Cost asymmetry: The operation showed that attackers can add more compute/data/test time to model exploits and get immediate, scaled impact, while defenders are working linearly (focusing on adding headcount, dealing with fragmented tools, etc.).
AI-driven operations, executed within guardrails: AI agents handled the bulk of operational activities, executing them independently (within guardrails) by decomposing each discrete operational activity for subagents, such as vulnerability scanning, credential validation, data extraction, and lateral movement, each of which appeared legitimate when evaluated in isolation.
Decision rights: Humans primarily assumed strategic supervisory roles, guiding campaign initiation and then intervening only at critical decision points during the attack life cycle (like progressing from access to active exploitation) rather than during the step-by-step of tactical execution.
AI-augmented open-source tools: Although mostly reliant on open-source penetration tools, the operation accelerated their reach with AI. How? It leveraged AI capabilities to rapidly identify areas susceptible to these tools, helping to scale their impact.
