September 23, 2025

Tipping the Scales

Emerging AI Capabilities and the Cyber Offense-Defense Balance

By: Caleb Withers

Executive Summary

Historically, attackers have had significant structural advantages in cyberspace. While defenders must secure vast attack surfaces, attackers need only succeed once. Traditionally, artificial intelligence (AI) has helped defenders mitigate these challenges by scaling defensive activities and responding to attacks in real time. Yet new developments in frontier AI could change this dynamic. While AI will aid both attackers and defenders, emerging challenges may lead AI to disproportionately empower attackers, further exacerbating their advantage in cyber operations:

  • Growing inference costs at the frontier of capabilities: Historically, most automated cyber tools have required relatively little computation to run. However, the most powerful AI capabilities increasingly rely on substantial computation to run AI models (including running them for longer). If this continues, it may become unaffordable for defenders to apply state-of-the-art capabilities across their whole attack surface, even as attackers can still afford to opportunistically target a given portion—mirroring the offense-favoring economics of human cyber operators.
  • Automation of the full cyber kill chain: Future AI systems could conduct entire cyberattacks at machine speed and scale, from start to finish, without human involvement. This would make cyberattacks far more effective at achieving military and geopolitical objectives—for example, in supporting invasions—while undermining the ability of humans to de-escalate.
  • Persistent technical reliability challenges: Defenders and responsible actors face several technical challenges in ensuring the safe and controlled deployment of AI systems. As AI becomes increasingly capable and central to cyber operations, these challenges asymmetrically advantage attackers—especially those who are more willing to tolerate collateral damage—who face less downside from failures compared with defenders.

These technical challenges will intersect with broader sociotechnical challenges as countries and organizations integrate AI into their cyber strategies. Defenders will need to strike a balance between automation and maintaining human expertise, avoiding both overreliance on and overcentralization of technology. Moreover, these challenges will unfold against a backdrop of intense domestic and international competition in AI development and deployment.

The net offensive or defensive advantage of AI-powered cyber tools is not predetermined. The advantage will vary across tools and their capabilities. It can also be measured and shaped through decisions about AI research, development, and deployment.

As policymakers navigate the evolving landscape of AI-enabled cyber threats, they should focus on the following priorities:

  • Double down on policies to shore up cybersecurity.
  • Invest in AI research and development to differentially promote cyber defense.
  • Strengthen evaluation of AI cyber capabilities and risks, including relevant U.S. government capabilities and authorities.
  • Sufficiently resource the Bureau of Industry and Security to enforce AI-related export controls.
  • Clarify federal regulation around reasonable care and liability for cyber harms from frontier AI.
  • Promote information security at frontier AI developers.
  • Promote global norms around liability for harms from automated cyber operations.

Introduction

Russia’s invasion of Ukraine in 2022 confounded expectations around the role of cyber operations in modern conflict. Although many experts predicted a sweeping, highly coordinated cyber offensive would play a decisive role alongside conventional forces, the reality proved otherwise. In a war between a cyber-savvy great power and a digitally advanced state, cyberattacks played a relatively modest role. This limited impact underscores a key limitation of offensive cyber operations—sophisticated attacks require months of planning and thousands of hours of labor. Consequently, the need to plan and synchronize cyber operations well in advance of execution can be an obstacle to achieving strategic military objectives. Human timelines often bottleneck the fullest realization of cyber aggression.

Sufficiently capable artificial intelligence (AI) systems could overcome this bottleneck. While current systems show only nascent capabilities to autonomously execute the complex, multistep tasks required for sophisticated cyber operations, progress in these capabilities has been real and rapid, with no indication of slowing. Today, AI systems primarily serve as tools to automate specific tasks, such as research or code generation. In the future, AI systems might become capable of autonomously executing operations across the full cyber kill chain, from reconnaissance to impact.

This report examines how emerging AI capabilities could disrupt the cyber offense-defense balance. Historically, attackers have had significant structural advantages in cyberspace: defenders must secure vast attack surfaces, while attackers need only succeed once. AI has, on balance, helped defenders, allowing them to mitigate these challenges by scaling defensive activities and responding to attacks in real time. But policymakers should not assume this dynamic will hold indefinitely. Three challenges could lead AI to disproportionately empower attackers in the future.

First, growing inference costs at the frontier of capabilities may benefit well-resourced attackers who can selectively target high-value assets, while defenders struggle to protect their entire attack surface. Second, automating the full cyber kill chain could accelerate operations from human to machine speed, dramatically enhancing the potential of cyberattacks to support military and geopolitical objectives. Third, persistent technical challenges in model safety and reliability create asymmetric advantages for attackers with higher risk appetites who can better tolerate both system failures and collateral damage from their operations. Moreover, these technical challenges will not occur in isolation. Organizations and nations will need to navigate sociotechnical challenges as they look to integrate AI more deeply into their cyber defenses, along with commercial and geopolitical pressures to develop and deploy AI systems at the potential expense of identifying and mitigating offensive risks.

This report analyzes the interplay of these dynamics. It first surveys the current influence of AI on cyber defense and offense, along with relevant capabilities emerging at the frontier. It then projects how plausible AI advances and technological trends could disrupt the current cyber offense-defense balance. The report concludes with concrete recommendations for policymakers to appropriately prepare by strengthening defenses and proactively shaping the AI-cyber ecosystem.

Download the Full Report

Download PDF

  1. Nadiya Kostyuk and Erik Gartzke, “Why Cyber Dogs Have Yet to Bark Loudly in Russia’s Invasion of Ukraine,” Texas National Security Review 5, no. 3 (Summer 2022): 113–126, https://tnsr.org/2022/06/why-cyber-dogs-have-yet-to-bark-loudly-in-russias-invasion-of-ukraine/. See also Keir Lieber, “The Offense-Defense Balance and Cyber Warfare,” in Cyber Analogies, eds. Emily O. Goldman and John Arquilla (Monterey, CA: Naval Postgraduate School, 2014), 96–107, https://core.ac.uk/download/pdf/36732393.pdf#page=109.

Author

  • Caleb Withers

    Research Associate, Technology and National Security Program

    Caleb Withers is a research associate for the Technology and National Security Program at the Center for a New American Security (CNAS). He focuses on frontier artificial inte...

More from CNAS

View All Reports View All Articles & Multimedia