Masters of the Puppets: AI Agent Armies and the Next Cyber War
Back to all posts

Masters of the Puppets: AI Agent Armies and the Next Cyber War

5 min read
#security #ai #agentic-ai #cybersecurity #cyber range

Introduction

Cybersecurity is heading toward a strange shift: humans will no longer fight each other directly. Instead, they will command armies of AIs on both sides, setting goals while autonomous agents operate at machine speed.

For most of the internet era, hacking was human-driven. Someone ran scans, found a flaw, wrote an exploit, and worked through a target step by step. Now both offense and defense are being rebuilt around agentic AI systems that can discover, adapt, and act without waiting for a human between steps.

The whole thing starts to look like a tower-defense game where both attackers and defenders control learning, adaptive systems.

From Hackers to Swarms

Traditional cyberattacks were limited by human time and attention. AI changes that. Attackers can deploy swarms of agents that:

  • Continuously scan assets and map infrastructure for weak spots
  • Chain small bugs, misconfigurations, and social engineering into full compromise
  • Rewrite payloads to avoid new detection rules
  • Run thousands of quiet probes instead of one loud campaign

What once took weeks can now happen in minutes. When a defender blocks one path, the swarm immediately tries others.

At the same time, the business side of cybercrime is evolving to support this. As described in Cybercrime‑as‑a‑Service: AI Tools on the Dark Web, dark‑web marketplaces now sell “plug‑and‑play” AI toolkits—jailbroken models like WormGPT, FraudGPT, or WolfGPT, autonomous phishing platforms, and AI‑driven ransomware kits—that let even low‑skill actors launch large‑scale, adaptive attacks. Instead of a handful of skilled operators writing everything from scratch, you get an ecosystem where anyone can rent an AI swarm.

Defenders are responding with their own agent systems. Emerging autonomous SOC models use AI agents to correlate alerts, investigate incidents, and sometimes contain threats automatically. Analysts spend less time staring at dashboards and more time reviewing the genuinely unusual cases.

Your Network as a Tower-Defense Game

A tower-defense analogy helps.

In those games, waves of enemies follow paths toward something valuable. You place towers to detect and stop them, deciding what to upgrade as threats evolve.

In cybersecurity:

  • Path: your network, cloud, SaaS apps, and identity systems
  • Enemies: threat groups, exploits, botnets, and probing AI agents
  • Towers: firewalls, EDR, email filters, WAFs, MFA, anomaly detection
  • Currency: budget, compute, AI tokens, and analyst time

In classic games, enemies follow predictable patterns. In the AI era, the attackers adapt. Offensive AI can probe defenses to find blind spots, shift paths through new infrastructure or identities, and generate behaviors that do not match known signatures.

Now imagine AI on the defensive side as well—agents that adjust detections, shuffle controls, or deploy new protections as attacks unfold. And just like game designers run endless simulations to balance waves and towers, security teams are starting to simulate AI-driven attacks and defenses in sandboxes and cyber ranges to see how their systems behave before touching production.

Projects like CyberGym point in this direction. CyberGym provides a large-scale evaluation framework where AI agents can be tested on real-world vulnerability analysis tasks, including proof-of-concept generation and verification in a controlled environment. Instead of guessing how your “AI towers” or agents might behave, you can watch them work against realistic targets, measure their performance, and iterate safely.

Masters of the Puppets: Two AI Armies

At the top of both sides sit human operators.

On the attacker’s side, a human defines the strategy:

  • Which sectors to target
  • Whether to prioritize stealth, speed, or impact
  • Whether the goal is data theft, disruption, or extortion

AI agents execute the details: testing vulnerabilities, adjusting payloads, and adapting when defenses block a path.

Defenders also set goals and guardrails:

  • Which systems and data are the “crown jewels”
  • What actions AI can take automatically
  • When human approval is required before disruption

Defensive agents monitor telemetry, correlate weak signals, and act within those rules. Analysts shift from handling individual alerts to orchestrating how their AI systems operate—and increasingly, they can rehearse those strategies in simulations before trusting them live.

When the Game Fights Back

Letting AI act instead of only advise introduces risk.

  • Over-aggressive defense: a system could isolate critical infrastructure or revoke access by mistake
  • Adversarial manipulation: attackers may try to poison or confuse defensive models
  • Governance gaps: multi-agent decisions can be hard to explain without strong audit trails

Most guidance stresses guardrails: clear scope, least-privilege access, careful use of simulation environments, and humans involved in high-impact actions.

Whose Puppets Dance Better?

If used well, defensive AI has real advantages.

AI systems can watch far more signals than any human team, spotting subtle anomalies across thousands of systems in seconds. Attackers may be agile, but defenders still control the terrain—and AI helps them use that advantage at scale.

Organizations that succeed will not just buy an AI tool. They will design, simulate, and manage AI systems that understand their environment and risks.

Soon the key security question may no longer be “Who is on your blue team?” but whose AI agents perform better when the next wave of attacks arrives.

Additional Resources and Further Reading

  1. AI vs AI: The Cybersecurity Arms Race – CrowdStrike
  2. The AI Arms Race: Generative and Agentic AI in Cybersecurity – Celent
  3. The AI Arms Race (Offense vs Defense) – HackerNoon
  4. The AI Arms Race in Cybersecurity: When Criminals Weaponize AI – Simbian
  5. Offensive AI vs. Defensive AI: Who will have the upper hand in 2026? – Devolutions
  6. What is an Autonomous SOC? – Torq
  7. Agentic AI and the Cyber Arms Race – OSTI (research perspective)
  8. Agentifying the SOC: How Agentic AI Can Power Autonomous CTI Operations – Cyware
  9. The Agentic SOC: Humans, Agents, and the Future of Defense – Google Cloud Community
  10. AI and the 2026 Threat Landscape – Everbridge
  11. CyberGym