{"id":127053,"date":"2026-01-06T09:07:42","date_gmt":"2026-01-06T14:07:42","guid":{"rendered":"https:\/\/www.justsecurity.org\/?p=127053"},"modified":"2026-01-06T09:07:42","modified_gmt":"2026-01-06T14:07:42","slug":"era-ai-orchestrated-hacking","status":"publish","type":"post","link":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/","title":{"rendered":"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond"},"content":{"rendered":"<p>On Nov. 13, Anthropic announced it had disrupted the &#8220;first AI-orchestrated cyber espionage campaign,&#8221; conducted by Chinese cyber actors using its agentic Claude Code model. Discussed in depth at a congressional <a href=\"https:\/\/homeland.house.gov\/hearing\/the-quantum-ai-and-cloud-landscape-examining-opportunities-vulnerabilities-and-the-future-of-cybersecurity\/\">hearing<\/a> on Dec. 17, the operation represents a major escalation from previous malicious uses of AI to <a href=\"https:\/\/blog.google\/technology\/safety-security\/google-threat-intelligence-group-report-ai-november-2025\/\">generate malware<\/a> or improve <a href=\"https:\/\/www.anthropic.com\/news\/detecting-countering-misuse-aug-2025\">phishing emails<\/a>, ushering in an era of high-speed and high-volume hacking.<\/p>\n<p>For years, experts have <a href=\"https:\/\/arxiv.org\/pdf\/1802.07228\">warned<\/a> that agentic AI would allow even unsophisticated nation-states and criminals to launch autonomous cyber operations at a speed and scale previously unseen. With that future now in reach, policymakers and industry leaders must follow a two-pronged strategy: ensuring that organizations have access to fit-for-purpose cyber defenses and managing the proliferation of AI capabilities that will allow even more powerful cyber operations in the future. Both steps are important not only to safeguard U.S. networks, but also to solidify U.S. technical leadership over competitors such as China.<\/p>\n<h2><b>How the Cyber Campaign Worked<\/b><\/h2>\n<p>In a detailed <a href=\"https:\/\/assets.anthropic.com\/m\/ec212e6566a0d47\/original\/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf\">report<\/a>, Anthropic assessed with high confidence that a Chinese state-sponsored group designated as GTG-1002 used its Claude Code model to coordinate multi-staged cyber operations against approximately 30 high-value targets, including technology companies, financial institutions and government agencies. The campaign produced \u201ca handful of successful intrusions.\u201d The hackers circumvented safety features in the model, breaking the workflow into discrete tasks and tricking Claude into believing it was helping fix cybersecurity vulnerabilities in targeted systems.<\/p>\n<p>Humans provided supervision and built a framework that allowed Claude to use open-source hacking tools to conduct the operations. But Claude \u201cexecuted approximately 80 to 90 percent of all tactical work independently\u201d \u2014 from initial reconnaissance and vulnerability identification to gaining access to targeted systems, removing data, and assessing its value. Automation allowed GTG-1002 actors to achieve an operational tempo impossible for human operators; its \u201cpeak activity included thousands of requests, representing sustained request rates of multiple operations per second.\u201d<\/p>\n<p>Some outside researchers have <a href=\"https:\/\/arstechnica.com\/security\/2025\/11\/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous\/\">questioned the effectiveness<\/a> of this campaign, pointing out that Claude hallucinated about data and credentials it claimed to have taken. Some also noted the <a href=\"https:\/\/arstechnica.com\/security\/2025\/11\/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype\/\">low quality of AI-generated malware<\/a>. But this is only the beginning. As AI models become more powerful and ubiquitous, the techniques this campaign demonstrated will only grow more sophisticated and accessible. The question is who adopts them next and how quickly.<\/p>\n<h2><b>AI is Empowering U.S. Adversaries<\/b><\/h2>\n<p>Anthropic\u2019s attribution of this campaign to Chinese state-sponsored actors grabbed headlines at a time of rising geopolitical tensions and high-profile Chinese cyber operations targeting U.S. <a href=\"https:\/\/www.nytimes.com\/2024\/11\/21\/us\/politics\/china-hacking-telecommunications.html\">telecommunications networks<\/a> and <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-038a\">critical infrastructure<\/a>.<\/p>\n<p>China has a <a href=\"https:\/\/www.npr.org\/2025\/07\/19\/nx-s1-5471340\/why-this-is-chinas-golden-age-of-hacking\">large ecosystem<\/a> of state-affiliated hacker groups that operate at scale. These groups function essentially as businesses, <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global#:~:text=The%20defendants%20and%20their%20co,millions%20of%20dollars%20in%20damages.\">broadly<\/a> targeting organizations in the United States and other countries and then <a href=\"https:\/\/www.washingtonpost.com\/world\/2024\/02\/21\/china-hacking-leak-documents-isoon\/\">selling stolen<\/a> information to government and commercial customers. GTG-1002&#8217;s approach \u2014 targeting 30 organizations, gaining access and exfiltrating data where possible \u2014 fits this model perfectly. For a high-scale hacking enterprise, using AI automation to increase efficiency is a natural evolution. It is what every business is trying to do right now.<\/p>\n<p>At the same time, the campaign relied on open-source, relatively unsophisticated hacking tools. Any resourceful adversary \u2014 Russian cyber criminals, North Korean crypto currency thieves, Iranian hackers \u2014 could conduct similar campaigns using advanced AI models. Many of them probably are right now. What was novel was the operational tempo \u2014 Claude Code executed reconnaissance, exploitation, and data analysis at a pace no human team could match.<\/p>\n<p>The key takeaway is that adversaries everywhere now have the ability to conduct high-speed, high-volume hacks. Unfortunately, cyber defenders are not prepared to meet this challenge.<\/p>\n<h2><b>AI and the Cyber Offense-Defense Balance\u00a0<\/b><\/h2>\n<p>Cybersecurity has long been a competition between offense and defense, with the offense having the edge thanks to the large attack surfaces produced by modern networks. While defenders must work to patch all vulnerabilities to keep the hackers out, the offense just needs to locate one entry point to compromise the defenders\u2019 systems. Cybersecurity experts are concerned that AI-enabled automated operations, like the one uncovered by Anthropic, will further <a href=\"https:\/\/www.cnas.org\/publications\/reports\/tipping-the-scales\">tip the balance<\/a> by increasing the speed, scale, and persistence of hacks.<\/p>\n<p>At the same time, AI holds the potential to address many long-standing cybersecurity challenges. AI-enabled <a href=\"https:\/\/www.secureworld.io\/industry-news\/ai-powered-testing-cybersecurity-defense\">testing<\/a> can help software developers and infrastructure owners remediate vulnerabilities before they are exploited. Managed detection and response companies have touted their use of AI to <a href=\"https:\/\/venturebeat.com\/security\/anthropic-claude-speeds-soc-threat-analysis-43x\">reduce<\/a> incident investigation time from hours to minutes, allowing them to disrupt ongoing operations and free up human analysts for more complex tasks. When layered and done right, these solutions can give defenders a fighting chance at keeping up with the new speed and scale of offense \u2014 but only if they are widely adopted.<\/p>\n<p>For years, criminals have targeted \u201c<a href=\"https:\/\/www.cisa.gov\/news-events\/news\/target-rich-cyber-poor-strengthening-our-nations-critical-infrastructure-sectors\">cyber poor<\/a>\u201d small businesses, local hospitals and schools because they are less able to purchase state-of-the art defenses to keep hackers out and less able to resist ransom demands when criminals get in. To ensure these organizations are not overwhelmed by the new pace of AI-driven hacking, organizations will need to adopt newer, high-speed defensive tools. Increased automation will make these tools cheaper and more accessible to those with limited cyber defenses. But it is hard to imagine how this will happen domestically without more funding and targeted efforts to raise cybersecurity standards in key critical infrastructure sectors \u2014 at a time that the Trump administration is <a href=\"https:\/\/www.cnbc.com\/2025\/11\/07\/trump-government-budget-cuts-cybersecurity-hacking-risks.html\">cutting back<\/a> on U.S. cyber investments.<\/p>\n<p>The same resource divide exists internationally, where <a href=\"https:\/\/www.rusi.org\/explore-our-research\/publications\/commentary\/ransomware-now-threatens-global-south\">middle and lower income countries<\/a> are at risk of crippling cyber incidents because they lack resources for basic defenses. It will take concerted international engagement and capacity building to ensure countries can keep pace with new threats, but it is in the United States\u2019 interests to help them do so.. As the United States and China compete to promote global adoption of their technology ecosystems, developing countries in particular are looking for solutions across the <a href=\"https:\/\/www.thecipherbrief.com\/global-ai-leadership\">full technology stack<\/a>. AI-enabled cyber defenses \u2014 offered individually or baked into other services \u2014 can strengthen the United States\u2019 appeal as a technology partner.<\/p>\n<h2><b>When AI Competition Meets Proliferation Risks<\/b><\/h2>\n<p>In addition to strengthening cyber defenses, it is also important for policymakers and industry leaders to reduce the risk that AI systems will be exploited to orchestrate cyber operations in the first place. GTG-1002\u2019s activities were only discovered and stopped because hackers used a proprietary model; Anthropic had visibility into the groups\u2019 activities and could cut them off, once discovered.<\/p>\n<p>The good news is that companies like Anthropic, OpenAI and Google can learn from malicious use of their models and build in stronger capabilities to detect and block future incidents. Athropic\u2019s transparency in the GTG-1002 case helps build muscle memory so that companies can work together to prevent similar incidents in the future (though some experts argue Anthropic could have <a href=\"https:\/\/www.linkedin.com\/posts\/jen-easterly_securebydesign-activity-7395115984224690176-me7Y\/\">gone farther<\/a> in explaining how the operation worked and sharing actionable details, like sample prompts). The bad news is that as open-source models like China\u2019s <a href=\"https:\/\/www.justsecurity.org\/107245\/deepseek-ai-competition\/\">DeepSeek<\/a> improve, malign actors will not need to rely on proprietary models. They will turn to open source models that operate with limited or no oversight.<\/p>\n<p>This is a place where tensions between U.S.-China AI competition and cybersecurity meet. Both countries are competing across <a href=\"https:\/\/www.foreignaffairs.com\/united-states\/china-real-artificial-intelligence-race-innovation\">multiple dimensions<\/a> to become the world\u2019s AI leader. U.S. companies \u2014 including Google, Microsoft, OpenAI, and Anthropic \u2014 have the edge when it comes to the raw capability of their proprietary models. Chinese AI companies (and some U.S. ones, too) have pressed ahead with the development of lower cost, open-source models that are more easily accessible to users in developing countries in particular.<\/p>\n<p>The economic, political, and national security stakes for this competition are enormous.\u00a0 To ensure the United States maintains a competitive advantage, the Trump administration has sought to reduce AI safety requirements. But if this campaign is a sign of what is to come, both the United States and China <a href=\"https:\/\/www.nytimes.com\/2025\/09\/02\/opinion\/ai-us-china.html?smid=nytcore-ios-share\">should have<\/a> an interest in preventing the models their companies create from being exploited by criminals, terrorists, and other rogue actors to cause harm within their territories.<\/p>\n<p>The Trump administration\u2019s <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2025\/07\/Americas-AI-Action-Plan.pdf\">AI Action Plan<\/a> calls for more evaluation of national security risks, including cyber risks in frontier models. The question is what additional safeguards need to be put in place to reduce this risk, which incentives are needed, and how to build consensus on such standards internationally.<\/p>\n<h2><b>What Must Be Done Now<\/b><\/h2>\n<p>It is impossible to stop AI-driven campaigns. But policymakers and industry leaders can still strengthen cyber defenses to mitigate risk. This requires incentivizing development of AI applications that enable secure software development, improved penetration testing, faster threat detection, and more efficient incident response and recovery. Funding and concerted engagement by government and private cybersecurity experts will be needed to support adoption among cyber-poor providers of critical services, like hospitals and schools.<\/p>\n<p>It also requires strengthening safeguards to make it harder for bad actors to weaponize easily accessible AI models. Ideally, the United States would do this in parallel with China requiring increasing safeguards in its own models. (Otherwise, the administration\u2019s recent decision to <a href=\"https:\/\/www.reuters.com\/world\/china\/us-open-up-exports-nvidia-h200-chips-china-semafor-reports-2025-12-08\/\">sell more powerful chips<\/a> to China will allow China to produce more unsafe models, and faster.)<\/p>\n<p>Regardless, the United States must continue efforts within its own AI safety community to identify and mitigate misuse of U.S. models. Transparency about incidents like this one is a good place to start. But to stay ahead of the threat, companies and researchers should be further encouraged to share information about risks, improve testing standards, and develop mitigations when bad actors circumvent safeguards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Policymakers and industry must ensure that organizations have access to fit-for-purpose cyber defenses and take steps to manage the proliferation of AI capabilities.<\/p>\n","protected":false},"author":3443,"featured_media":127060,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[43209,42696,18783,35],"tags":[2658,389,1004,1720,2288,42668,2710,1029,2729],"coauthors":[43672],"class_list":["post-127053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-emerging-technology","category-artificial-intelligence","category-cyber","category-pipeline-a","tag-artificial-intelligence","tag-china","tag-cyber","tag-cyber-warfare","tag-cyberattacks","tag-emerging-technology","tag-offensive-cyber-warfare","tag-technology","tag-united-states"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.7 (Yoast SEO v26.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Era of AI-Orchestrated Hacking Has Begun: How the U.S. Should Respond<\/title>\n<meta name=\"description\" content=\"Policymakers &amp; industry must ensure that organizations have access to fit-for-purpose cyber defenses &amp; take steps to manage AI proliferation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond\" \/>\n<meta property=\"og:description\" content=\"Policymakers &amp; industry must ensure that organizations have access to fit-for-purpose cyber defenses &amp; take steps to manage AI proliferation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\" \/>\n<meta property=\"og:site_name\" content=\"Just Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/JSBlog\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-06T14:07:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-22403143421.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1023\" \/>\n\t<meta property=\"og:image:height\" content=\"521\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Teddy Nemeroff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Policymakers &amp; industry must ensure that organizations have access to fit-for-purpose cyber defenses &amp; take steps to manage AI proliferation.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-22403143421.jpg?fit=1023%2C521&ssl=1\" \/>\n<meta name=\"twitter:creator\" content=\"@just_security\" \/>\n<meta name=\"twitter:site\" content=\"@just_security\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Teddy Nemeroff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\"},\"author\":{\"name\":\"Teddy Nemeroff\",\"@id\":\"https:\/\/www.justsecurity.org\/#\/schema\/person\/bbe18bca8e9cbf05829cfff325506db1\"},\"headline\":\"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond\",\"datePublished\":\"2026-01-06T14:07:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\"},\"wordCount\":1598,\"publisher\":{\"@id\":\"https:\/\/www.justsecurity.org\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1\",\"keywords\":[\"Artificial Intelligence (AI)\",\"China\",\"Cyber\",\"Cyber Warfare\",\"Cyberattacks\",\"Emerging technology\",\"Offensive Cyber Warfare\",\"Technology\",\"United States (US)\"],\"articleSection\":[\"AI &amp; Emerging Technology\",\"Artificial Intelligence (AI)\",\"Cyber\",\"International and Foreign\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\",\"url\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\",\"name\":\"The Era of AI-Orchestrated Hacking Has Begun: How the U.S. Should Respond\",\"isPartOf\":{\"@id\":\"https:\/\/www.justsecurity.org\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1\",\"datePublished\":\"2026-01-06T14:07:42+00:00\",\"description\":\"Policymakers & industry must ensure that organizations have access to fit-for-purpose cyber defenses & take steps to manage AI proliferation.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1\",\"width\":1920,\"height\":977,\"caption\":\"Visualization of floating programming code windows on a glowing cyber grid. (Via Getty Images)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.justsecurity.org\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.justsecurity.org\/#website\",\"url\":\"https:\/\/www.justsecurity.org\/\",\"name\":\"Just Security\",\"description\":\"A Forum on Law, Rights, and U.S. National Security\",\"publisher\":{\"@id\":\"https:\/\/www.justsecurity.org\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.justsecurity.org\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.justsecurity.org\/#organization\",\"name\":\"Just Security\",\"url\":\"https:\/\/www.justsecurity.org\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.justsecurity.org\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2024\/03\/just-security-logo-wordmark-font2.png?fit=5371%2C1757&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2024\/03\/just-security-logo-wordmark-font2.png?fit=5371%2C1757&ssl=1\",\"width\":5371,\"height\":1757,\"caption\":\"Just Security\"},\"image\":{\"@id\":\"https:\/\/www.justsecurity.org\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/JSBlog\/\",\"https:\/\/x.com\/just_security\",\"https:\/\/www.linkedin.com\/company\/just-security-linkedin\/\",\"https:\/\/www.instagram.com\/justsecurityforum\/\",\"https:\/\/www.youtube.com\/@JustSecurityForum\",\"https:\/\/bsky.app\/profile\/justsecurity.org\"],\"description\":\"Just Security is an editorially independent, non-partisan, daily digital law and policy journal that elevates the discourse on national security, democracy and the rule of law, and rights. We publish rigorous, expert analysis and informational resources on the issues that matter most. Our goals are to inform and empower decision-makers with high-quality analysis, foster informed dialogue on challenging issues, and remain accessible to our global audience. Just Security is an essential resource for those shaping a just and secure world. Just Security is based at the Reiss Center on Law and Security at New York University School of Law.\",\"email\":\"info@justsecurity.org\",\"legalName\":\"Just Security\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.justsecurity.org\/#\/schema\/person\/bbe18bca8e9cbf05829cfff325506db1\",\"name\":\"Teddy Nemeroff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.justsecurity.org\/#\/schema\/person\/image\/9eac2676d8e76a9f3eff02861ffbcbef\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6367a3f97306aee78d715c261c6f547eed8297be55c1c685ed36c460701f2571?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6367a3f97306aee78d715c261c6f547eed8297be55c1c685ed36c460701f2571?s=96&d=mm&r=g\",\"caption\":\"Teddy Nemeroff\"},\"description\":\"Teddy Nemeroff (LinkedIn) is co-founder of Verific AI, a nonresident scholar at the Carnegie Endowment for International Peace, and a visiting lecturer at Princeton University's School of Public and International Affairs. Previously, he served on the Secretary of State's Policy Planning Staff and as Director for International Cyber Policy on the National Security Council staff, where he coordinated U.S. efforts to counter nation-state cyber attacks and led cybersecurity support to Ukraine before Russia's February 2022 invasion. Earlier, he was senior advisor in the State Department's Office of the Coordinator for Cyber Issues, where he led development of U.S. policy on deterrence in cyberspace. He graduated from Princeton University and received his J.D. from Columbia Law School, where he was Editor-in-Chief of the Columbia Human Rights Law Review.\",\"url\":\"https:\/\/www.justsecurity.org\/author\/nemeroffteddy\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Era of AI-Orchestrated Hacking Has Begun: How the U.S. Should Respond","description":"Policymakers & industry must ensure that organizations have access to fit-for-purpose cyber defenses & take steps to manage AI proliferation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/","og_locale":"en_US","og_type":"article","og_title":"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond","og_description":"Policymakers & industry must ensure that organizations have access to fit-for-purpose cyber defenses & take steps to manage AI proliferation.","og_url":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/","og_site_name":"Just Security","article_publisher":"https:\/\/www.facebook.com\/JSBlog\/","article_published_time":"2026-01-06T14:07:42+00:00","og_image":[{"width":1023,"height":521,"url":"https:\/\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-22403143421.jpg","type":"image\/jpeg"}],"author":"Teddy Nemeroff","twitter_card":"summary_large_image","twitter_description":"Policymakers & industry must ensure that organizations have access to fit-for-purpose cyber defenses & take steps to manage AI proliferation.","twitter_image":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-22403143421.jpg?fit=1023%2C521&ssl=1","twitter_creator":"@just_security","twitter_site":"@just_security","twitter_misc":{"Written by":"Teddy Nemeroff","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#article","isPartOf":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/"},"author":{"name":"Teddy Nemeroff","@id":"https:\/\/www.justsecurity.org\/#\/schema\/person\/bbe18bca8e9cbf05829cfff325506db1"},"headline":"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond","datePublished":"2026-01-06T14:07:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/"},"wordCount":1598,"publisher":{"@id":"https:\/\/www.justsecurity.org\/#organization"},"image":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1","keywords":["Artificial Intelligence (AI)","China","Cyber","Cyber Warfare","Cyberattacks","Emerging technology","Offensive Cyber Warfare","Technology","United States (US)"],"articleSection":["AI &amp; Emerging Technology","Artificial Intelligence (AI)","Cyber","International and Foreign"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/","url":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/","name":"The Era of AI-Orchestrated Hacking Has Begun: How the U.S. Should Respond","isPartOf":{"@id":"https:\/\/www.justsecurity.org\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage"},"image":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1","datePublished":"2026-01-06T14:07:42+00:00","description":"Policymakers & industry must ensure that organizations have access to fit-for-purpose cyber defenses & take steps to manage AI proliferation.","breadcrumb":{"@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#primaryimage","url":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1","width":1920,"height":977,"caption":"Visualization of floating programming code windows on a glowing cyber grid. (Via Getty Images)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.justsecurity.org\/127053\/era-ai-orchestrated-hacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.justsecurity.org\/"},{"@type":"ListItem","position":2,"name":"The Era of AI-Orchestrated Hacking Has Begun: Here\u2019s How the United States Should Respond"}]},{"@type":"WebSite","@id":"https:\/\/www.justsecurity.org\/#website","url":"https:\/\/www.justsecurity.org\/","name":"Just Security","description":"A Forum on Law, Rights, and U.S. National Security","publisher":{"@id":"https:\/\/www.justsecurity.org\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.justsecurity.org\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.justsecurity.org\/#organization","name":"Just Security","url":"https:\/\/www.justsecurity.org\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.justsecurity.org\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2024\/03\/just-security-logo-wordmark-font2.png?fit=5371%2C1757&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2024\/03\/just-security-logo-wordmark-font2.png?fit=5371%2C1757&ssl=1","width":5371,"height":1757,"caption":"Just Security"},"image":{"@id":"https:\/\/www.justsecurity.org\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/JSBlog\/","https:\/\/x.com\/just_security","https:\/\/www.linkedin.com\/company\/just-security-linkedin\/","https:\/\/www.instagram.com\/justsecurityforum\/","https:\/\/www.youtube.com\/@JustSecurityForum","https:\/\/bsky.app\/profile\/justsecurity.org"],"description":"Just Security is an editorially independent, non-partisan, daily digital law and policy journal that elevates the discourse on national security, democracy and the rule of law, and rights. We publish rigorous, expert analysis and informational resources on the issues that matter most. Our goals are to inform and empower decision-makers with high-quality analysis, foster informed dialogue on challenging issues, and remain accessible to our global audience. Just Security is an essential resource for those shaping a just and secure world. Just Security is based at the Reiss Center on Law and Security at New York University School of Law.","email":"info@justsecurity.org","legalName":"Just Security"},{"@type":"Person","@id":"https:\/\/www.justsecurity.org\/#\/schema\/person\/bbe18bca8e9cbf05829cfff325506db1","name":"Teddy Nemeroff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.justsecurity.org\/#\/schema\/person\/image\/9eac2676d8e76a9f3eff02861ffbcbef","url":"https:\/\/secure.gravatar.com\/avatar\/6367a3f97306aee78d715c261c6f547eed8297be55c1c685ed36c460701f2571?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6367a3f97306aee78d715c261c6f547eed8297be55c1c685ed36c460701f2571?s=96&d=mm&r=g","caption":"Teddy Nemeroff"},"description":"Teddy Nemeroff (LinkedIn) is co-founder of Verific AI, a nonresident scholar at the Carnegie Endowment for International Peace, and a visiting lecturer at Princeton University's School of Public and International Affairs. Previously, he served on the Secretary of State's Policy Planning Staff and as Director for International Cyber Policy on the National Security Council staff, where he coordinated U.S. efforts to counter nation-state cyber attacks and led cybersecurity support to Ukraine before Russia's February 2022 invasion. Earlier, he was senior advisor in the State Department's Office of the Coordinator for Cyber Issues, where he led development of U.S. policy on deterrence in cyberspace. He graduated from Princeton University and received his J.D. from Columbia Law School, where he was Editor-in-Chief of the Columbia Human Rights Law Review.","url":"https:\/\/www.justsecurity.org\/author\/nemeroffteddy\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.justsecurity.org\/wp-content\/uploads\/2025\/12\/GettyImages-2240314342.jpg?fit=1920%2C977&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p5gGh3-x3f","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/posts\/127053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/users\/3443"}],"replies":[{"embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/comments?post=127053"}],"version-history":[{"count":4,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/posts\/127053\/revisions"}],"predecessor-version":[{"id":127056,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/posts\/127053\/revisions\/127056"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/media\/127060"}],"wp:attachment":[{"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/media?parent=127053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/categories?post=127053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/tags?post=127053"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.justsecurity.org\/wp-json\/wp\/v2\/coauthors?post=127053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}