The advance of artificial intelligence (AI) in the field of cybersecurity is marking a turning point. A recent study by the Carnegie Mellon University has highlighted a concept that could redefine cyber attacks promoted by AI and that already begins to appear in clandestine forums of the Deep Web: Incalmo.

This finding, analyzed by Check Point Research, the intelligence unit of threats of Check Point Software Technologies, puts on the table a scenario where AI not only executes tasks, but acts as an orchestrating brain capable of planning, coordinating and directing attacks with unpublished precision so far.

Incalmo, the piece that was missing in the attacks with AI

According to academic research, current language models are not very effective when they try to execute complex attacks autonomously. However, by introducing a control layer called incalmo, the panorama changes completely. This technology separates execution planning, gives the models with memory and allows specialized agents to take care of actions such as network scan, lateral movement or data exfiltration.

Incalmo replicates patterns already present in the Dark Web and validates the Threatcloud AI approach as a defensive brain

The paradox is that even small models, having this orchestration, achieve a level of success greater than that of larger but less structured systems. And most worrying: there are already tools on the Dark Web such as Wormgpt or Fraudgpt that offer this approach to interfaces similar to AI chats, democratizing access to complex cyberbots.

A warning for defenders

“Like the attackers are already adopting Orchestration architectures based on AI, defenses must also evolve towards coordinated and central intelligence systems,” says Mario GarcĂ­a, general director of Check Point Software for Spain and Portugal. “Threatcloud AI is that brain that converts data and telemetry into real -time prevention decisions, keeping companies one step ahead of threats.”

This model, in fact, resembles the defense philosophy of Check Point, based on Threatcloud AI as strategic decision center and a network of agents that execute measures in Cloud, Endpoints, identities and networks.

Strategic implications for fissions and responsible for you

Carnegie Mellon’s work confirms what many experts feared: the attackers already operate with artificial intelligence -based architectures that maximize the effectiveness of their campaigns. For companies, the message is clear:

  • The orchestrated AI should be assumed as part of the threat model.
  • The defense cannot depend on isolated controls; You need a “brain” capable of coordinating all layers.
  • The response speed will be the differential factor between falling victim or keeping one step ahead.

The battle between offensive and defensive in cybersecurity enters a new phase, where artificial intelligence ceases to be a simple assistant and becomes the true orchestra director.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.