Agentic AI cyberweapons are rapidly becoming the tool of choice for state-sponsored attackers targeting U.S. critical infrastructure. By autonomously conducting reconnaissance, modifying system settings, and adapting to new environments, these tools exponentially accelerate the pace of cyber combat. If urgent action is not taken to equip infrastructure operators with strong AI defenses, malign actors will remain free to exploit vulnerabilities in U.S. infrastructure to prey on U.S. citizens, intercept sensitive intelligence, and disrupt vital national functions.

Download

Abstract

Agentic AI cyberweapons are rapidly becoming the tool of choice for state-sponsored attackers targeting U.S. critical infrastructure. Able to autonomously conduct reconnaissance, modify system settings, and adapt to new environments, these tools exponentially accelerate offense and defense in cyberspace. If urgent action is not taken to equip infrastructure operators with defensive AI arsenals, malign actors will remain free to exploit vulnerabilities in U.S. infrastructure to prey on citizens, intercept sensitive intelligence, and disrupt vital national functions.

With cloud computing broadening America’s attack surface and AI shortening cyberattack lifecycles, U.S. critical infrastructure is increasingly vulnerable to cyber threats. Like federal agencies, private sector infrastructure operators sustain the vital systems underpinning U.S. national security and prosperity. Unlike the public sector, however, these operators are falling far behind in the AI race, creating unprecedented cyber risk for the entire cloud-connected ecosystem. Cloud of War examines the role of AI agents in infrastructure defense, finding that cybersecurity defenders are well-positioned to prevail—so long as they act quickly.

Introduction

For decades, the global information superhighway was a high-volume firehose of low-value ones and zeroes. With interpersonal communications comprising 90% of global data flows, encryption protected only the most sensitive military, diplomatic, and financial information. Early hackers spent decades chasing needles in the digital haystack, but even state-sponsored cyber criminals needed to physically enter buildings to access U.S. critical infrastructure.

Not anymore.

As organizations shift more and more operations to the cloud, global data systems don’t just carry individual communications; they transmit, and increasingly conduct, the core functions of firms and governments. As America’s defense, energy, financial, and healthcare sectors rapidly adopt cloud-based data processing, storage, and system management, vital operations are becoming siloed into programming black boxes, moving out of sight of everyday employees and into a digital underlayer where their vulnerabilities are only visible from cyberspace.

With so many vital national functions now conducted entirely in the digital realm, both the breadth of America’s attack surface and the potential impact of a single penetration have intensified. With sophisticated cyber tactics, techniques, and procedures available to anyone with a computer, keys to the nation’s power grids, military command systems, and financial markets are bought and sold on dark web marketplaces that are now too entrenched to eliminate. Adversary nations and other advanced persistent threats (APTs) maintain thousands of cyber experts working around the clock to purchase these keys and design new methods of penetrating U.S. systems.

And just as the U.S. is catching up, artificial intelligence is changing the game again.

AI-powered cyberattack agents enable a wide range of cyber criminals to execute sophisticated, automated, and personalized attacks on U.S. infrastructure at scale. When leveraged against America’s outdated and dangerously vulnerable operational technology systems, these agents are a boon for America’s adversaries and competitors. Downloads of free, open-source offensive AI toolkits increased nearly 50 percent over just the last six months, with total downloads exceeding 21 million—rapidly catching up to monthly shares of traditional malware online.

Even worse, with agentic AI algorithms behind the wheel, even the attackers themselves may not know how their own kill switches work or how to stop them.

Preventing persistent cyber threat actors from wreaking havoc on the U.S. homeland requires superior AI-powered defenses spanning America’s entire infrastructure ecosystem. The good news: cyberspace is one of the few battlefields where, with the right tools and strategies, infrastructure defenders can gain and sustain the upper hand—so long as they act now. This report analyzes the scale of the potential AI cyber threat to U.S. critical infrastructure and provides federal-level recommendations to adapt, evolve, and defend against U.S. adversaries in the digital domain.

Critical Infrastructure in Cloud Cyberspace

Cloud networks’ supermassive economies of scale allow even small, rural infrastructure operators to access large volumes of data and computing power at competitive prices. However, each account, software, and service in a shared network creates additional potential entry points that a persistent threat actor can compromise. With artificial intelligence accelerating the pace of cyber offense and defense, weak links in critical infrastructure systems have become exceptionally valuable targets.

Cloud of War: Increasing America’s Attack Surface

Critical infrastructure provides the functions that are so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on American security, economy, or public health and safety.³

For the private sector organizations that build and operate this infrastructure, defending it from attack once meant installing fences, walls, locks, and guards around a physical perimeter. As operations gradually moved online, this perimeter mindset led to the development of firewalls, VPNs, and other digital moats aimed at deterring initial cyber penetrations.

Enter cloud computing. While cloud products and services made infrastructure operators more connected, efficient, and streamlined than before, each new addition increased the endpoints and perimeter devices connected to sensitive networks. Today, U.S. critical infrastructure data and operations are split across on-premises servers, public cloud platforms, and third-party supplier ecosystems. This decentralization has drastically expanded not only the number of potential entry points for cyber intrusions but also the potential repercussions of each penetration as individual vulnerabilities cascade across cloud-connected supply chains.⁴

Initial Access Vectors and Social Engineering

Around 90% of all cyberattack attempts are for financial gain.⁵ Unlike most cyber criminals, however, state-sponsored attackers are motivated by espionage 74% of the time—and in 26% of cases, they aim to penetrate and commandeer infrastructure.⁶

To access these systems, hackers utilize three entry methods at roughly similar rates: acquiring or brute-forcing user credentials, exploiting perimeter vulnerabilities, and mass-proliferating phishing emails or other low-skilled spam. Over half of enterprise security breaches involve human error, from accountants downloading suspicious files to administrators misconfiguring network permissions.⁷ Manipulating users into granting access to systems or data is called “social engineering,” and employees who improperly grant access are termed “insider threats.” Weekly cyberattacks on U.S. infrastructure have increased 56% year-over-year, with utilities operators facing 234% more cyberattacks in 2024 than in 2025.⁸

Zero-Day Vulnerabilities

In the past, nearly all security breaches exploited employee cell phones and browsers. Today, improvements in threat detection and mitigation by user platform providers mean a majority of successful hackers now exploit perimeter systems like firewalls and routers.¹² This trend poses a novel and alarming threat to U.S. critical infrastructure, as security and networking vulnerabilities allow attackers to compromise and disrupt vital back-end operations in addition to front-end user interfaces and data systems.

Once inside, state-sponsored hackers and other malign actors exploit “zero-day vulnerabilities”—previously unknown flaws in network architectures—to lock up data and operations for ransom, overwhelm a network with requests until it fails, or lurk within and laterally move across connected systems for as long as possible.¹³ Zero-day vulnerabilities are sold on digital marketplaces for upwards of $20 million,¹⁴ including to firms and governments who purchase these gaps in order to patch them.¹⁵

Cloud Sprawl and The Rise of Supply Chain Attacks

Critical infrastructure operators must deploy a wide range of internal and external cybersecurity experts, software, and protocols to defend vital systems. When best practices are implemented, cyberspace is one of the few battlegrounds where defenders can gain a structural advantage over attackers.¹⁶ However, if leveraged improperly, these efforts can create a perimeter paradox: the more security layers added to a system, the more potential entry points an attacker can exploit to enter that system.

For critical infrastructure organizations, the perimeter security paradox—combined with the need for duplicative data systems in the case of primary system disruption—can easily lead to “cloud sprawl”: a high-risk environment where defenders lose visibility of their assets across multiple data systems. These risks are magnified on a system-wide level when third-party cloud-hosted services and infrastructure providers host tens or hundreds of organizations on the same network; according to Verizon, nearly 30% of breaches in 2024 originated in external cloud networks, a sharp rise from 15% just one year prior and 8% in 2022.¹⁷

AI Cyber Offense: A Revolution with No Rollback

As cloud computing exponentially expands potential entry points to U.S. critical systems, artificial intelligence makes it easier than ever to deploy identity attacks on the front end and sophisticated zero-days on the back end. Since 2022, AI-assisted cyber infiltrations have increased 220% year-over-year, with cloud intrusions surging 136% from 2024 to 2025 alone.¹⁸ ASP research finds that public interest in these tools is rapidly catching up to that of conventionally written and shared malware.

The Explosion of Generative AI Attacks

Generative AI can create highly convincing phishing and other social engineering campaigns in over 35 languages. Despite the average cost of insider threats exceeding $17.4 million per organization in 2025,¹⁹ 80% of Americans claim to be “very confident” in their ability to protect their personal information.²⁰ This false sense of security creates risk even within a centralized, secure perimeter; in a post-cloud environment, thousands of critical infrastructure systems are now only as safe as their weakest link.

Of all the actors leveraging artificial intelligence for cyber offense, the People’s Republic of China (PRC) is by far the most prolific and sophisticated. Chinese state-sponsored hacking groups such as APT41 and APT31 use large language models like DeepSeek to quickly craft convincing emails, texts, and phone calls, impersonating figures ranging from high-profile leaders like U.S. Secretary of State Marco Rubio and Representative John Moolenaar to low-level employees at small utility companies.²¹ These malign actors then use AI-accelerated networking and 5G infrastructure to simultaneously blast AI-assisted scams to millions of user devices at unprecedented energy and compute efficiency.

The Impending Threat: Agentic AI Agents

However, what comes next is even more dangerous. Agentic AI algorithms autonomously modify system settings, conduct system reconnaissance, and invent new defense evasion activities without the permission—or even the oversight—of the attacker. “AI penetration toolkits” are sold on dark web marketplaces and shared on online software repositories like the Python Package Index, often with step-by-step instructions on how to install and run them. While deploying AI malware requires far more computing power and energy than conventional malware, cloud-hosted compute services like AWS Lambdas allow attackers to anonymously run these toolkits without provisioning servers,²² further reducing the resources and skills needed for sophisticated cyberattacks.²³

While AI-assisted malware agents are often legally sold as tools to help organizations defend against novel cyber intrusions,²⁴ they are estimated to have driven 80% of ransomware attacks in 2024.²⁵ One tool, Villager—which uses Chinese AI model DeepSeek to translate simple user requests into attack sequences that are then automatically executed²⁶—has been downloaded more than 17,000 times since its release in July 2025. In August, Anthropic reported that a cybercriminal had used an agentic AI cyberweapon to target at least 17 organizations in healthcare, emergency services, and other critical infrastructure sectors.²⁷

New Findings: AI Agents Are Rapidly Dominating Cyber Operations

ASP research finds that agentic cyber penetration agents are steadily rising in both popularity and use by cyber criminals. An API query of open-source Python repository PyPI finds that total downloads of AI-assisted offensive cyber software exceeded 21.4 million from March to September 2025.²⁸ These toolkits are often legitimately used by cybersecurity experts to probe for novel vulnerabilities and stress-test software they are tasked with defending. However, a rising number of packages—several hundred as of September 22nd—openly advertise that they can be executed against systems not owned by the downloader to cause real-world harms. These AI malware executables have been downloaded more than 12 million times in the past six months.

These findings are in stark contrast to the overall decline in traditional malware sharing. According to AV Atlas, a threat intelligence firm that monitors malware shared online, monthly shares of written malware declined from 11 million in March to 6.5 million in August 2025. In contrast, monthly downloads of open-source AI-assisted offensive cyber suites rose from 2.6 million to 3.9 million, a 49.3% increase in just six months. Consequently, the ratio of offensive AI cyber agents to written malware files shared online increased from 3:12 to 4:7 million, suggesting that downloads of offensive AI cyber agents may be supplementing or even partially replacing traditional malware sharing mechanisms.

While preliminary, these findings are startling—particularly considering this analysis did not include agents from other open-source repositories like GitHub or private malware-sharing communities on apps like Discord, Telegram, or Signal. According to industry insiders, these platforms produce an estimated 60% of all offensive AI cyber agents. As a result, these findings are a highly conservative estimate of the rising popularity of AI malware agents compared to traditional malware shared online, with autonomous malware executables likely exceeding 20 million or more downloads over the past six months.

The Imperative for U.S. Infrastructure AI Cyber Defense

As generative AI models like DeepSeek are integrated into offensive agentic tools that conduct attacks at inhuman speed, equally or more capable AI defenses must be rapidly integrated into U.S. critical infrastructure systems. Continuous threat monitoring is no longer a recommendation for critical infrastructure operators; it’s a national security imperative.

Improving Defensive Capabilities at Scale

Cybersecurity defenders have long been at the mercy of attackers in cloud-connected cyberspace. While agentic AI tools can be leveraged by attackers and defenders equally, critical infrastructure operators have a singular advantage over their assailants: vastly superior energy and computing power, which can support far more sophisticated and comprehensive threat monitoring. Given the supermassive economies of scale of America’s power grids, data centers, and other infrastructure networks, AI-powered cyber defense suites are more cost-effective than traditional monitoring and incident response—and several magnitudes faster. IBM research finds that AI-assisted cyber defenses reduce data breach lifecycles by 80 days on average and save organizations approximately $1.9 million per breach in data loss mitigation, operational downtime, regulatory fines, and other costs.²⁹

Unfortunately, sector-wide limitations have slowed critical infrastructure operators’ adoption of these tools, posing enormous risks to U.S. national security in the AI era. Some of these limits are structural; for example, operational technology systems, which control equipment spanning from hospitals and power grids to train switches and oil pipelines, often contain proprietary code that is unable to be modernized without taking critical systems offline.³⁴ One software suite with several persistent and unpatched vulnerabilities, ICONICS SCADA, is embedded in over 70% of Global 500 companies.³⁵ Other limitations are regulatory. Federal oversight investigations have found that overlapping regulations and conflicting parameters in infrastructure sector cybersecurity requirements greatly increase the time and labor spent in compliance and approval processes, reduce available resources for cyber defense operations, and deter operators from initiating complex but necessary software improvements.³⁶

Empowering Human Agents

The speed and unpredictability of AI attack agentsare rapidly reducing the ability of infrastructure operators to rely on human oversight alone. As these agents improve in scale and sophistication, human expertise and response capacity in cyberspace must be supplemented with continuous AI monitoring both at the perimeter and within the internal networks of critical infrastructure systems.

While some analysts posit that this shift will lead to human cyber experts being “replaced by AI,” leading research suggests the opposite: amidst a shortfall of over 660,000 cybersecurity experts in the United States,³⁷ continuous threat monitoring and other AI tools are making difficult careers in cybersecurity more feasible and lucrative.³⁸ In addition to empowering more individuals to meet high labor market demand, new job postings are rising for specialists who can train and fine-tune defensive AI systems to adapt to offensive AI threats.³⁹ This labor specialization will open additional cybersecurity positions at more advanced levels while strengthening the nation’s overall capacity to remediate rising vulnerabilities in critical infrastructure.

Accelerating Vulnerability Mitigation

The rapid adoption of AI in cyberspace by both attackers and defenders has significantly accelerated the pace of cyber conflict, making continuous monitoring and layered defense a necessity even for operators with strong but conventional cybersecurity capacities. As continuous threat monitoring agents more rapidly expose and eject lurkers from sensitive systems, the average “dwell time” between an attacker entering a system and being detected by a defender has reduced from 16 days in 2023 to just 10 in 2024.⁴⁰ Improved detection has accelerated the pace at which cyber criminals must exploit novel vulnerabilities after discovery; penetration-to-attack timelines condensed from 32 days in 2022 to just five days in 2025.⁴¹

Today, cyber offenders exploit gaps faster than human defenders can write code to patch them. As a result, successful exploitation of zero-day vulnerabilities increased 34% over the last year.⁴² However, this figure fails to tell the whole story. With open-source cyber defense toolkits like NVIDIA’s NeMo Agent exposing vulnerabilities more efficiently than most offensive agents,⁴³ organizations can easily detect and disrupt the majority of penetrations—provided they are aware of the threat and available solutions. Federal mechanisms like the Cybersecurity and Infrastructure Security Agency’s Stakeholder Engagement Division and National Risk Management Center are critical for furthering infrastructure operator awareness and adoption of these tools.

Ameliorating Open Source and AI-Assisted Software Risks

According to Alexei Bulazel, top cyber official at the National Security Council, “the technology that’s deployed in critical infrastructure contexts…is not the best-in-class software or hardware.”⁴⁴ However, while critical infrastructure operational software is often vulnerable and in need of replacement, between 70 to 90 percent of modern solutions rely on open-source code⁴⁵—and as of 2025, up to 50 percent of this code is estimated to be AI-generated.⁴⁶

Broad adoption of AI-generated code by third-party suppliers and internal employees poses new risks to critical infrastructure security in a post-cloud computing era. According to Stack Overflow, while 81 percent of surveyed developers “use or plan to use” generative AI to write code, only 32 percent trust AI outputs.⁴⁷ This mistrust is justified; analysis by auditor BaxBench finds that half of all working code generated by leading AI models contains critical security vulnerabilities.⁴⁸

Regardless, AI-generated code continues to proliferate across the open-source landscape. Just as speed and convenience wins for software developers, agentic AI defensive tools are the fastest and most convenient way to scan software for embedded vulnerabilities, mitigate security risks, and maintain comprehensive inventories of connected devices and networks. When combined with System of Trust and NIST Cybersecurity Framework standards, these tools dramatically improve network security—the most advanced agentic agents align with cybersecurity expert decision-making 98% of the time.⁴⁹ During the coding process, AI agents can also be combined with generative AI models to reduce hallucinations by over 2700%.⁵⁰ However, careful consideration must be given to ensure that these powerful tools are not hijacked by adversaries; overly broad security permissions combined with limited human oversight can result in catastrophic, system-wide consequences if an agent becomes misaligned.

Policy Recommendations

As organizations shift more and more operations to the cloud, global data systems don’t just carry individual communications; they transmit, and increasingly conduct, the core functions of firms and governments. Urgent action is needed for policymakers and infrastructure operators to catch up to the AI era and protect U.S. critical systems from espionage and destruction.

Congress must urgently reauthorize the Cybersecurity Information Sharing Act (CISA 2015), which expired in September.⁵⁴

In 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act, which tasked the Cybersecurity & Information Security Agency (CISA) with designing new regulations to faciliate information sharing between critical infrastructure operators and the federal government.⁵⁵ However, these regulations will not go into effect until at least May 2026. In the meantime, CISA 2015 provided critical information-sharing networks that protected operators from state-sponsored attacks and offered liability protections that empowered the private sector to share vital cybersecurity information with the federal government.

Appropriate additional funding and establish a permanent, dedicated funding stream for CISA.⁵⁶

America’s infrastructure operators rely on CISA to modernize their information and operations systems and defend against cyberattacks. Particularly useful is CISA’s Joint Cyber Defense Collaborative (JCDC), whose budget was recently cut by $10 million.⁵⁷ Rep. Eric Swalwell aims to codify JCDC into law,⁵⁸ but each of CISA’s other vital programs must be individually restored and funded by Congress.

Treat U.S. Cloud Infrastructure as Critical Infrastructure.

In addition to supplying the foundation for global AI leadership, cloud networks provide the backbone of global trade, communication, and military cooperation between the U.S. and its allies. The U.S. currently entrusts oversight and defense of these networks to the private sector, creating national security risks as these networks are connected to America’s most sensitive government and military operations. To begin reducing the hundreds of millions of cyberattacks on cloud networks daily, the United States must treat cloud infrastructure as critical infrastructure and afford it the same oversight and protection mechanisms as America’s energy, healthcare, and transportation networks.

Incentivize software-as-a-service solutions for infrastructure systems’ stored data—but prioritize secure, self-hosted solutions for critical operations.

Network segmentation and defense-in-depth approaches prevent penetrations of a cloud environment from spreading to systems responsible for vital functions. Attackers seeking data for either profit or espionage should not be able to accidentally stumble into parts of the network that allow for the disruption and even destruction of these operations. Non-critical, third-party services should be limited at all costs, including automatic add-ons to contracted services.

Endnotes

[1] “The Battle Against AI-driven Identity Fraud,” Signicat, August 2024, https://www.signicat.com/the-battle-against-ai-driven-identity-fraud; “Report shows 1265% increase in phishing emails since ChatGPT launched,” Security Magazine, October 30, 2023, https://www.securitymagazine.com/articles/100067-report-shows-1265-increase-in-phishing-emails-since-chatgpt-launched.
[2] “2024 CrowdStrike Global Threat Report,” CrowdStrike, February 21, 2024, https://ir.crowdstrike.com/news-releases/news-release-details/2024-crowdstrike-global-threat-report-breakout-breach-under/.
[3] “National Critical Functions Set,” Cybersecurity & Infrastructure Security Agency, Accessed on September 21, 2025, https://www.cisa.gov/national-critical-functions-set.
[4] Jimmy Duszynski, “Cyber security Vulnerabilities and Remediation Through Cloud Security Tools,” Journal of Artificial Intelligence General Science 2(1), 129–171, https://doi.org/10.60087/jaigs.v2i1.102.
[5] “2025 Data Breach Investigations Report,” Verizon Business, April 2025, https://www.verizon.com/business/resources/T163/reports/2025-dbir-data-breach-investigations-report.pdf.
[6] Ibid.
[7] Ibid.
[8] “A Closer Look at Q3 2024: 75% Surge in Cyber Attacks Worldwide,” Check Point, October 18, 204, https://blog.checkpoint.com/research/a-closer-look-at-q3-2024-75-surge-in-cyber-attacks-worldwide/.
[9] “Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization,” Cybersecurity & Infrastructure Security Agency, Feburary 15, 2024, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a.
[10] “US Treasury says Chinese hackers stole documents in ‘major incident’,” Euractiv.com with Reuters, December 21, 2024, https://www.euractiv.com/news/us-treasury-says-chinese-hackers-stole-documents-in-major-incident/.
[11] “Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns,” U.S. Department of Justice, March 5, 2025, https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global.
[12] Casey Charrier et al., “Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis,” Google Threat Intelligence Group, April 29, 2025, https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends
[13] Eduard Kovacs, “China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days,” SecurityWeek, March 12, 2025, https://www.securityweek.com/chinas-volt-typhoon-hackers-dwelled-in-us-electric-grid-for-300-days/
[14] Lorenzo Franceschi-Bicchierai, “New zero-day startup offers $20 million for tools that can hack any smartphone,” TechCrunch, August 20, 2025, https://techcrunch.com/2025/08/20/new-zero-day-startup-offers-20-million-for-tools-that-can-hack-any-smartphone/
[15] “Exploit Acquisition Program,” Crowdfense, Accessed Sepember 20, 2025, https://www.crowdfense.com/exploit-acquisition-program/.
[16] Irshaad Jada and Thembekile Mayayise, “The impact of artificial intelligence on organisational cyber security: An outcome of a systematic literature review,” Data and Information Management 8, no. 2 (June 2024), https://www.sciencedirect.com/science/article/pii/S2543925123000372.
[17] “2025 Data Breach Investigations,” Verizon.
[18] “2025 Threat Hunting Report,” CrowdStrike, August 19, 2025, https://go.crowdstrike.com/2025-threat-hunting-report.html.
[19] “Cost of Insider Risks Global Report 2025,” Ponemon DTEX, May 2025, https://ponemon.dtexsystems.com/.
[20] Colleen McClaim et al., “Views of data privacy risks, personal data and digital privacy laws,” Pew Research Center, October 18, 2023, https://www.pewresearch.org/internet/2023/10/18/views-of-data-privacy-risks-personal-data-and-digital-privacy-laws/.
[21] Ionut Arghire, “Details Emerge on Chinese Hacking Operation Impersonating US Lawmaker,” SecurityWeek, September 17, 2025, https://www.securityweek.com/details-emerge-on-chinese-hacking-operation-impersonating-us-lawmaker/.
[22] CodeStax.Ai, “How Hackers Are Turning AWS Lambda into Stealthy Command & Control Server,” Medium, July 28, 2025, https://codestax.medium.com/how-hackers-are-turning-aws-lambda-into-stealthy-command-control-server-5d7a0ae534a9.
[23] Lior Rochberger, “Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication,” Palo Alto Networks, July 14, 2025, https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/.
[24] Python Package Index, Accessed September 23, 2025, https://pypi.org/.
[25] Michael Siegel et al., “Rethinking the Cybersecurity Arms Race: When 80% of Ransomware Attacks are AI-Driven,” Cybersecurity at MIT Sloan, Working Paper Series CAMS25.1114 (April 2025), https://cams.mit.edu/wp-content/uploads/Safe-CAMS-MIT-Article-Final-4-7-2025-Working-Paper.pdf.
[26] Alessandro Mascellino, “Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads,” InfoSecurity Magazine, September 16, 2025, https://www.infosecurity-magazine.com/news/chinese-ai-villager-pen-testing/.
[27] “Detecting and countering misuse of AI: August 2025,” Anthropic, August 27, 2025, https://www.anthropic.com/news/detecting-countering-misuse-aug-2025.
[28] For partial dataset and calculations, click this link (will open Microsoft Excel file). For additional details on methodology and findings, contact ASP at press@americansecurityproject.org.
[29] “Cost of a Data Breach Report 2025,” IBM Security, August 2025, https://www.ibm.com/reports/data-breach.
[30] Sean Lyngaas and Kristen Holmes, “Chinese hackers targeted Trump and Vance’s phone data,” CNN, October 25, 2024, https://www.cnn.com/2024/10/25/politics/chinese-hackers-targeted-trump-and-vances-phone-data
[31] David Dimolfetta, “Hundreds of organizations were notified of potential Salt Typhoon compromise,” NextGov, December 23, 2024, https://www.nextgov.com/cybersecurity/2024/12/hundreds-organizations-were-notified-potential-salt-typhoon-compromise/401843/?oref=ng-homepage-river.
[32] “Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise,” U.S. Department of the Treasury, January 17, 2025, https://home.treasury.gov/news/press-releases/jy2792.
14ai.AmericanSecurityProject.org
[33] Matt Kapko, “AT&T, Verizon say they evicted Salt Typhoon from their networks,” Cybersecurity Dive, January 7, 2025, https://www.cybersecuritydive.com/news/att-verizon-salt-typhoon/736680/.
[34] “Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization,” CISA, November 21, 2024, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a.
[35] Derek B. Johnson, “Multiple vulnerabilities found in ICONICS industrial SCADA software,” CyberScoop, March 10, 2025, https://cyberscoop.com/iconics-scada-vulnerabilities-2025-palo-alto/.
[36] David B. Hinchman, “CYBERSECURITY: Efforts Initiated to Harmonize Regulations, but Significant Work Remains,” U.S. Government Accountability Office, June 5, 2024, https://www.gao.gov/assets/gao-24-107602.pdf; “House Homeland, Oversight Republicans Urge OMB to Cut Burdensome, Duplicative Cyber Regulations,” Homeland Security Republicans, April 8, 2025, https://
homeland.house.gov/2025/04/08/house-homeland-oversight-republicans-urge-omb-to-cut-burdensome-duplicative-cyber-regulations/; “2024 Report on the Cybersecurity Posture of the United States,” Office of the National Cyber Director, May 2024, https://web.archive.org/web/20240829125901/https://www.whitehouse.gov/wp-content/uploads/2024/05/2024-Report-on-the-Cybersecurity-Posture-of-the-United-States.pdf, page 19.
[37] “2024 ISC2 Cybersecurity Workforce Study,” ISC2, October 31, 2024, https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study.
[38] Abdul Azeem Mohammed, Md Rakibuzzaman, and Md Ashraful Alam, “The Future of Work in Financial and Cybersecurity Domains: Analyst Perspectives,” Journal of Computer Science and Technology Studies, July 20, 2025, https://al-kindipublishers.org/index.php/jcsts/article/view/10366/9084
[39] George Seffers, “Is the Cyber Workforce Shortage a Myth?” The Cyber Edge, May 1, 2025, https://www.afcea.org/signal-media/cyber-edge/cyber-workforce-shortage-myth.
[40] “Mandiant M-Trends 2024 Special Report,” Google Cloud Security, April 2024, https://services.google.com/fh/files/misc/m-trends-2024.pdf.
[41] Ibid.
[42] “2025 Data Breach Investigations,” Verizon.
[43] “NeMo Agent Toolkit,” NVIDIA, Accessed October 1, 2025, https://developer.nvidia.com/nemo-agent-toolkit.
[44] Tim Starks, “Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says,” CyberScoop, September 9, 2025, https://cyberscoop.com/alexei-bulazel-critical-infrastructure-security-tech-needs-to-be-as-good-as-our-smartphones/.
[45] Jason Perlow, “A Summary of Census II: Open Source Software Application Libraries the World Depends On,” Linux Foundation, March 7, 2022, https://www.linuxfoundation.org/blog/blog/a-summary-of-census-ii-open-source-software-application-libraries-the-world-depends-on.
[46] Ian Scheffler, “GitHub CEO says Copilot will write 80% of code “sooner than later”,” Freethink, June 17, 2023, https://www.freethink.com/robots-ai/github-copilot; Satish Chandra and Maxim Tabachnyk, “AI in software engineering at Google: Progress and the path ahead,” Google Research, June 6, 2024, https://research.google/blog/ai-in-software-engineering-at-google-progress-and-the-path-ahead/; Scott Guthrie, “Transcript: Morgan Stanley TMT Conference,” Microsoft, March 7, 2023, https://www.microsoft.com/en-us/Investor/events/FY-2023/Morgan-Stanley-TMT-Conference; “2025 Artifact Management Report,” Cloudsmith, https://cloudsmith.com/campaigns/2025-artifact-management-report.
[47] “2025 Developer Survey: AI,” StackOverflow, July 29, 2025, https://survey.stackoverflow.co/2025/ai
[48] Max Vero et al., “BaxBench: Can LLMs Generate Secure and Correct Backends?” Baxbench, Accessed September 20, 2025, https://baxbench.com/
[49] Elia Zaitsev, “CrowdStrike Leads Agentic AI Innovation in Cybersecurity with Charlotte AI Detection Triage,” Crowdstrike, February 13, 2025, https://www.crowdstrike.com/en-us/blog/agentic-ai-innovation-in-cybersecurity-charlotte-ai-detection-triage/
[50] Diego Gosmar and Deborah Dahl, “Hallucination Mitigation using Agentic AI Natural Language-Based Frameworks,” arXivLabs, January 19, 2025, https://arxiv.org/abs/2501.13946.
[51] “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure,” CISA, February 7, 2024, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a.
[52] Dustin Volz, “In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks,” Wall Street Journal, April 10, 2025, https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb.
[53] U.S. House of Representatives Committee on Homeland Security, “Green, Garbarino, Brecheen Letter to Department of Homeland Security Secretary Kristi Noem,” 119th Congress, March 17, 2025, https://homeland.house.gov/wp-content/uploads/2025/03/2025-03-17-Green-Garbarino-Brecheen-to-Noem-DHS-re-Volt-and-Salt-Typhoon.pdf.
[54] Tim Starks, “Here’s what could happen if CISA 2015 expires next month,” Cyberscoop, August 18, 2025, https://cyberscoop.com/cisa-2015-expiration-industry-warning-threat-information-sharing/.
[55] “Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA),” CISA, Accessed September 23, 2025, https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia.
[56] Salt Typhoon: Securing America’s Telecommunications from State-Sponsored Cyber Attacks, Before the Military and Foreign Affairs Subcommittee of the House Oversight Committee, 119th Congress, April 2, 2025, https://oversight.house.gov/hearing/salt-typhoon-securing-americas-telecommunications-from-state-sponsored-cyber-attacks/.
[57] Clayton Romans, “Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration,” CISA, July 15, 2025, https://www.cisa.gov/news-events/news/securing-core-cloud-identity-infrastructure-addressing-advanced-threats-through-public-private.
[58] Tom Leithauser, “Bill to Revamp CISA’s Cyber Collaborative Clears Committee,” Wolters Kluwer VitalLaw, September 25, 2024, https://www.vitallaw.com/news/bill-to-revamp-cisa-s-cyber-collaborative-clears-committee/cspd01139b4f3b914a401fba3d0e77713df3f4.

Share on Facebook

Tweet