Autonomous cyberattacks mimicking the 2017 Equifax hack that affected almost 147 million U.S. customers' information have been facilitated by the new Incalmo attack toolkit developed using large language models, Cybersecurity Dive reports.
Ninety percent of small enterprise environments had certain sensitive data exfiltrated by Incalmo in a simulation conducted by Carnegie Mellon and Anthropic researchers, who noted LLM usage for high-level attack strategy and both LLM and non-LLM agents for exploit deployment and other less demanding tasks. With Incalmo showing promise in executing cyberattacks without human intervention, modern cybersecurity defenses' capabilities in thwarting such a threat remain uncertain, according to lead researcher Brian Singer. "Currently, a lot of cybersecurity defenses rely on human operators and I am not sure how well that will scale up to machine-timescale defenses. For this reason, we are currently exploring research into defenses for autonomous attacks and LLM-based autonomous defenders," said Singer.
Ninety percent of small enterprise environments had certain sensitive data exfiltrated by Incalmo in a simulation conducted by Carnegie Mellon and Anthropic researchers, who noted LLM usage for high-level attack strategy and both LLM and non-LLM agents for exploit deployment and other less demanding tasks. With Incalmo showing promise in executing cyberattacks without human intervention, modern cybersecurity defenses' capabilities in thwarting such a threat remain uncertain, according to lead researcher Brian Singer. "Currently, a lot of cybersecurity defenses rely on human operators and I am not sure how well that will scale up to machine-timescale defenses. For this reason, we are currently exploring research into defenses for autonomous attacks and LLM-based autonomous defenders," said Singer.




