Autonomous Cyberattacks Have Arrived, Defense Executives Say
Projected global defense spending of $6 trillion is fueling a private capital surge.
SAN FRANCISCO, March 24, 2026 — Black hat adversaries have fully automated their cyberattack capabilities within the past six months, crossing a threshold that existing defense architectures were not built to meet, venture capitalists and defense technology executives said Tuesday.
The most advanced AI systems available, known as frontier models, were already identifying and weaponizing software flaws that had no available fix, said Brad Medairy, executive vice president of Booz Allen Hamilton's integrated cyber business. The next 30 to 60 days, he said, would bring another wave of such attacks.
"Hackers are smart," Medairy said at the RSA Conference here. "They live in the seams."
Medairy pointed to the SolarWinds breach, the 2020 attack that compromised thousands of federal and commercial networks by corrupting a widely used software update. Contractors supplying the military that are left unsecured face the same risk, he said.
In response, Booz Allen had launched a cyber defense product to help companies it invests in to automate security approvals and move through government certification faster.
The compliance gap
AI-assisted development had compressed engineering timelines faster than government approval processes had kept pace, said Andrew McClure, managing director at Forgepoint Capital, the San Francisco-based cybersecurity investment firm. One company he described completed a six-month engineering project in two weeks. It then spent a year clearing certifications before the system could be deployed in a government environment.
Market demand had begun producing tools to automate much of that certification work, McClure said. Those tools target two primary frameworks: the Federal Risk and Authorization Management Program, which governs cloud services sold to the government, and the Cybersecurity Maturity Model Certification program, which sets minimum security standards private contractors must meet before selling to the Defense Department.
Capital and competition
Six trillion dollars in projected global defense spending was driving the surge of private capital into defense technology, said Gilman Louie, co-founder of America's Frontier Fund, the Washington-based national security venture firm. Allied nations, he said, were increasing their own budgets by 50 percent or more.
Louie argued that geopolitical competition had made neutrality difficult to sustain for technology companies. Silicon Valley's posture toward defense work had reversed since 2018, he said, when thousands of Google employees revolted over Project Maven, a military contract to apply AI to drone footage analysis, forcing the company to withdraw.
The same technology community had since broadly embraced government defense contracting.
Louie said the debate over adversarial capital had reached firms beyond traditional defense investors. He cited Anthropic, the San Francisco-based AI company, as an example of a technology firm navigating the line between commercial development and national security obligations. The Defense Department has attempted to tar the company as a “supply chain risk,” a legal designation reserved for foreign adversarial companies.
Volume over precision
McClure argued that the United States should shift from expensive precision cyber capabilities toward higher-volume distributed approaches. U.S. forces had found that Chinese Belt and Road infrastructure was highly vulnerable to exploitation as a source of intelligence, he said.
That infrastructure, the network of ports, roads, and technology systems China has financed across developing nations, included security cameras and road sensors deployed across partner countries.
"We can get a lot of information and do a lot of things that we're not doing today," McClure said.
Member discussion