Traditional defense mechanisms struggle to counter AI-driven adaptive cyberattacks, as they are ill-equipped to handle autonomous adversarial agents capable of evading detection. This work proposes a novel defensive infrastructure centered on controllable offensive AI, which, within regulated environments, is trained to simulate the full attack lifecycle to proactively acquire and transform threat intelligence into defensive knowledge. The study’s core contributions include the first systematic benchmark encompassing the entire attack chain, alongside a training-based vulnerability discovery agent, an open-weight model governance framework, a tiered capability release mechanism, and a defense-oriented agent distillation technique. Together, these establish a “offense-informed defense” strategic paradigm and outline three actionable pathways for the safe development and constraint of offensive AI capabilities.

For over a decade, cybersecurity has relied on human labor scarcity to limit attackers to high-value targets manually or generic automated attacks at scale. Building sophisticated exploits requires deep expertise and manual effort, leading defenders to assume adversaries cannot afford tailored attacks at scale. AI agents break this balance by automating vulnerability discovery and exploitation across thousands of targets, needing only small success rates to remain profitable. Current developers focus on preventing misuse through data filtering, safety alignment, and output guardrails. Such protections fail against adversaries who control open-weight models, bypass safety controls, or develop offensive capabilities independently. We argue that AI-agent-driven cyber attacks are inevitable, requiring a fundamental shift in defensive strategy. In this position paper, we identify why existing defenses cannot stop adaptive adversaries and demonstrate that defenders must develop offensive security intelligence. We propose three actions for building frontier offensive AI capabilities responsibly. First, construct comprehensive benchmarks covering the full attack lifecycle. Second, advance from workflow-based to trained agents for discovering in-wild vulnerabilities at scale. Third, implement governance restricting offensive agents to audited cyber ranges, staging release by capability tier, and distilling findings into safe defensive-only agents. We strongly recommend treating offensive AI capabilities as essential defensive infrastructure, as containing cybersecurity risks requires mastering them in controlled settings before adversaries do.