Is AI Offense- or Defense-Dominant in Cybersecurity?
The Anthropic Mythos/Fable saga had all the twists and turns of a movie drama: the secretive model announcement, a long-awaited public release, then a swift, chaotic security rollback.
But the way it played out was not only unsurprising; it was inevitable.
Almost a year ago, Anthropic discovered the first large-scale, AI-orchestrated cyberattack: a Chinese state-sponsored group used Claude Code to run an espionage campaign. How did they get the model to do their bidding? They split the work into individually benign tasks, and convinced Claude they were a security firm running penetration tests. Thinking it was on defense, the model helped run the operation.
This defines the challenge with AI in cybersecurity. Agents can find, investigate, and validate vulnerabilities end-to-end. They can read code and surface new threat vectors. They can study a network and work out how to move laterally through it. And they do it all tirelessly, 24/7, without getting frustrated, distracted, or tired.
These tasks are identical across offense and defense. The only distinction between benevolent or malicious use is the intent, and the final action. A vulnerability leads to a patch or exploit. An agent takes over a new system, or implements safeguards to protect it.
When a powerful new technology transforms both offense and defense, how will it affect the balance of power? It’s not the first time we’ve had to think about the question.
The offense-defense balance
In the 1970s, US DoD leaders developed the “offense-defense theory.” It outlined how each emerging technology could make it easier to either attack or defend, changing the balance of power on the battlefield.
When a technology is offense-dominant, it's easier to break in than to keep someone out. Nuclear bombs are offense-dominant: whoever strikes first can destroy the opponent before they have time to react. When it's defense-dominant, holding ground beats taking it. Trench warfare was defense-dominant: a few machine guns could hold a line against far larger numbers.
The question for any new capability is the same. Does it lower the cost of attacking faster than it lowers the cost of defending?
Cybersecurity has always tilted toward offense
Cybersecurity starts from a structural asymmetry. Attackers only have to succeed once: finding and exploiting a single vulnerability can take down a system or steal valuable data. Defenders have to succeed everywhere, every time, across the entire attack surface.
This is why cybersecurity has always been a hard, expensive, stressful job. The surface keeps growing, and coverage never keeps up.
So the baseline is offense-favoring. Does AI bend that line back toward the defender, or accelerate the existing tilt?
In the near term, attackers are winning the battle
In the near term, the offense-defense balance is driven by speed.
Attackers have immediately jumped in to take advantage of AI models. They have no procurement cycle, compliance review, or legacy infrastructure to retrofit.
Anthropic has dominated the headlines, but attackers are certainly using all frontier and near-frontier models to help automate reconnaissance and generate exploits, and even simpler models to run massive spearphishing campaigns. These models both raise the ceiling, elevating a high schooler to near nation-state capabilities, and increase capacity, letting a single person do the work of dozens of hackers.
Defenders are in a very different position. They have decades of accumulated infrastructure, a patchwork of security tools, and broad operational teams. They can’t immediately adopt new technology; and even if they could, it would take months or years to deploy across their company.
For the next few years, AI provides an advantage to whoever moves fastest, and that's the attacker. Already, a majority of exploits were zero-days, hit before the vulnerability was known and a fix made. In this world, most enterprises will be caught flat-footed.
In the long run, AI can help defenders win the war – but only if they seize the opportunity
Once AI is more fully adopted in the enterprise, the offense-defense balance is driven by underlying capabilities. Offensive and defensive security workflows are effectively identical. But that may give defenders two structural advantages:
- They go first: Defenders can run the same investigation before software ever ships. An attacker’s agent can’t exploit something if a defensive agent already found and fixed it.
- They have more information: The defender works white-box, with access to the entire codebase and infrastructure. An attacker works black-box, probing in the dark from outside. With all that context, defensive agents can operate much more efficiently.
For most companies, security is a “best-efforts” endeavor. Limited team capacity means there’s always a backlog of vulnerabilities waiting in the queue. They’ll only fix the ones marked ‘Critical’, knowing that there are other holes a persistent AI will find. They get to alerts hours late when an attacker can exfiltrate data in minutes.
AI gives defenders nearly unlimited capacity, and for the first time, can protect everywhere that’s tractable, all the time. Defenders need to use structural advantages: always-on agents with comprehensive knowledge across code and infrastructure that can identify and close all vulnerabilities before they can be exploited.
Theory portfolio company Maze is building exactly this – and just recently announced their new Code products which provide deeply integrated agents to find, triage, and remediate vulnerabilities across all of a company’s attack surface.
Even the best perimeter will never be airtight
No matter the security system, some intruders will always succeed.
Perhaps they’ll discover a new zero-day exploit. More likely they’ll take advantage of the weakest part of most companies’ security strategy: the people. People make mistakes; they share passwords or click 2FA. Outside of coding, AI models are remarkably good at deepfakes, phishing, and all sorts of human engineering.
And it’s not just humans anymore. Like people, a well-meaning agent can be tricked by a cleverly worded message into doing something destructive. These agents have immense capabilities and access to production systems, presenting a major new risk vector that’s still unsolved.
So winning the war will require more than just securing systems. There are two more critical capabilities every company will need (more research on each of these areas to come!):
- AI-native Security Operations teams with agents working around the clock to not just triage alerts but hunt threats, contain attacks, and erect better internal defenses.
- Agent security platforms that can untangle the complex web of human and agent actions to provide enforceable guardrails on what agents are allowed to do.
That broader stack will also include vendor and third-party risk management, human security and training platforms, more sophisticated endpoint/network sensors, and other layers.
—
We’re coming into a scary few years for the cybersecurity industry. But there is light at the end of the tunnel: AI can help defenders cover the entire surface, continuously, at machine speed, finally solving the dilemma they’ve faced for decades.
If you're building toward a proactive, AI-native security future, I'd love to hear from you: at@theoryvc.com.
