Pentagon warns agentic tools empower criminals

Agentic AI is the part of the AI boom where software stops just answering questions and starts doing things. It can search networks, chain tools together, write code, test exploits, send messages, and keep going with limited supervision. That is why Pentagon officials are excited about it — and why they are suddenly worried. This week, Defense Department leaders were blunt: the same systems helping government workers move faster are also giving cybercriminals capabilities that used to belong mostly to nation-states. (defenseone.com) ### What changed this week? The immediate news came from remarks by Emil Michael, the defense undersecretary for research and engineering, who said the Pentagon’s GenAI.mil rollout since December has been a big win inside the department. He said workers are using agentic tools for the “mundane part” of their jobs and cutting some ta(defenseone.com)reat model fast. (defenseone.com) ### What makes an AI system “agentic”? A chatbot waits for prompts. An agent can take a goal, break it into steps, call other software, and act in sequence. That sounds abstract, but the practical difference is huge — an agent can keep working after the first answer. Congress’s research arm described these systems as autonomous, goal-driven, and adaptable, with potential to conduct cyber operations at speed and scale beyond normal human workflows. (congress.gov) ### Why does that help criminals so much? Because cyberattacks are full of repetitive labor. Reconnaissance, vulnerability hunting, phishing customization, exploit testing, persistence checks — a lot of it is tedious. Agentic tools slash that labor cost. A criminal group no longer needs the same bench of specialists if software can handle chunks of planning and execution. The result is not magic superintelligence. It i(congress.gov)-skilled operators. (defenseone.com) ### Why are officials comparing this to nation-states? Nation-state hackers traditionally had advantages in patience, scale, and coordination. They could run long reconnaissance campaigns, chain multiple exploits, and adapt mid-operation. Agentic systems start to package some of that behavior into software. That does not mean every (defenseone.com)itals, utilities, contractors, and local government networks. Michael explicitly pointed to risks reaching beyond federal systems into places like rural hospitals and wastewater plants. (defenseone.com) ### Isn’t the Pentagon building the same thing? Basically, yes. That is the uncomfortable part. DARPA’s AI Cyber Challenge has been pushing AI systems that can identify, exploit, and patch software vulnerabilities at machine speed. The defensive logic is obvious — find the bug before an adversary does. But dual-use technology cuts both ways. If defenders can automate vulnerability discovery and remediation, attackers can automate discovery and exploitation. (congress.gov) ### So what is the real security problem? Autonomy expands the attack surface. A recent joint guide from CISA, NSA, ASD, the UK, Canada, and New Zealand makes the point plainly: agentic systems add complexity, create privilege risks, and should never get broad or unrestricted access to sensitive systems. The catch is that useful agents often need exactly that kind of access to be powerful. It is like hiring a very fast(congress.gov) jumps, but one mistake gets expensive fast. (media.defense.gov) ### How big is the Pentagon’s own rollout? Big enough to show why officials are moving quickly. Breaking Defense reported that Pentagon personnel built more than 103,000 semi-autonomous agents in under five weeks on GenAI.mil, with more than 1.1 million sessions logged by mid-April. That scale matters because it shows agentic AI is not a lab curiosity anymore. It is already becoming normal operational software. (breakingdefense.com) ### What does defense look like now? Not just “go faster.” That was the core warning in this story. Defenders need tighter permissions, better evaluation of what agents can actually do, stronger monitoring, and plans for when an agent behaves in unexpected ways. They also need to assume attribution gets murkier, because autonomous tools can let small groups mimic the tradecraft of much larger ones. (defenseone.com) ### Bottom line? The Pentagon is not saying agentic AI is a mistake. It is saying the cyber balance is shifting. When offensive capability gets cheaper and more automated, the people who benefit first are not just governments — they are criminals too. (defenseone.com)