Future of cyber defense depends on human-guided AI, not full automation

Artificial intelligence (AI) is rapidly pushing defensive and offensive capabilities far beyond human speed and scale. New research now suggests that the most consequential shift is not full automation, but a fundamental reordering of roles between humans and machines. Rather than replacing human judgment, the next phase of cybersecurity depends on AI systems that execute and reason strategically under human supervision, a model that challenges popular assumptions about autonomous cyber defense and exposes new policy, economic, and security implications.

The study Towards Cybersecurity Superintelligence: from AI-guided humans to human-guided AI, published on arXiv, documents a multi-year progression in AI-driven cybersecurity tools and argues that the field is approaching what the authors define as cybersecurity superintelligence, a threshold at which AI systems outperform the best human experts across speed, cost efficiency, and strategic reasoning while still operating under human oversight.

From human-led defense to AI-guided operators

The study traces the early phase of this transition to systems that augment human expertise rather than replace it. The authors identify PentestGPT as a key turning point in cybersecurity practice. PentestGPT demonstrated that large language models could provide expert-level planning, vulnerability interpretation, and tactical guidance in penetration testing tasks, even when used by individuals without deep security backgrounds.

In this model, humans remained central to execution. They ran tools, interpreted raw outputs, and corrected errors, while the AI handled high-level reasoning and task decomposition. This inversion of traditional expertise lowered entry barriers and accelerated workflows, producing substantial performance gains over earlier AI-assisted approaches. The system showed that language models could encode tacit security knowledge, such as exploitation patterns and tool usage logic, and deliver it through natural language guidance.

However, the study notes that this phase also exposed clear structural limits. Human-in-the-loop execution created a bottleneck that constrained speed and scalability. Even with AI guidance, operations still moved at human tempo, and performance varied depending on individual skill and availability. The researchers argue that this stage marked an important proof of concept but could not meet the demands of increasingly fast-moving cyber threats.

This limitation became especially evident as global benchmarks for cybersecurity tasks began to saturate. According to the paper, many standardized tests designed to measure AI capability in security contexts are now being solved at accelerating rates, suggesting that human-paced workflows are no longer sufficient to keep up with AI-enabled adversaries. This dynamic set the stage for a more radical shift.

Automated agents redefine speed, cost, and scale

The second phase outlined in the research is based on Cybersecurity AI, or CAI, a framework designed to eliminate the human execution bottleneck. Unlike earlier systems, CAI operates end to end, reasoning, acting, adapting, and coordinating tools without continuous human intervention. The study presents CAI as a decisive break from assistive AI toward expert-level automation.

Benchmarking results reported in the paper show dramatic asymmetries between CAI and human experts. Across a wide range of cybersecurity challenge categories, CAI completed tasks hundreds to thousands of times faster than humans. In areas such as reverse engineering, forensics, and robotics security, the performance gap reached several orders of magnitude. Cost comparisons revealed a similar divide, with AI-driven operations achieving equivalent or superior results at a fraction of human labor costs.

These findings have broad implications for the economics of cybersecurity. The authors argue that AI-driven agents fundamentally alter how expertise is produced and deployed. Skills that once required years of training and were concentrated among elite professionals can now be operationalized by software at near-zero marginal cost. This shift opens advanced security capabilities to organizations that previously lacked the resources to conduct sophisticated assessments.

Yet the study also identifies a ceiling in this automation-first approach. Despite its speed and consistency, CAI largely matched human experts rather than surpassing them in strategic reasoning. In tasks that demanded long-horizon planning, creative exploitation, or deep mathematical insight, human performance remained competitive or superior. The researchers stress that speed alone does not constitute superintelligence. Without strategic awareness, automated systems risk becoming highly efficient but predictable actors.

This limitation has practical consequences. In real-world cybersecurity, attackers and defenders continuously adapt to each other’s behavior. Tactical automation can accelerate responses, but it does not inherently produce better decisions in adversarial environments. According to the study, closing this gap requires systems that reason about opponents, incentives, and future states in a structured way.

Game-theoretic reasoning and the rise of human-guided AI

The final phase described in the paper introduces a model the authors argue represents a qualitative leap beyond expert-level automation. Known as Generative Cut-the-Rope, or G-CTR, this approach integrates formal game theory into AI-driven cybersecurity agents. Rather than relying solely on pattern recognition or probabilistic inference, G-CTR embeds explicit strategic reasoning into the decision-making loop.

In this architecture, AI systems construct structured representations of attack and defense scenarios, compute equilibrium strategies, and translate those results into actionable guidance that shapes subsequent behavior. The study reports that this hybrid neural-symbolic design significantly improves performance consistency and success rates while reducing erratic or hallucinatory actions often associated with large language models.

Empirical evaluations cited in the paper show that game-theoretic guidance doubles success rates in simulated cyber conflict scenarios and reduces behavioral variance by more than fivefold. In competitive attack-and-defense settings, strategically guided agents consistently outperform both human experts and AI systems that lack formal reasoning components. The authors describe this as the point at which AI systems begin to exceed human strategic capability rather than merely replicating it at higher speed.

Crucially, the study frames this advance not as the emergence of fully autonomous cybersecurity, but as a shift toward human-guided AI. In this model, humans no longer act as primary executors or even tactical planners. Instead, they supervise objectives, constraints, and ethical boundaries, while AI systems handle execution and strategy at machine speed. Human expertise moves from direct action to oversight, validation, and intervention when necessary.

The authors argue that this role inversion has far-reaching consequences. It changes training requirements for cybersecurity professionals, who must now understand AI behavior, limitations, and failure modes rather than mastering every technical detail. It also introduces new governance challenges, as organizations must ensure accountability, transparency, and control in systems capable of acting faster than humans can react.

The paper warns against conflating automation with autonomy. Even at advanced stages, the researchers emphasize that true delegated decision-making in live incident response remains out of scope and potentially dangerous. Without continuous human supervision and updated knowledge, AI systems risk drifting, amplifying errors, or creating new vulnerabilities. The study repeatedly underscores that responsible deployment depends on maintaining a clear boundary between machine execution and human authority.

The research highlights geopolitical and societal stakes too. As nation-states increasingly weaponize AI for cyber operations, the authors argue that democratizing defensive capability through open frameworks is critical. The rapid diffusion of expert-level and superhuman security tools could either stabilize digital infrastructure or accelerate an arms race, depending on how governance, access, and oversight are managed.