By Rafal Rohozinski and Chris Spirito

When Chinese state-sponsored hackers turned Anthropic’s own AI orchestration tools against 30 global organizations - with the AI autonomously executing the vast bulk of the operation - it wasn’t just another breach. It was a phase transition. The machine wasn’t assisting the operator. It was the operator.

In our new article for IISS Survival: Global Politics and Strategy, Chris Spirito and I unpack why this matters far beyond cybersecurity.

The attack surface has fundamentally changed. Agentic AI has compressed sophisticated cyber operations from days to minutes - faster than any human defensive response. And the proliferation curve runs steeply downhill. Below the state-sponsored tier, a commoditised ecosystem of criminal LLMs - WormGPT, FraudGPT, GhostGPT - is putting advanced tradecraft into the hands of anyone with a dark-web subscription. The barriers to entry have effectively collapsed.

But the deeper threat is upstream. Adversaries are moving beyond exploiting AI platforms to compromising the intelligence itself - poisoning training data, manipulating model parameters, seeding malicious content into the knowledge bases AI systems rely on. When a model has been shaped to treat hostile behaviour as benign, conventional guardrails simply stop working. This is not just a cybersecurity problem. It’s a direct assault on the integrity of the information environment - the epistemic infrastructure on which institutions, markets, and governance depend.

Download the Paper

Download the Paper

At SecDev, we’ve spent nearly two decades working at the intersection of digital risk and geopolitical instability - from GhostNet to the present. What we’re seeing now is qualitatively different. The dual-use nature of AI means the proliferation path is essentially irrepressible. Existing defensive frameworks, built on decades-old infrastructure, are structurally outmatched by adversaries fielding purpose-built offensive platforms unburdened by legacy constraints.

We need to urgently rethink both cybersecurity and information integrity as a single, converged challenge. Traditional deterrence may not apply. The new rules haven’t been written. The speed of change will almost certainly outpace institutional response.

The question isn’t whether AI has been weaponised — that’s settled. It’s whether we can adapt fast enough to maintain some semblance of stability.

Rafal Rohozinski is the founder and CEO of Secdev Group, a senior fellow at the Centre for International Governance Innovation (CIGI), and co-chair of the Canadian AI Sovereignty and Innovation Cluster.

Chris Spirito is the founder of Sanctum Security, a security consultancy specialising in supply-chain risk, bespoke security integration and methodologies democratising access to sophisticated security-analysis techniques.

The Risk Ahead

SecDev’s geopolitical risk practice - builds on three decades of fieldwork across 120+ countries industrialized into on-demand strategic advantage. The era of treating geopolitical risk as an externality is over. Supply chains now span hostile borders, critical technologies depend on adversarial states, and market access hinges on diplomatic whims. What was once the domain of foreign ministries has become every CEO’s problem. SecDev’s Intelligence as a Service delivers tiered, contract-free engagement: from real-time assessments that move faster than markets to deep-dive analysis that uncovers the networks and contacts buried in geopolitical complexity. The question isn’t whether geopolitical shocks will hit your business - it’s whether you’ll see them coming.

Learn More

SecDev AI

SecDev AI delivers first-in-class Data as a Service AI solutions combining highly trained models with unique, curated datasets. Our next-generation, precision-built expert systems meet the most demanding requirements. By integrating data curation with advanced machine learning, we provide specialized tools that deliver actionable insights where accuracy and reliability are paramount.

Learn more