Cybersecurity, AI amplifies an attack but does not drive it. Human-centricity remains decisive

We are still a long way from a sentient AI; before that time, this technology still has much to learn: first of all, it must be trained not to be fooled by digital criminals who can trick it into operating largely automated attacks such as those that occurred and were documented by Antrophic. Caution is called for in order not to hastily define AI agents as 'autonomous weapons', however, it is necessary to update the level of risk associated with these tools in relation to their greater capacity to inflict targeted, scalable and repeatable damage without requiring additional skills from the user. As cybersecurity and intelligence expert Pierluigi Paganini explains.

Despite the high level of automation of the sophisticated attack reported by Antrophic (80(90) per cent), 'it was a low-complexity and highly repetitive activity', Paganini clarifies, 'the Claude Code AI took care of the tactical phases, while the strategic part related to attack design, initialisation, target setting and escalation supervision, data exfiltration, security system deception, was human'. We speak of extended capabilities: 'AI has amplified the work of an experienced attacker, increasing the speed and volume of tactical operations'. On the risk front, on the other hand, the level of assessment must be updated. "If today AI automates technical manoeuvring, tomorrow it could extend support to increasingly complex decisions". The current phase is still hybrid. "AI has lowered the technical threshold (of attackers ed.), speeded up and made attacks scalable, but the 'quality' and effectiveness remain dependent on human capability, the centrality of which is still undisputed for significant campaigns and the variability of geopolitical, reputational and economic targets according to reports from the last six months".

The expert clarifies the need for 'some caution in defining attacks conducted with AI agents as 'autonomous weapons'. Although these systems can automate most technical tasks, generate scripts, execute exploits, or collect data,' he adds, 'they do not possess decision-making autonomy, do not choose targets, do not define strategies, and do not understand the geopolitical context. These are prerogatives of human analysis, judgement and experience. 'AI does not develop its own intentions, but executes schemes and instructions designed by people. This is why AI today represents a powerful amplifier of human capabilities, not a true autonomous weapon'. The distorted perception is based on the distinction between sentient intelligence and advanced automation obtained by training.

'Training an AI agent requires resources, expertise along with research, development, testing, infrastructure, economic resources and clear human intentionality,' explains the expert. All these peculiarities are linked to a huge preparation effort: 'In the case of AI, in order to create truly offensive systems, in addition to the above-mentioned, complex design, continuous supervision and a strategy set up by experts are required. Automating parts of a cyber attack relies on 'complex statistical models that reproduce patterns on the basis of the data they are trained on, without intentionality'. To arrive at offensive actions, 'very extensive and accurate datasets (code, technical procedures, logs of previous attacks, knowledge of configurations, exploit patterns and entire operational flows) are needed to be cleaned and labelled. This requires months of work by specialists with very advanced skills. AI does not understand on its own, what is useful, malicious or exploitable'. The subsequent training phase is expensive. "It 'requires high-end GPU or TPU infrastructure, dedicated clusters, machine learning engineers'. Validation of the model is also expensive: 'it goes through controlled testing, Reinforcement Learning from Human Feedback (RLHF) and testing to tell the model which patterns to follow and which to avoid'. The generated model executes what it learns, but 'does not have a strategic vision of the attack, nor does it understand context, consequences or targets. It is still the criminals who define the target, assess the attack surface, design the operational chain, coordinate phases and priorities', concludes the expert. Proof that, as always, technology alone is not enough to define a weapon.