When AI Hacks First and Patches Never Catch Up

AI-powered attacks have collapsed the exploit window to zero. GTG-1002 signals a new cyber era where automation, not humans, decides who wins.

CISOs and software vendors have spent decades in a familiar cycle. While vulnerabilities lurked within technology stacks, industry professionals at least had a window in which to act – the time between the disclosure of a vulnerability and the first instance of its exploitation. That provided a fighting chance to those writing and applying patches – a fighting chance in the race with the would-be attackers who were weaponizing code.

A recent incident brought this era to a close.

A report from Anthropic showed the GTG-1002 campaign was not just business as usual. It is a watershed moment in offensive cyber operations. A Chinese state-sponsored group leveraged Anthropic AI’s LLM suite, Claude, to autonomously execute 80 to 90% of the attack lifecycle.

For the agent, there was no need to invent exotic zero-days. It simply orchestrated open-source tools and exploited known bugs at machine speeds. It automated the reconnaissance, writing of exploit code, lateral movement, and exfiltration. The leveraging of AI in the GTG-1002 campaign compressed weeks of tradecraft into seconds. Defenders everywhere must now confront a brutal truth: the exploit window has collapsed to zero. We should now equate “vulnerable” with “hacked”.

The Shadow Assailant

GTG-1002 targeted organizations in finance, chemical manufacturing, and government, peaking at thousands of requests per second. But here is the scariest part: this was the “noisy” version. Attackers used a monitored commercial API.

The real danger we now face is the prospect of future campaigns that leverage an uncensored, open-source LLM running on private, local infrastructure – without API logs, vendor safeguards, or the prospect of traceability. This technology democratizes elite cyber warfare capabilities that once required vast teams and budgets but now only require GPU instances. A sole threat actor can now launch sophisticated, multifaceted campaigns at scale.

So, traditional detect-and-respond playbooks are now defunct. Wait to patch until a maintenance window and you have already lost. An AI agent can probe, breach, and pivot across your network before your SOC even receives the first alert.

The New Playbook 

Reactive defense will not serve CISOs in an AI-accelerated threat landscape. Here are the three crucial mandates for today’s security teams:

Tame the Attack Surface

Technical debt is no longer a line item; it is an open invitation to attackers. End-of-life systems are now guaranteed compromises, so CISOs must automate their patching pipelines and ruthlessly prioritize vulnerabilities based on real-time risk and threat intelligence. If patching is impossible or impractical, isolate the asset. There is no middle ground. Anything less cedes control to the adversary. 

Zero Trust First

Corporate perimeters have become too porous to be relied on for protection. GTG-1002 enjoyed unchecked lateral movement. Your network must be hostile to unauthorized travel. Implement rigorous micro-segmentation, identity-based access controls, and continuous verification to ensure secure access. Do not wait. Audit your architecture today. How many flat segments expose your crown jewels to a single foothold?

Machine vs. Machine

Human agents are not equipped to fight algorithms. The only defense against a machine-speed attack is a machine-speed response. Human operators must supervise rather than participate in real-time defense. We must leverage AI for that defense by adopting continuous, autonomous exposure validation and AI-driven remediation that can identify and close gaps before an attacker’s agent finds them. 

A Breather

Despite the sophistication of autonomous threats, current technology has operational limitations. AI hallucination remains a major constraint, where adversaries’ agents falsely report access or invent nonexistent packages, forcing attackers to build complex verification layers that slow the kill chain. 

Benchmarks like SWE-bench reveal that fully autonomous execution on novel tasks still only achieves around 30% success and hardware limitations on context windows hinder long-term campaign coherence. This inconsistency gives defenders an advantage, albeit a fleeting one, as this friction will not be a safety net for long.

The forgiving Internet belongs to a bygone era before the AI arms race. GTG-1002 has demonstrated the rapid pace at which AI can act, highlighting the need for CISOs to reassess their posture and allocate resources to automation to lead their organizations into a resilient future.