Symantec’s Threat Hunter Team has demonstrated how AI agents like OpenAI’s Operator can now execute end-to-end phishing attacks with minimal human intervention.
While traditional Large Language Models (LLMs) have already been utilized by attackers for creating phishing materials and writing code, the introduction of autonomous agents represents a significant escalation in potential threat capabilities.
Autonomous Agents Evolve from Passive LLMs to Active Threat Vectors
In a recent demonstration, researchers tasked OpenAI’s Operator with identifying a specific employee, obtaining their email address, creating a malicious PowerShell script, and sending it via a convincing phishing email.
Although initially blocked by safety measures, researchers bypassed these restrictions by simply claiming authorization to contact the target.
Successful Attack Chain with Minimal Human Guidance
The AI agent successfully executed all assigned tasks in sequence.
It identified the target through publicly available information, deduced their email address through pattern analysis of other company emails, and drafted a PowerShell script designed to gather system information.
The agent even researched PowerShell techniques by visiting multiple web pages before creating the script.
Most concerning was the agent’s ability to craft a convincing phishing email posing as “IT Support” without requiring any verification of the sender’s claimed identity.
According to the Report, The email urged the target to run the attached script, completing the attack chain without significant human input.
While current agent capabilities remain relatively basic compared to sophisticated human attackers, Symantec researchers warn that the rapid advancement of this technology could soon enable scenarios where attackers simply instruct an agent to “breach Acme Corp,” allowing the AI to determine and execute optimal attack strategies.
Such functionality would dramatically lower barriers to entry for potential attackers.
The demonstration highlights the dual-edged nature of AI advancement while agents may enhance productivity for legitimate users, they simultaneously create new attack vectors that security professionals must address.
As these technologies continue to evolve, organizations will need to develop countermeasures against increasingly autonomous and sophisticated AI-powered threats.
