For much of the past two decades, cybersecurity has been built on a simple assumption: malicious activity can be detected, analysed, and responded to before meaningful damage occurs. This assumption shaped everything from SOC design and alerting pipelines to incident response playbooks and regulatory frameworks. It was never perfect, but it functioned tolerably well when attacks were human-paced, manually orchestrated, and constrained by time, effort, and cost.
Recent interest in agent-based Breach and Attack Simulation and LLM-driven pentesting frameworks reflects a broader shift toward automated attack discovery and chaining, a shift that has implications far beyond testing environments. What was once confined to controlled exercises and scripted simulations is increasingly representative of how real attacks are developed, refined, and executed in practice.
The emergence of automated attack discovery, attack chaining, and agent-based offensive tooling fundamentally alters the balance between attackers and defenders. Once reconnaissance, technique selection, and lateral movement can be performed continuously and autonomously, the defender is no longer reacting to discrete incidents. They are reacting to a process that operates at machine speed, learns from failure, and improves with repetition. At that point, defence models that rely on observing behaviour after execution begin to fail not because they are poorly implemented, but because they are structurally mispositioned.
This failure mode is already visible in operational reality. Even before the widespread use of autonomous agents, defenders struggled to detect and respond within timelines that meaningfully constrained attackers. Public breach investigations repeatedly show dwell times measured in weeks or months, with discovery often triggered by third parties rather than internal controls. This is not an indictment of SOC teams. It reflects the fact that detection and response are inherently human-limited processes operating downstream of execution.
Automation on the attacker side does not merely increase volume. It collapses cost asymmetry. An attacker invests once to automate discovery and chaining, then reuses that capability indefinitely. The defender, by contrast, pays continuously in the form of alerts, telemetry processing, analyst time, and cognitive load. Each additional signal increases complexity, not clarity. As attack automation scales, the defender’s marginal cost rises faster than their ability to respond.
Living-off-the-land attacks provide a particularly clear illustration of this dynamic. When attackers rely on native tools and legitimate workflows, detection systems are forced to infer intent rather than observe clearly malicious behaviour. This already produces high false positive rates and alert fatigue. When such probing is automated, agents can systematically evaluate which actions generate alerts, adapt to thresholds, and blend into expected operational patterns. Detection does not simply become harder. It becomes economically unsustainable.
In many large environments, SOC teams already face thousands of alerts per day, with only a small fraction investigated in depth. Under automated probing, even a modest increase in low-confidence signals can force organisations to either raise thresholds and accept more undetected activity or expand analyst capacity at a cost that quickly outstrips the attacker’s one-time investment in automation.
Supply chain compromises demonstrate the same problem from a different angle. In many widely analysed incidents, defensive systems did exactly what they were designed to do. Alerts fired, telemetry was captured, and investigations followed. The issue was timing. Once malicious code was executed through trusted mechanisms, defenders were already operating in recovery mode. Automation only accelerates the attacker’s ability to discover and exploit such trusted execution paths, while defenders remain bound to post-execution visibility.
The existence and growth of Breach and Attack Simulation itself is revealing. Organisations deploy BAS because they do not trust static assurance or assumed coverage. They use it to ask whether attacks would be seen, not whether they would be possible. Continuous BAS reflects an implicit recognition that detection degrades over time as environments drift and complexity grows. Agent-based BAS simply increases the rate at which this degradation is exposed.
Large language models introduce a further shift. Historically, defenders relied on human reasoning as a counterbalance to attacker automation. LLMs erode that advantage. They can reason over telemetry, generate variants, and select next actions faster than analysts can triage alerts. Once both sides operate at machine pace, any defence model that requires human interpretation after execution becomes a bottleneck.
LLMs can, of course, also accelerate defensive triage and investigation, but as long as critical decisions still hinge on human approval of post-execution signals, defender workflows remain constrained by human time in a way that automated attack discovery is not.
What follows is increasingly visible inside organisations themselves. Alert thresholds are raised to keep systems usable. Scope is narrowed to reduce noise. Certain behaviours are quietly accepted because investigating them at scale is operationally impossible. Success is redefined from prevention to containment, not as a strategic preference but as a necessity imposed by architectural limits. These adaptations are not failures of people or process. They are predictable responses to systems that can no longer absorb the volume and velocity of post-execution signals.
This is why the current debate around agent-based BAS and autonomous offensive tooling matters. These systems do not introduce a new category of risk so much as they expose an existing one. They demonstrate that once attack discovery and chaining are automated, defenders are forced to operate permanently downstream of execution, reacting to outcomes rather than shaping conditions. In that context, improvements in analytics and correlation offer diminishing returns, because the decisive moment has already passed.
Whether defenders respond by doubling down on detection or by rethinking where control belongs in the system is now a strategic choice rather than a technical one. The former path assumes that visibility and response can continue to scale indefinitely. The latter accepts that resilience depends on architectural decisions made before code is allowed to run at all. As automation accelerates on the offensive side, the consequences of that choice will become increasingly difficult to ignore. In practical terms, this includes deterministic execution controls that enforce fixed, pre-validated behaviours at the operating system layer, alongside strict allowlisting, system-call -level policy enforcement, and hardware-backed code signing, all of which constrain what can run rather than inferring intent from post-execution telemetry.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
