StuxSwarm: A Threat Analysis of Fully Autonomous AI-Orchestrated Cyber Attacks

Abstract — Historically, cyber attacks between countries have been year-long efforts between multiple contributing intelligence agencies that require gathering and sharing intel from many different attack angles so the final outcome is successful. One very famous example of this is Stuxnet, which was a co-effort from at least five different countries, with the main actors being the United States and Israel. This entire effort took years to plan, but with the advent of AI, is it possible to make this style of attack repeatable at scale? Most famously, large language models (LLMs) have achieved great coding performance, already surpassing the average junior software engineer in many cases. We know that there are ways to uncensor or “jailbreak” LLMs and use their intelligence for malicious purposes, such as writing malware. Other AI models include new photorealistic generators such as Google Nano Banana or the new generation of video generation models such as SeedDance 2.0. Voice cloning models are now increasingly used for phishing and ransom scams. It is reported that 76% of phishing campaigns today use some form of AI. These models allow for generating artificial scenes featuring any given human subject as input. Today these have mainly been used for pranks amongst friends, and major companies claim to watermark their outputs with invisible signatures to mitigate malicious use. The question many attackers are now asking is whether it is now feasible to create an end-to-end automated cyber attack framework that leverages the ever-decreasing cost of AI models with no censorship to exponentially increase the amount of attacks by lowering the monetary and time cost of setup per attack. This paper explores what a novel attack framework, which we call StuxSwarm, could look like and what should be done to defend against it.