What happened
Researchers at SpecterOps demonstrated that large language models can generate functional Mythic agents from a prompt to deployment with minimal human involvement.
Mythic is a post-exploitation framework used by red teams. Its architecture separates agent development from the underlying command-and-control infrastructure, making it easier to build and deploy new agents for offensive security testing.
The research explored whether an LLM could take a Mythic agent from a written specification to a working implant. Early attempts produced code that compiled but failed to run, with issues such as hallucinated API methods, broken Docker paths, and misunderstandings of Mythic’s key exchange process.
To make the process reliable, the team built a structured testing framework called Oracle. The harness guided the AI through validation, testing, deployment, and correction loops.
The workflow begins with a specification prompt describing the agent, target operating system, and required commands. From there, the model generates the agent codebase, Docker configuration, and supporting integration code.
The Oracle harness then validates the output through a three-tier process. Tier 1 performs local validation using unit tests and protocol checks against a mock Mythic server. Tier 2 deploys the agent to a live Mythic instance and tests it end to end on a real Windows target. Tier 3 uses a dedicated QA sub-agent with a clean context window to independently verify the release build.
If the QA sub-agent fails the build, the primary LLM fixes the issues and restarts testing from the beginning.
With this engineering harness in place, SpecterOps said development time dropped from weeks of manual work to roughly two hours per agent.
The workflow has produced working stage-zero implants in Python, Go, Zig, C#, and Rust.
Researchers said this creates a new class of disposable tooling, where unique red-team agents can be generated quickly for one-time or limited-use operations.
Who is affected
Red teams and offensive security researchers are directly affected because the research shows how AI can accelerate agent development and make custom tooling faster to produce.
Security teams and defenders are also affected because disposable tooling weakens traditional detection approaches that rely on static signatures, known code patterns, or repeated malware structures.
Organizations using endpoint detection, Yara rules, binary pattern matching, or signature-heavy detection logic should pay attention because AI-generated agents can vary in implementation while preserving the same operational purpose.
Threat intelligence teams are also affected because campaigns may become harder to cluster if attackers generate unique tooling for each operation, target, or environment.
Why CISOs should care
This research shows how AI can compress the time and expertise required to build offensive tooling. What previously took weeks of manual development can now be reduced to a prompt-driven workflow that produces working agents in about two hours.
For CISOs, the key concern is detection durability. Static signatures and binary matching become less reliable when each generated agent looks different. Even if the behavior is similar, the code structure, language, packaging, and implementation can vary across builds.
The research also highlights that the real breakthrough is not just the LLM. The structured engineering harness matters. By combining model generation with testing, deployment, logging, and self-correction, attackers or red teams can create repeatable pipelines for disposable tools.
The defensive lesson is clear: organizations need to detect behaviors that are harder to change across generated builds, such as callback timing, key exchange patterns, process activity, command execution, persistence attempts, and network behavior.
3 practical actions
- Prioritize behavioral detection over static signatures: SpecterOps warned that disposable agents weaken Yara rules and binary pattern matching. CISOs should strengthen detections around execution behavior, command-and-control flows, callback timing, key exchange sequences, and suspicious post-exploitation activity.
- Test defenses against unique tooling, not just known malware: AI-generated agents can vary across languages and builds. Security teams should run purple-team exercises using custom or modified tooling to determine whether controls detect behavior rather than only known indicators.
- Review AI-enabled offensive tooling risk in red-team governance: The workflow can generate deployable Mythic agents from specifications. Organizations using AI in red-team operations should define rules for tool generation, approval, testing, logging, payload handling, and separation between authorized testing and unsafe operational use.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.