The ROC: why it’s time to build a risk operations center  

COMMENTARY: The Anthropic breach, dubbed the GTG-1002 attack, marked a defining moment for cybersecurity.

In mid-September 2025, a Chinese state-sponsored group used AI agents to execute approximately 80% to 90% of an intrusion lifecycle without human intervention, targeting roughly 30 global entities across technology, finance, and government sectors.

The human operator's role was reduced to “strategic supervisor,” defining objectives while the AI handled reconnaissance, exploitation and lateral movement autonomously.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

For governments and their contractors, this shift has deep operational repercussions. Traditional defenses, rooted in manual workflows and static controls, cannot keep up with autonomous adversaries that learn and evolve in real-time. 

Today, governments and vendors must urgently rethink how they counter AI‑orchestrated cyber espionage.

The math is unforgiving: In the GTG-1002 campaign, AI agents executed thousands of requests-per-second, compressing the kill chain from days or weeks to minutes. Meanwhile, the mean-time-to- respond (MTTR) for a traditional security operations center (SOC) still hovers in the range of hours or days. Defenders are fighting a war of the past, responding to artifacts of an attack that has already succeeded.

Cyber operations must evolve into using an AI‑enabled risk operations center (ROC), a model built for cyber resilience against autonomous, AI‑orchestrated cyber espionage. Traditional SOCs are failing for three reasons: signal-to-noise collapse, where AI-orchestrated attacks using legitimate tools generate telemetry indistinguishable from normal operations; contextual blindness, in which analysts see IP addresses and CVE IDs, but not “the payment gateway for EMEA” or “the R&D database” for the flagship product; and reaction latency, where human response times cannot match machine-speed execution.

A ROC addresses all three by fusing mission data, contextual risk intelligence, and AI-driven prioritization to focus on the exposures that matter most before they are exploited.

By integrating continuous validation, automated exposure management and AI driven approaches, a ROC lets governments and vendors  manage risks as a living, adaptive process. This approach mirrors the intelligence workflows adversaries now employ for defense rather than attack.

In an era defined by AI‑orchestrated espionage, governments and vendors that embrace the ROC model will set a new standard for managing cyber risk, one that’s continuously validated, context‑aware and resilient by design against advanced AI‑driven adversaries.

Deploy a ROC as an espionage countermeasure

CISOs across government and industry should adopt three essential mandates for managing cyber risk:

How do we build a security program that’s not just aware of this playbook, but designed to dismantle it?

Start with the economics. For attackers, the primary costs are now fixed: training or acquiring AI models, building command-and-control (C2) infrastructure and developing jailbreak prompts to bypass safety guardrails. Once paid, the variable cost of each attack is negligible, just cloud compute.

Defenders, by contrast, face linear cost scaling: every endpoint requires a license, every log gigabyte incurs ingestion costs, and every alert demands analyst time. This asymmetry is unsustainable. The ROC changes the equation by eliminating exposures before they generate alerts. Remediating a misconfigured system represents a one-time fixed cost that eliminates an infinite stream of potential future attacks.

The AI arms race has accelerated, and we must act now. As attacks like GTG 1002 increase, we will see governments and their vendors designate AI-enabled platforms as critical infrastructure. Regulatory momentum has already built-up.

CISA's Binding Operational Directive (BOD) 25-01 mandates automated assessment of cloud security baselines, effectively requiring federal agencies to adopt continuous exposure management. The National Institute of Standards and Technology’s (NIST) upcoming SP 800-53 Revision 6 introduces a “Cyber AI Profile” with controls specifically for “thwarting AI-enabled cyberattacks” and managing AI agent systems.

Think of the ROC as the operational vehicle for compliance with this emerging regulatory landscape.

Beyond the technical battlefield, AI-orchestrated espionage creates cascading risks. These risks include weakened deterrence as AI agents blur the line of human involvement, making retaliation thresholds harder to justify, accelerated IP theft that turns national competitiveness into a cyber risk issue, and democratic trust erosion, as AI enables disinformation and attacks on elections and critical infrastructure.

Keep in mind GTG-1002 used a commercially-available model, jailbroken to bypass safety guardrails. The attackers did not build a proprietary AI brain. They weaponized an existing coding assistant. As these techniques proliferate, advanced espionage capabilities will no longer remain the exclusive province of state actors. Cybercriminal syndicates and hacktivists will soon operate with state-level sophistication.

Ultimately, AI will continue to redefine the cyber battlefield. So can  governments and vendors can use it effectively for defense as attackers now do for offense?

Those who master that balance will set the pace for the next generation of AI-powered cyber risk management.

Saeed Abbasi, senior manager for security research, Qualys Threat Research Unit 

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.