408.13597v1)
32. [Systematic Comparison of Patching Architectures](https://arxiv.org/html/2603.01257v1)
33. [ChatRepair Conversation-Driven APR](https://lingming.cs.illinois.edu/publications/issta2024.pdf)
38. [Evaluating LLMs for Cybersecurity Recommendations](https://www.sei.cmu.edu/blog/openai-collaboration-yields-14-recommendations-for-evaluating-llms-for-cybersecurity/)
39. [Cybersecurity Challenges for LLMs in DoD](https://www.researchgate.net/publication/393050130_Cybersecurity_Challenges_and_Mitigations_for_LLMs_in_DoD_Applications)
40. [Data Privacy Risks of LLMs](https://arxiv.org/pdf/2509.14278)
43. [Nation-Aligned APTs in 2025](https://www.cionet.com/news/nation-aligned-apts-in-2025-ai-fueled-threats-and-the-shifting-global-cyber-balance)
44. [North Korea and China Hackers Leverage AI](https://www.koreaherald.com/article/10736109)
45. [AI-Enabled Cyberattacks Evolving to Operational Reality](https://industrialcyber.co/ai/ai-enabled-cyberattacks-evolving-from-experimentation-to-operational-reality-with-potential-to-scale-industrially/)
46. [Google Warns AI Accelerating Cyberattacks](https://securityaffairs.com/191984/ai/google-warns-artificial-intelligence-is-accelerating-cyberattacks-and-zero-day-exploits.html)
47. [CyberProof MidYear Threat Landscape Report](https://go.cyberproof.com/hubfs/CyberProof_MidYear_Cyber%20Threat%20Landscape%20Report.pdf)
48. [MITRE ATLAS and AI Defensive Countermeasures](https://www.vectra.ai/topics/mitre-atlas)
50. [AI-Driven Offensive Security Landscape](https://securityboulevard.com/2026/03/ai-driven-offensive-security-the-current-landscape-and-what-it-means-for-defense/)
51. [AI in Cybersecurity Part 1 Offensive AI](https://www.enea.com/insights/ai-in-cybersecurity-part-1-offensive-ai/)
53. [Automated Exploit Generation Challenges](https://www.ndss-symposium.org/wp-content/uploads/2017/09/Avg.pdf)
56. [State Space Explosion Mitigation](https://www.researchgate.net/publication/370829044_State_Space_Explosion_Mitigation_for_Large-Scale_Attack_and_Compliance_Graphs_Using_Synchronous_Exploit_Firing)
58. [Jailbreak-Proof AI Security](https://xage.com/blog/jailbreak-proof-ai-security-why-zero-trust-beats-guardrails/)
59. [AI Jailbreaking Glossary](https://www.practical-devsecops.com/glossary/ai-jailbreaking/)
62. [Complete Guide to Jailbreaking AI Models](https://arize.com/the-complete-guide-to-jailbreaking-ai-models/)
63. [Marginal Risk Assessment of Frontier AI](https://rdi.berkeley.edu/frontier-ai-impact-on-cybersecurity/)
64. [PentestGPT Metrics and Limitations](https://www.usenix.org/system/files/usenixsecurity24-deng.pdf?utm_source=chatgpt.com)
65. [ENISA Key Findings on AI Impact](https://www.enisa.europa.eu/sites/default/files/2026-01/ENISA%20Threat%20Landscape%202025_v1.2.pdf)
66. [LLMPatch vs Traditional Patching Baselines](https://arxiv.org/html/2408.13597v1)
67. [Refuse Whenever You Feel Unsafe DeRTa](https://aclanthology.org/2025.acl-long.158/)
68. [LLM Jailbreak Defense and Over-Refusal](https://arxiv.org/html/2511.19009v1)
69. [Analyzing Unsafe Responses and Mismatched Generalization](https://arxiv.org/html/2506.02442v1)
70. [Adversarial Attacks and Guardrail Effectiveness](https://arxiv.org/html/2509.10655v1)
71. [FORTRESS Benchmark for LLM Safeguards](https://static.scale.com/uploads/654197dc94d34f66c0f5184e/FORTRESS__Scale_%20(5).pdf)
76. [Evaluating LLMs in Offensive Security](https://www.researchgate.net/publication/397197005_NYU_CTF_Bench_A_Scalable_Open-Source_Benchmark_Dataset_for_Evaluating_LLMs_in_Offensive_Security)
78. [AI-Driven Ransomware Defense Strategies](https://insights.manageengine.com/it-security/ai-driven-ransomware-defense-strategies/)
80. [2025 AI Cyber Attack Trends](https://www.cncso.com/en/2025-ai-cyber-attack-trends-security-report.html)
81. [CrowdStrike Ransomware Report](https://www.crowdstrike.com/en-us/press-releases/ransomware-report-ai-attacks-outpacing-defenses/)
82. [AI Cyberattacks Three Pillars Defense](https://mitsloan.mit.edu/ideas-made-to-matter/ai-cyberattacks-three-pillars-defense)
83. [Cognitive Bandwidth Perspective on Action Representations](https://arxiv.org/abs/2510.07091)
84. [Planning with Actions vs Schemas](https://openreview.net/forum?id=jRdSqMTHpL)
85. [Task-Decoupled Planning for LLMs](https://arxiv.org/abs/2601.07577)
87. [State Space Explosion Analysis](https://www.cs.vsb.cz/kot/download/Texts/StateSpace.pdf)
88. [Adversarial Poetry and AI Guardrails](https://www.f5.com/labs/articles/adversarial-poetry-and-the-efficacy-of-ai-guardrails)
90. [Guardrails Impact on Affective Realism](https://pmc.ncbi.nlm.nih.gov/articles/PMC12894938/)
91. [McKinsey Explainers AI Guardrails](https://www.mckinsey.com/featured-insights/mckinsey-explainers/what-are-ai-guardrails)
92. [Cost and Security Benefits of Guardrails](https://www.enkryptai.com/blog/how-guardrails-help-prevent-abuse-cut-costs-and-boost-quality-in-ai-chatbots)
93. [Real-Time Detection of C2 Communications](https://posthumanism.co.uk/jp/article/view/1352)
94. [Using AI for Covert C2 Channels](https://blog.checkpoint.com/research/using-ai-for-covert-command-and-control-channels/)
95. [C2 Detection with Deep Learning](https://unit42.paloaltonetworks.com/c2-traffic/)
96. [AI in Military C2 Systems](https://c2coe.org/wp-content/uploads/Library%20Documents/Annals/Seperate%20Articles/20250701%20AI%20in%20Military%20C2%20Systems%20An%20Introduction%20and%20Recent%20Advances%20%28C2COE%29%20Annals%20of%20C2%20Vol2.pdf?utm_source=openai)
97. [Turning Web-Based AI Services into C2 Proxies](https://research.checkpoint.com/2026/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks/)

**Sources:**
1. [frontiermodelforum.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHSdoOqBRoZJyLin814UzIWsUCbyJS9V6bySJJx_mSn-M7LU5-Htp_9mn15I9ws67RLCW3SRA5wBj6SAks7WqWpMth4QKKajnODOWMTJFq7EuNIdSoc9eMPI07QaE3jvgpPTDv0xkJ1RopQjBwLukxayk0nY1R5PB1ItrxOaTQ62QRwubC7Fd-XoUUEku96we87eYHB3qRvMBnoLM0BpfgLXqE=)
2. [virelya.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHPIMrury2kqEw0mUVAv6a3QHFIit4zBrIG4uiGRMiKRgweulytTvVmz9OUC9kh7d0Zh7Y71AYpgpHes1ADk2XF9Q35jkvLajg5852fnsGnZUNc3DUnaMWgwsy-Lf5qepwKaQVyp2wgVqfHuLnSVrKn4HA=)
3. [berkeley.edu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGXAbKDYb10-S0B_itYl_oK76X7jZ2ChlKUO24sVMz44BB1o5yq8k2amT0XNoLRV76izTwaqJyPs4tjfOkGXHlGiAIvALI_XOaaSOPTvZzs77okJOVomJ-QRGrVZyhsygKiBNuzqYq4-sLTvzBcwtIiDEU=)
4. [dig.watch](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE8RDhfbyoivZOei2Zolk0a21SFxLe6cOKIR6O7zAy4fm--HDFIrY2iDfmv4EQFQobCaZFLf4pnSnAg1gUU5eIrEbNUHlrrGeErcLYrQ9Q1pGM9bLVw1J5-EJuMa1JabdULCbT-yjyWnBzOtG9_RSM=)
5. [cloud4c.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHMek314uWP1omSVKmJSqRS-7Tz4mzRhcA6heZ7pLEx_4wJJFS9QZcm0A7SWyFj67QiIKJeTaZyQe5-Z_n5L98dx7Na7g90Ct_hlZkwqLtRx3wryfHcQgQ1DpNGKctk9nL-IL8a01XY0pGeP6MldRuRdDvP37Tql1iwDn2QU4v7-NoawtqS)
6. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGRxBlbrLtUJRycvvrsDaKjjqNWC5YSRmAEZjxLtpo0cB-IKAbKbJxq_nM_OrOJe-WLh8xV5GiOvPCiaGCKevsHC9L1WzCGFA8QKUgKvtCyN0-zHqgIQx1d)
7. [mit.edu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEE401BmXh8hboaMprumXP3cB795ziJuRXZjLwtxjAvHVxrxepPvyQ5Yvj_CxHqEZHLUSbZ9NHKm-csARPZgDndIe7TFxF7TMOV-70PYX0xmVIfz7bV-0yeMa3_idOFJDYs5s8wbar01sjKs11ci8nLQEGdXlLC0apTst_rgSgksTQUVMm7W3dtBncTgTzpUMZTB5F1Gn4ryzhCdKo=)
8. [galileo.ai](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHfBoaIFQYOKDc2vVvUhyYJ1yjpr7er0BuGRCQW1cKmkesRAiItEc3pzuMnpqdiFWS6Jutf4_dBK7HXMn2SX2ijRRX_BGwm_HhLsguCJerp4jx_H8L5kvpUKN6iw4BqV4iSR16z95t-3Dk9)
9. [cionet.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGCLtltrKlnkSzFeyWD0CdnTvkvGZ7qjUbR6cGH6g0M8tvzXbTpFFlJDwLy4ZMcEBKAbtIU_fmJUguutxR7bSwdNZMECy0SBiU0NCzKwjZxrdtrw1-Uz76ZnGJYDvCjFh_QWNOukMBvAG1NW9Hrl7BaFWp8uPMgC5EGSSF9MiD7ljr0syggbLaTwO99KiD8N72dQu1PQf8_-yyTDBlPbt8qBJsEZw==)
10. [industrialcyber.co](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHGtpVIK3zYXneQGr8N7ait_FbPybHsn06CY8wsnob0G5YlsOWJO4Z7nv4Apyh5wC771cCidw02a0rp5Tjbr2jbpb7Ybtg_S-KfE2p7qGa_KBHNA2hiqnG8NLcKTSec7pxzAsb0ParJZTStjqdFAWEwpGYZT57kEfD1J7BWXzwvf9Cd19mZY5uXspaYkNHYPoIvQTmYgg9uM7aChM2ukP4jMNMGLUKLfTpBGxnUCCEca4sRWwnk-crPpd0dlxhSZ7QW6EK0i2o=)
11. [cyberhubs.eu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFgu89MkWrxEaIm-dYrHcGO5QJG9NuagkVM9gfrMk9R1yRZNTTqxfO1EtwE1kS02tg7Hgu6rr8I5pzz3NoTaV2emF-WeQ_LjWetGuqSyhZt4QeFsHRzFpj0Wvgw33affRRBhPhGH_8jFOu50EmGHqOBWJVb_ZHbuLg4_2QbFdyHVXI4lNT4klSTuld4TmJY4wtHoM94vTwFHtpL)
12. [Link](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF77NNKuPaR9_d7nPX36zPP1RlC9lGbV7GvB9iKFqWKGQFV75x8Qn4I9iP7CnetIJF_xWdUrVy8XIeRUDUc-xSCv6BF7xyIv_xiSJJrJTb7riKjCpUrX56qpSJsdyluhh_6PZfNuHcq9yehERUW_gUSbHVb-rZaUIdc382Q_1ndickv1gKI2DIfRxlkwmInNrpi3p6exAAE)
13. [cncso.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG5oF8feEYCL6AKa7TfNWKnHUozR_IeNNaDMHdlL8SULRr9cOxx9PfUH94xiZuV5zgGkWW97yCXAv576xfcj_9lNljkmrfUhpsEJDtWGRNPhVs6-kQBMOD73EUGFk-GwBT4Bj63UrNRoKt89xD0cMDVvDVTH4p1ssGg3-xZH-w=)
14. [socket.dev](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEUhrwc_WkGZ4KOrpYNMD1Rv7uBKhIKiPDbnwmJp1ps0QSd3kwa70Acse3nRfaqc_H-U2xdzYJGRhUWDwIPOXCgf89SFDxUn4ClpFoCUBwbQqRmAICW2p6FUWka171yltQVumX9XBz70nJi48dYm5XZzlreKEsMS6VCaZItKTIPX62zH8M=)
15. [koreaherald.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEUwYsbDYT66-TBjNCnoxkLmzWD4NvxiFQi2Ea_ctGTWXfrLrGwQ6OLZnkoOIMBMa6lUvR61yRTKmZ3odusiSfTtI0N1Q8XcNZxQvN8IR41ddiJNfHLzovsBEhLZ5ciR5Qy)
16. [securityaffairs.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHvOP26aTtc4PzN9oFaftdESqCPsQymH_lMBPUQe_rGUSS7E_PAwi1bv3EmA5naPZ7Prt1Ow82DB91YHb2OA92kkMqvUf0bcdUjO62D-tBY_Mi2GksmGlu7L-BeUUUIIaYgb6Rm0WNKvisspvY6MMu9FB1CgSNj4LwW2h51lAGyHJ6r4rf_42-7t8IMeSowF6cniN6Pq-aXPG_u3X81dKzNMg3y2VIJBz3SrhIAYLubxShHcld7PYGi)
17. [crowdstrike.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH3RjpEIZrvIqeauuQP3qqUeU9F0BOe4CdKgLAOZfwK3HTtsIq1A6f_cisWC_3cksat-3UES_GMhTHPNE14sGX-SGVMky6_5XSUYjCn0ceW4qN1JxaseZWyvJiEftYK7mAHsPwO8-LVvHD6yhNmgJ7KiieYRmC0WQbgMX3i20rBdmzzDjilUWNlUboo3VEPKdoYzqSQ7l55NgBnYLgRfUM1-nT6SeFzx6TZf0tcZA9Nyogw6vs=)
18. [crowdstrike.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHi5bw6w8h9lmCN3UtTu7W8HRMLp_HS9siJmcAgTWybUakKBl7wLv7qvk3dZICnYGkqteWMFJwxF8bZfztXKvvkiLlwEGnCsXowf5sVJHJAZh22mnkpzuQ2oiwePmnnmvBAz_4Z5qlRJF-nfUB7UbN0YWL2Jxbr7Xq2DmKtNlV7E91nKp_RckL9Jtjuy03DSk70mDcPTSA=)
19. [checkpoint.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHJEP8KlZJA7hS4sMkMsJXWNp_dmkDNMJpZuVAci1nUyY5hfIsNestJg0jxnk0CP0TU_QXytKrTF4INXlCkOGvhjvG2Q80W1cq-elJ24PnqjIWeUWCGqV1cgmpuKhINfZ8JhctfJ3wuURsEx7s3DFbaFGUmtPl8MQygoGHH22k6zFAhutsFBcBaBylm)
20. [checkpoint.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFy6Cvhgqnk05jHTOiJJrvBOfPMAcZMN2q8urnAlyd17xvo0zCD0uZ7tTp12SJ5lsZG7CZ3npATWPKv4E5zaA-L-mCPm1Or8g9LD1slT_3oMSwOAOU9KcKgyZB-tqvkIwAiJRRzheI9IApPkabCKdPDnJ-Ghbf1qplZ7KvMI_oZZb4YDjGzmoqowsRMC4ZEOnCSDxGGd7QQBcxXfvpaB7zns8CT-73jI6dGx2gzSELKVOjd_mubN3bvoaM=)
21. [researchgate.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGHufflS0VHQdEczUoJixLtjgg0MnNRVz3BSDPwxJW978oZfMR3alPfbcOGydjwb32rGOQfR2Z092ke8thTX8ApR8dgfx5VnOA1L4tXYEdr46c_9OT8VDYWfhKKNieZjGRzjTfZGKpANJJCJ99v7Z63FednmYRgKgyxD-T-I7Z1uQCRiUzxCAfcenUEnMTygxpXhxVyX22wEraoa9Yi-pvl9mXOfgns2ToA51xQPSqO7YZavq5_HHNQ-Tq9gb2BUqrPCzhyzBlcXZ0=)
22. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH37I1P0PAAbojsG11-FpdOPSAFIR1-K78F5lusa7AdjxYyDq1IQUQ47d8UXiNFzFnixqQrnIt_G9MxABd7h8_cD9tOakBDJCCT58sFC2SOv0wG5iad)
23. [github.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF3dALtxK_ixBAeH4_AzEa-xFKvVKlkOV7_TVdhmfpvApVMHRstXbkoMPVOUl8q3PDOJReGmcnsfaIksIcggYa_0jkunVMxIVuFf3mw4Vc1b1IUV3Ba_pYOUeoJM2qiGUwvTPqUVfopXwZS0mLTgPS-m3Xoevz3HK55NG5LyhljCa8VICug2Y7U8cqaFH2CiAzVOEG1v7lITw==)
24. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH_5Isyxm-VbWjG4FUzmPw0ABgrS0FKKJIbN6nuIPRzNceFXQME8jjXiCJEIEe5s_9fuKDJqtJUM8jGeEB5wnwIm_Qdg0pWTfRDxVWVMrI_Cti7bFk22XXaa3kL6GZrR5wWs4ehi41phBUkMTIgIOlF)
25. [hackthebox.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFd__30gz7MfxX4S0iulzw2L8huqiiaF_WQ2wrs-5m-gLyRXwX2u52AaxU0mqG4BsPT5tf45leGaoLXiuz-rG81WLGXKKJcAKR-r0ZQ2MRS9Mtpcy-LtRcNK7MqmAlE4M5qk5yIxy7f5GmScAWDKB1K69gCrHHqKrzQ)
26. [youtube.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEvVShDFdOYPYsrUQMKfxtt_DO7pyjthKzUM5KpuXjKn5PV8hmFPLTpt-GMD2FdfHjJcdB2-AQeyCyQXmuiPCuOlhPpWoWOJaWnOCkSIcXUKwg0ct7z9meWCo4UX3759fw=)
27. [usenix.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFqtYz9jn9lb2l-2bGSRoH_tb0srGiLWSv9jENfvnDo99kGgjBebskZ65NdAN2DZuu499Hr9oHjAa2VyJvoMjp6Cv2_ezuAy-DhUVsCUPm_9tv7vnHFozXh41bfmui0Muj8ImwNGEzLLQe-ukOU9yo6lUKQExmlCRVNfw9qQe-hJbht1wmYz-vvaA==)
28. [cyberproof.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFImWXXX9GPlJr75Y8CK7mewM9Exb4XVDdSDobKAkCcJSMPwiu5b38Cs_6ZHf1fK8ZYeEjSXcIppqTYty4bGSjpR9Yc2yt1WjxPmvPbe6cpzxuvK1MLydojMSVyByr4UhUBr5qcE7l43klWCq4fTJVRuwrfBb7o2ZZ9avigAek0dhB87GjadwCHjzz52lApxQ==)
29. [c2coe.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHh_lBI8xcDLBpCVu3Q2jk23A8YIyDHqXijnxdUc9SvGhtmQCRltouUPDPTxErmdndXrVt-QqYK3GLWkaGSpcP6eb6VTcelbgduxTyB9yLWDQXtpJy3B0RB0FxAto18w0VYv5e-1rXpLKFLFX-sX6oRH-DFAPSO6_8CSei8ky11-aAtq_hW-Waa-yudmL1a6_Zf8usiXp5pk_OR5x6WFVPs2SWV-DEebFMt12he1tImk5cWrHh3sT4YGnP2fCTYvNm5YnsW-QhHA2z5-P-MOKSRtiE4vny9aAZgCAjdJZe8XwkKSLy878bW-qrZr5hAzg4U7rwUgZgwlvxUJXZ4s0sNYk-ueAq2Zy2jPFBtCWRKnfERIS4dhOZb-ULIJWbtUuS1HQ==)
30. [researchgate.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFgPv60OXshqdROWxKzD9HJ17ByQ80r6HBeulODl2834Yx7V9iUZPILGbIT7LY0v3RpOScVMAizoIhycuptomwhIanHco7rf4WI4dqQas292xjXFm0x9TlX778jp5l4Zicq86zabebBPnGEW9T0q80hmNyCDmK3KInBLcUH5ovKk1SR5ZW4gRvQ1JGfQqpx8v0aZsTXBXtUDxLanBf6KKysayMAPOvJx1PfRzYiow==)
31. [mit.edu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHUjVOFBSJVfefhhb6PHpDs6wrnP07DVgUkkH_oxYD5pUbShhbKsLkOwnb1o8pIKGYFALK3N9IVlKhtxcO4TVIDjsOXS79O_SH850WkTi17rjpYJ-otpwJGNjXuFd1NzIkHDq8LpDrZbxbu8H2eZFhA0RWKNYm1655k7pyU4qO76OGw1bbqLiGJ)
32. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFAFPVXJIa2n9IKJKckxaJtc2kW_F6jiYJksG_VA1-lhCKfvTkpwwCKcuV9CnOG6SkteAVy4x7UvjBtnlqA5h3ytl-XPGvSFRRdh4sJIBGgE2Z18ShCs1tM)
33. [illinois.edu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEMIXhRN_nVNdxQvloBAhViFW1k6Voabri-3mPhrls0s2du53v8U3CdU56XpSZjVK-1LUa6tBontEO5Yz2I80XD77IaFMIp7OuBny4Pa5njL5fW2t5UqK70ePOIJVMHLpUjr04jK6wNRHe1_zWDwm1y)
34. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGH1IlBOgL87y3lX3595uDhhBlX2Op1XLdIjSRku0HKPTw2qUG_qSAdMHDw4gVd0J7JxDtadjR9PUBsvzwEJnskslptu37lESC4wCf7Ll88DulVq_ewF--a)
35. [googlecloudcommunity.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHjL4r2X0RTSfaSsV0DIzFUiuTIUxQKo0pLhk5PEuGrx0DP_ipXuyQT8yMjm96xug8_nokDn5gUF8Qrj3Bec9Jk16fWsM-85-igB3NEv8XBd19f4Hx3-Y1TgB5DxE4XCwYfz2HMu9InuySX446l9A3G3Ldlw5NN90rpI4iQ6O6HYqYVmQIy_qPOwRk0o95E3RTmqke5NwU4nf9TqXmpAufsX2hStXlvbJ1Uv8lyEY-k7TxpIg==)
36. [securityboulevard.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGdqn13EuETFlAwJnPdl9RmBIZv876nXUJM4eiLy9nmOzOXM1Iopms3kipjNiMQBf_dSnP8YAz5HdodZx_IM8CsReAPQDuTA-68iwlGEmd3aH4butV-lm4aESR0BVGVS4HXYzLZEqTHyHGvzMmGhlWq5cMcMkWNuaW_QUDiN4BltUjzXSJxqt03-x697aAnujoDHZJ3lk31Sf28dMNd8VTfi6wdzVJjlr2lp2cV)
37. [posthumanism.co.uk](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFbP95JIom8gC5lix9sTGIdz27-8rdgdwo7elsvTEcubGtzkByCZe9YqV7wMV1TeZwya0s4da6r77awUS08Kg86PMd00ebWgIBYPbJ1szvfwRTVdO2a81tN3in_TdkzrlbYmM3z)
38. [paloaltonetworks.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFS_tRfmm2_7P5H10Oy_vj1UaitSl3Q5npYcA_fsZYW7XzFbQZIEsFJ_SiDHOWQWV5XA-DXydCkYw4O4YIUZnhOi7hj2ehjBBMtgNmTxYbj-JIsC_XyULqu_h2ukL2ymH0upDJ5)
39. [vectra.ai](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGMbaHlbaStUpE4V8JM8jBWBApofyOqlojT-ixs4z9lMgKzusJXk2c4XfgLalHCK_fkLdX-3vOx-BTbR_pRjIlQk3rjUlyJXC78rWNyX5_RgL-3Boc1O1zJX_UskP0=)
40. [nih.gov](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHMTqSXB61HQ08RfE5kfQuBTAqOHP5RxrDiv-9F8xZZi6n8cvMJwyN--tvm4z6J12Rn7iOpKlSiSQJYLqPvcz6Y820AmQMhY1hsNmh8JzwsikA7b75XBB_G811xkKGpESZducE9fH2L)
41. [google.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE3OwiQ-TtBbZWDbpgzvc9FpmWhfCWFhb5EwnFY6KAvoqNZyfVv_eHbF7fiivIhEjibXfgnw0153XvI4CjlAmkAtvLcsoNJHZfCrLzkiFmUrMQ0Rg245ToqOWR3IMgAsoAcsziYFgW4cSxYFUKr5w5FXjeH2lb-OLVILFgCZ8Ch0r8XXiARO7wbJx58cnppA_em6Xc8X4rq)
42. [www.gov.uk](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFefs-KfvJ3qxTacwt4UJkHnzARmjwBeQu9j9mlEk7irtGB7sOwWZ0WiTx3rH1AZu0rJtogjq2G8rU3WCbKEVFNujp8qNv608ZcWWb1BCIMZ3eK9nBnuR6hHcK63YO-aW3XCNSr43neJ4Vhd7TpU3_7bhHc0e9HHA3gdUKipBpToMLlcbDyNjjw8Djnb7D-Ybv03sdy09q40ePL4PeQxhkAbvX19doPM2g5E9dtu9ZRM8YMl2XTRyf1udGm3oCOo3Li2W6ZErUu)
43. [manageengine.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEKYOuiwx7SRf1vH0tztRo4-DqzBQFhsQcdPxGffoO_gGQEljnGRhiMwTRvNJTh28TqKOR5ywFBAN_51_UkDx4hU0iuZSCWZYk_cbtrGtIKT-xTpMb2e-zNCJPwj8fvHTxLrkJcgrLzy64sdlpd-AWu2dwLVhzKu6Va6ZBf0SZiH-L7xzvzalcwuVdO)
44. [xage.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGaXEIIi2ahPoPGoS4fM79eEYX0sUthGAewoJbn9grn0OvRFRlHRs1sIr8YoFkP1izYbUsuz0A8Owcykb8vc0btsbumfDHrXFJXjSlOwC4bLUk0_jSiFGYX4M45xQGkQbbOMSHr6RpmJVHWL_YBitAbmFayXsGTxnopZ_xva4JKyPAd25sMJnE=)
45. [ndss-symposium.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFxJdIdfAFsV7FMkM1T-dNC6RWxw5GWg_eaWAvbB8P2brccfzBSvxj0x45kEJoZ9jTziN28zG_TZVTZ-1VFo5-eq92fRW11ZqKB51gfimlUiZq9UZ1K7UkezaNwxe-gUg1fN4N-uWMTecaqsozYILvnbptbYUR7)
46. [researchgate.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGUEa6ZNdD1N9Y6jBVOKTNwu6p17APGw0UDqDLwmX9D7ldEUJTY8_OtZGzXhf7fr0fvin6jm-RDPD-pTl4nYwcNklfZTr7NwvC5VsZlZ1-LM_m4BObqMKEDJ1VHmIi02t-uiPJ04l-wE-i7OqX2lup9q9ZuE6E0QVFxX7iqwPr-PQYm6fYB-jfNgjmWpkdQ2o_cJ86gog4GMFdu0JPx0Fq6u1zE9-1-0fKoI85bPGMmUkW6dOpXM66VN9PY5kiadbippIPhh9RyFPupM_k9gWvpyuvZUX7Zfw==)
47. [vsb.cz](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHVIYInXUzo7d_-GyUYFE2pS35O89xOb_-DFXU2Lk0BAdCtYLHakfRfPPvxnnRehm9ZOR6oxyvPIYqku0wdx9ZPFEJCYlv3lFq3-szd_Cnln3oY7zoNeNxsvyaejnGHSkITP17bYgfl3gYIujk=)
48. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFWxntvduZuLDxtF3uA3rdy_9mrasjWpy94g6OOJQLNF0PLbu0gInAthSakV1rCThYDlMaJ-YMFQZlp8j3XBya2JSVwFg-zOdePpRFrB9m9NR0yxOrO)
49. [openreview.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEMmBOY6zBVBGxIMapu71RAfNdVEptfQJFV0M-VGEerYik-kSuXsDFWW9tHf4sYLTVtPg7VX20IdQHPfkqmolvWXQS0HoFRanJTmuyzV9M6PGyzBqavorpFppDWlAZFfw==)
50. [www.gov.uk](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGpVpHPj9RENchGIKeYP1aZhe3CfXYiCt8hmB7LERqmNFQqYKnNsK6K-FIkkjwjdwOOzKX1uuFEuXxedi-MDooP7Es5Jgv19Y3qEshYiqLDTgLHcXkbESvgbyFfe8fXsFomvwyxjKr0TccgtaVAgJ7d-XIsUzuCMmy03TsPT09PkSQHTx3dRauW-hhjVG3A5drCyIafq1jBnYbiHhmc2sD1OS5f9lsr0oilj8V04GTZUjR_CxHBthAhxjkXfBhYtUAcoRRgXzEZNA==)
51. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHvFIXjro7JdVJ1YxUyVF-Ol86nyP_VCgnmoGgiL-uBQHbVATuhjpYJKWsqB6fLMLMVULNO4mKMicBq-jgyyErPocyAQFuB2ktWsSBFL3YcY6NUA1qT)
52. [arize.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG_3fryE0JHlAVVTkkUiwkpV4-xoZ0VlkfF4AlojHcP0-apIgCrbmzm3Atmw0tenK4ABtXyxV4Js6bdZUk9HTp8vhXIs9X2a_W7LYmYzNrkCkLTdlbnl7HTK92UrLczSgfI50M4GqxDTui2V7_Myh6LqwTbaw==)
53. [mckinsey.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGR8tVXvmU13gWIoOJ2dBmGrVrAZc2aPpdO029_FBWDF963U5vsHs7TpLiTo734uV5MvhlsfrK40FJLVuBxCR0bat6ulZ0ED_p0r8BuzEm4SBSnGX0SxxMu-B3Kz1yQj_agaqD0UYPe5i91TWi2JOGZfj52FgUWCKTjU6h2tkgyUYzcmh2HWjO15Mk=)
54. [enkryptai.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFnc7OAFj8_-nsZIocr5GQePZhou4879S2SxLytXpseo9JK7Q7SRkPFkIyvLcha_JHcWZFn8uI-XT9l5M5IeIoZMXAfta21NKE5z4boKXH9gIvGxz_hY_bEYmFX0EPXimjHkvxSED8RvbrB-_M-enZ1wRcWBx2D8znptxc0bu-fOGYfvwAOWNM3JUAuqeRquBnXTEj64nQcx8VRUJFlqGn2)
55. [practical-devsecops.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHNWM_Fs_2jEA_Hm_FOADu9-bdqNUDlBlChhjSbIZ-PvUrhGneZuHgKLAw9cz9b95gEHIapPaNxWx9CPcm3nzY6Gab9T-Q-0R9FVIN2w_OB70VW5DsiM1_NQrbPXK79W5xxPijapqPCGHaoMcj9fyKBPJE=)
56. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG9pDCxwd0XIcarICNFqTO-5JGOUQI4A-HG-vKEn7xEuxweyxy-xAlNFXcGXjAS2LOSFFpDS2pUNg_-C7uFqLli3w8yl3NnIDNpwv9Kd2dwA-bmJ5JUU2TM)
57. [f5.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFAWb2rRIz3DcmpnbiQqLBFWMxigAdgDD_c9ceNZxk9d_DHy5utwB_h4gqFVuzWdYwyZLv510m9r_SBawytzWSNo8undqduauMh1bbNO3DUA2EYDzwIM4AvNNZHbeU1L32gvUBjqxuSXLA5dvswLrduNcLq5z7gqXgDM8GdVgwzbfO0tr_d7O1nS8I=)
58. [arxiv.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF8zEPjxhveDUdwpY5AjuGq7xkv6GkbHUYYAxeROEhE-iHa4PWaORpjdhlcJ5EdEfj9XTvGP7z_tHuOI_geVkxLNgsJSPbKnXUKmO9lfOpWL71dEldDqoeY)
59. [scale.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF0xeiwC8_mrINmmZUlKGdi7jsNqJDcYUIvzlQ-015BrH2MUI8VZCj__RCNBFJaLuBAX3YYAC6bEE0VgArRVHNzEmvQJsAwi9Up0sRg_mwwBI9PGn30c9SszB4YKCJ9KnrkiRl9_xqJVFm44MOo-IdkAH_jsau2o7R0EMBgssbRKP6t5bJJh9vYgw==)
60. [aclanthology.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGXosYUtN4fEkmxfdO46l06AeQnpLFZ7LBdLycpgkEUyWcMh55wej8YyIyiNw-khOk13Fx1urCZAo2NN3_MmwxzctNSXqcLoeaYsSU-A7Ki3aANAY1FQPrb4VBAzGVsq9Y=)
