Autonomous Cyberattacks Have Arrived, Defense Executives Say

The emergence of autonomous cyberattacks marks a watershed moment for both attackers and defenders. Frontier AI models, capable of scanning codebases and exploiting zero‑day vulnerabilities without human input, compress attack timelines from months to minutes. This capability erodes traditional perimeter defenses and forces organizations to adopt continuous, AI‑augmented monitoring and rapid response playbooks. As the RSA Conference highlighted, the next 30 to 60 days could see a surge of fully automated exploits targeting both commercial software and government supply chains, raising the stakes for every sector that relies on legacy systems.

Compounding the threat is a glaring compliance gap. Government certification frameworks such as FedRAMP and the Cybersecurity Maturity Model Certification (CMMC) were designed for slower, human‑driven development cycles. Today, startups can shrink a six‑month engineering effort into two weeks, yet still spend a year navigating bureaucratic approvals. Vendors are responding with platforms that automate evidence collection, policy mapping, and continuous assessment, effectively bridging the speed mismatch. These tools not only accelerate time‑to‑market for defense contractors but also embed security controls earlier in the software lifecycle, a critical shift for maintaining resilience against autonomous threats.

The market response reflects the strategic importance of this challenge. With $6 trillion projected in global defense spending, venture capital is flooding into AI‑enabled cyber‑defense startups, while traditional defense firms scramble to integrate these capabilities. Analysts argue the United States must pivot from costly, precision‑focused cyber weapons to high‑volume, distributed operations that can overwhelm adversary networks, especially in contested environments like China’s Belt and Road infrastructure. This strategic recalibration, combined with accelerated compliance automation, will define the next era of cyber warfare and the business models that support it.