AI is changing how attacks are built and executed. What used to take days of hands-on operator time can now be orchestrated by agents that plan, execute, and adapt, with humans stepping in only when the system needs direction.
At Vectra AI, our open-source research shows what this looks like in practice: MCP-powered, agentic operations that coordinate multiple reconnaissance and action “workers” across a target environment, while minimizing many of the artifacts defenders have historically relied on.
These attacks change the packaging, not the mission
Even when the operator is an AI agent, the attacker must still achieve an objective. Achieving that objective requires actions and behaviors to be executed that are visible and ultimately detectable from the network.
In almost every real intrusion, the network remains the path where discovery, movement, coordination, and data access happen. Those behaviors are not optional. They are the work.
What we demonstrated in our research
Our research here and summarized here highlights how MCP-enabled architectures can shift to event-driven, asynchronous operations, where agents connect when needed, execute tasks, and report results, rather than relying on predictable, repetitive patterns defenders have traditionally keyed on.
Critically, this approach can blend activity into what looks like normal enterprise AI usage, making differentiation harder when benign tools are generating similar AI API patterns.
We also show how a swarm approach improves offensive capability by running in parallel, sharing intelligence quickly, and continuing the mission even if one agent gets detected.
The industry evidence is converging
This is not just a Vectra AI hypothesis.
- MCP-based agentic red teaming: Hiding in the AI Traffic describes an MCP-enabled architecture designed for asynchronous, parallel operations and real-time intelligence sharing, while reducing detectable artifacts.
- Agents in real environments: A Stanford-led study evaluating AI agents vs. human cybersecurity professionals on a live university network (~8,000 hosts) reports ARTEMIS placed second overall, discovered 9 valid vulnerabilities, and outperformed 9 of 10 human participants.
- Real-world escalation: Anthropic reported disrupting what it describes as a large-scale AI-orchestrated cyber espionage campaign where AI performed 80–90% of the work, with human intervention only at a handful of decision points.
The key point defenders should not miss
AI can automate a significant portion of an attack and increase stealth. But it does not remove the need to operate across the network to make progress.
That is why detection anchored in network behavior remains durable, even as tooling becomes more agentic and activity becomes harder to distinguish from legitimate AI usage.
“It’s been proven that agentic AI increases speed and reduces hands-on time for attackers, but it does not remove the need to operate across a network. Actions like discovery, lateral movement, and communication still must happen. AI agents can drive the attack, but it still has to take the same road to get to the goal. Our research shows both that this is where attacks are going and that AI-powered NDR can detect those behaviors and shut attackers down.”
Sohrob Kazerounian, Distinguished AI Researcher Vectra AI
Why the best tool to stop AI attacks is AI-powered NDR
If attacks become faster and more adaptive, defenses must do the same.
The practical implication is straightforward: you cannot defend against agentic attacks by chasing a specific toolchain, prompt style, or malware family. You need detection that generalizes to what attackers must do, regardless of whether those actions are human-driven or agent-driven.
AI-powered NDR is built for that reality because it focuses on the behaviors required to progress an intrusion across the network, even as attacker coordination shifts toward more event-driven, AI-blended patterns.
Vectra AI secures the hybrid network in the face of expanding AI
As AI adoption grows, both by attackers and by enterprises, the outcome Vectra AI delivers is twofold.
First, Vectra AI detects and prioritizes the network behaviors AI agents generate to move an attack forward, so defenders can stop threats.
Second, Vectra AI gives security teams visibility as enterprises adopt AI themselves, so they can monitor internal AI agent activity and AI usage, both sanctioned and shadow, across the enterprise.
AI changes who is driving, and how fast everything moves. Vectra AI lets you see it all, and stop the threats that come with it.
---
参考文献
- Vectra AI Research Blog, New Technologies bring new risks: MCP-Powered Swarm C2 (Aug 27, 2025).
- Janjusevic et al., Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming (arXiv:2511.15998, Nov 2025).
- Anthropic, Disrupting the first reported AI-orchestrated cyber espionage campaign (Nov 2025).
- Lin et al., Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing (arXiv:2512.09882, Dec 10, 2025).