Kevin Mandia, one of the most prolific cyber entrepreneurs and investors, predicts the world is only a year away from an AI-agent-enabled cyberattack. Mandia warned that chances are we won’t even know an AI tool was the perpetrator. “Everybody’s going to look at that, wonder how that got done, and it’s probably AI behind it,” he told Axios on the sidelines of the RSA Conference. AI doomsday scenarios have haunted cyber pros for decades, but the introduction of generative AI hypercharged their fears. Some have predicted we’ll see autonomous cyber weapons that can evade security tools in the wild by 2027. Others predict that one day the robots will be fighting robots. Mandia founded famed cybersecurity incident response company Mandiant in the early 2000s. The type of attack Mandia is predicting will likely come from the cyber criminal side of the world, rather than nation-states, he said. Mandia added that the first iteration of any new attack style is typically “a bit sloppy” and that foreign adversaries like China are more likely to take their time before rushing to follow suit. “There is enough R&D happening right now on how to use AI [at legitimate organizations] that the criminal element is doing that R&D as well,” he said. Models from OpenAI, Anthropic and other popular AI companies aren’t likely to be involved in the attack that Mandia is predicting. Those models are “pretty darn good” at blocking such blatant violations of their safety parameters. “It’s going to come from some model that’s somewhere out there that’s less controlled,” he said. Chester Wisniewski, global field CISO at Sophos, told Axios that cyber criminals may already have the capabilities — but many of them don’t have a real incentive to tap into them yet. “Fortunately today, cyber criminals are really lazy, and because we keep leaving our wallets open with large sums of cash in them, they’re happy to just steal the money and move on and not do anything fancy,” Wisniewski said.