With all the hype about the transformative power of Artificial Intelligence (AI) to revolutionize and accelerate innovation, there are some disquieting red flags.
Earlier this year in Hong Kong, a finance officer joined a video call with her CFO and several colleagues who looked and sounded exactly as she remembered — the voices, gestures, even their familiar speech rhythms. Urged to move quickly on a “confidential deal,” she wired the equivalent of $25 million in 15 separate transfers. Only afterwards did investigators reveal the chilling truth: Not one person on that call was real — every face and voice had been generated in real time by a “deepfake” system.
Deepfakes, which use a form of AI called deep learning to make highly realistic images of fake events, can convincingly depict people saying or doing things they never did — a capability that threatens to erode trust, fuel disinformation, and weaponize deception on a massive scale. Already, they have been deployed to create fake nude photographs for blackmail and to enhance business email compromise (BEC) scams by fabricating fraudulent messages so convincing they can slip past even wary recipients. But as dangerous as deepfakes are, they may be just the opening act.
Threatening rise of agentic AI
When OpenAI unveiled ChatGPT in 2022, the world marveled at its capabilities. AI tools could draft emails, generate poetry, create digital artwork, and even mimic human conversation. But while it had tremendous potential, security experts worried about its possible misuse. While AI tools like ChatGPT still operate within predefined boundaries that prevent outright malicious activity, cybercriminals are busily creating underground AI models designed specifically to bypass ethical and security safeguards.
The alarming threat on the horizon: agentic AI — autonomous systems that don’t just mimic reality but act on it, independently analyzing data, planning tasks, and executing actions without continuous human oversight. In the hands of cybercriminals, these AI agents could weave together multiple emerging capabilities into relentless, self-directed attack systems that adapt, scale, and strike without pause.
Unlike the generative AI chatbots we know today, agentic AI represents a transformative leap forward. Companies such as Google, Amazon, Microsoft, and Salesforce are actively developing AI-powered “agents” capable of independently analyzing data, planning tasks, and executing actions without continuous human oversight. These agents are poised to become invaluable assistants for businesses and individuals, automating customer service, financial planning, and even medical consultations.
But what happens when these AI agents are used by bad actors? Like HAL 9000 in 2001: A Space Odyssey, an agentic AI gone rogue would not simply follow harmful instructions — it could decide on its own which systems to infiltrate, which targets to pursue, and when to strike.
Cybercriminals leveraging agentic AI could unleash a torrent of autonomous cyberattacks. Unlike traditional scams, which rely on human effort to identify, target, and manipulate victims, agentic AI could fully automate these processes. Imagine an AI-driven cybercriminal operation that could:
- Deploy AI models stripped of safeguards to generate malicious code, phishing kits, and illicit content instantly.
- Launch autonomous penetration bots to scan networks, identify vulnerabilities, and execute attacks without a hacker’s intervention.
- Run disinformation farms that flood the internet with hyper-targeted propaganda at a scale no human operation could match.
- Operate model-to-malware pipelines that produce constantly mutating malicious software to evade detection.
- Conduct AI-powered social engineering that mines personal data to craft scams mirroring a target’s tone and relationships — from scraping baby photos to stage fake kidnapping threats, to analyzing LinkedIn profiles for executive impersonation in high-quality phishing emails.
- Exploit generative bio-design tools to propose genetic sequences for dangerous pathogens or toxins.
- Use real-time AI translation to remove language barriers, enabling seamless cross-border fraud.
- Create synthetic AI identities with complete, fabricated histories that can pass financial, corporate, or even government verification — and use them to run romance scams at scale, targeting vulnerable people identified from public divorce or relationship records.
- Orchestrate ransom-based extortion by scanning massive databases of stolen personal information, matching Social Security numbers with email addresses, and crafting highly personalized ransom demands.
Defending against agentic AI
Cybercrime is no longer just a multi-national corporate concern. Very soon, individual users and business owners may find themselves on the front lines of AI-driven cyberattacks. A single compromised device could lead to a broader network attack, affecting entire organizations. Conversely, breaches within companies could expose customer data, amplifying the risk of identity theft and financial fraud. And like HAL 9000 in 2001: A Space Odyssey, an agentic AI gone rogue would not simply follow harmful instructions — it could decide on its own which systems to infiltrate, which targets to pursue, and when to strike.
Share this article
As AI-generated cyber threats grow more sophisticated, businesses and individuals must adopt a proactive approach to cybersecurity. Enhanced authentication methods, AI-driven security monitoring, and ongoing education about evolving threats will become indispensable defenses against AI-powered attacks.
While agentic AI poses significant risks, it also offers new opportunities for defense. The same AI technology that could be weaponized by cybercriminals can, in the right hands, become a powerful shield — identifying threats faster than humans can blink, adapting to new attack strategies in real time, and even predicting breaches before they occur. In the near future, next-generation cybersecurity could include:
- AI-driven threat detection: Automated systems that scan for anomalies, detect phishing attempts, and neutralize threats before they cause harm — at speeds no human team could match.
- Personalized security assistants: Intelligent AI agents that monitor your digital activity, warn you when you’re walking into a scam, and offer real-time coaching on safer online behavior — effectively turning every user into a hardened target.
- Proactive defense networks: Interconnected AI-powered systems that continuously monitor global cyberthreats, share real-time intelligence across industries, and automatically deploy countermeasures, making it harder for attackers to find a soft target anywhere.
Future of cybersecurity
Agentic AI is not some distant sci-fi specter — many of these capabilities already exist in primitive form. Agentic AI could fuse them into fully autonomous, adaptive attack networks. Without serious preparation, the same technology now hailed as a productivity revolution could become the most efficient engine of cybercrime ever built.
The moment AI stops waiting for human instructions and starts making its own decisions — as HAL 9000 did in Stanley Kubrick’s 2001: A Space Odyssey when he seized control of the Discovery One, killing most of the crew — the line between a helpful assistant and an unstoppable predator vanishes.
The battle is not lost, however: The same autonomous intelligence that could be weaponized can also be harnessed to protect us — scanning for anomalies at warp speed, intercepting attacks before they’re launched, and sharing nanosecond intelligence across industries. The imperative is urgent: Build the guardians before the predators take control.
Henry I. Miller, a physician and molecular biologist, is the Glenn Swogger Distinguished Fellow at the Science Literacy Project. A veteran of the NIH and FDA, he was the founding director of the FDA’s Office of Biotechnology. Contact him on his website: henrymillermd.org
