What’s the future of cyber warfare? 0day exploits and the cyber kill chain? Doubtful. It’s looking more and more likely that we’ll have highly sophisticated LLMs-as-malware.
Stuxnet marked a turning point in cyber warfare. Theoretical genius burst forth in a practical demonstration of what a true cyber weapon was capable of. Stuxnet was a worm (allegedly) built by the USA and Israel to target Iran’s Natanz nuclear facility. It successfully set their nuclear program back years, caused millions in damages, and led to the demotion and public humiliation of many of Iran’s top nuclear scientists, military personnel, and intelligence officers.
The Cyber Kill Chain, a framework developed by none other than Lockheed Martin, takes military targeting concepts and maps it to cybersecurity for modeling an attack chain. It breaks this down into seven stages:
Stuxnet adhered closely to this model, demonstrating reconnaissance on Siemens systems, weaponization of custom exploits, delivery via USB, exploitation of multiple zero-days, installation on isolated networks, C2 through peer-to-peer updates, and actions that physically disrupted operations without immediate detection.
Stuxnet followed the cyber kill chain, but AI - that is, LLMs - change things. Already researchers are using LLMs to orchestrate and plan ransomware campaigns (Md Raz et al. 2025). This method presupposes a network connection, where an orchestrator is dropped onto a victim machine and communicates back to an LLM via API calls whereupon the LLM instructs the orchestrator to execute bespoke code and achieve actions on objectives - in this case, exfiltration of PII, encryption of sensitive data, and extortion of funds. What’s surprising here is that every run yields unique code and unique methodology, despite uniform prompts. Victim host activity (endpoint and network) is noticeably stealthier than traditional ransomware, too. This threatens to upset the current detection and response equilibrium through not even being detected in the first place.
What if we went yet further, jumping straight to Delivery, skipping C2 entirely. Imagine the following as a cyber weapon: a miniaturized LLM trained on exploiting systems and given a narrow goal, dropped onto a victim endpoint.
This could be packaged as a script or an executable, and it’d completely bypass traditional EDR. Even heuristic analysis would likely not do much in the way of stopping something like this - an LLM can independently write and execute bespoke low-level shellcode directly on a system, with no human guidance or input whatsoever. An LLM that can reason can enumerate its environment and be stealthy. It can take as little or as much time as it needs to. This goes far beyond a simple script of decision trees. This is a true paradigm shift.
The dynamic capabilities of an LLM-as-a-hacker far exceed anything seen yet. A sufficiently advanced model, trained on the proper data sets, can cause serious damage. Consider the following hypothetical scenario:
An air gapped network with XDR, full auditing with logs sent to a centralized SIEM, etc. is infected with this new type of LLM malware. It immediately enumerates the local machine, first looking for running processes, recognizing security tooling and modifying its actions accordingly - its next steps are to avoid detection and execute bespoke exploits tailored to its decision on how to proceed with achieving actions on objectives. Alternatively, if it decides that detection is unavoidable, it can choose to unleash a barrage of malicious activity, aiming to achieve as much of its objective as possible before a human is alerted.
This isn’t exactly far off. In fact, research from 2023 shows that it’s practically feasible. And with every year that followed, LLMs grew smaller in size, greater in capability, and better able to integrate with other apps or workflows - such as LLM-as-malware!
This is the future of cyber warfare. The question is - how do we defend against it?
For now, offensive capabilities have the upper hand. But just as how cannons obliterated traditional castles, and then star forts neutralized the offensive advantage, I expect that here, too, defensive capabilities will match and later surpass these new offensive AI tactics.