{"id":"https://openalex.org/W7135183879","doi":"https://doi.org/10.48550/arxiv.2603.11528","title":"Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications","display_name":"Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications","publication_year":2026,"publication_date":"2026-03-12","ids":{"openalex":"https://openalex.org/W7135183879","doi":"https://doi.org/10.48550/arxiv.2603.11528"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.11528","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.11528","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.11528","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129077772","display_name":"Jam Kraprayoon","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Kraprayoon, Jam","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016773355","display_name":"Shaun Kai Ern Ee","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ee, Shaun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129080412","display_name":"Brianna Rosen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rosen, Brianna","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129014176","display_name":"Yohan Matthew","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Matthew, Yohan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129019404","display_name":"Aditya Singh","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Singh, Aditya","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129043646","display_name":"Christopher Covino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Covino, Christopher","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129090865","display_name":"Asher Brass Gershovich","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gershovich, Asher Brass","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5129077772"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12221","display_name":"Cybersecurity and Cyber Warfare Studies","score":0.2053000032901764,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T12221","display_name":"Cybersecurity and Cyber Warfare Studies","score":0.2053000032901764,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12888","display_name":"Military Strategy and Technology","score":0.06880000233650208,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.019600000232458115,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/offensive","display_name":"Offensive","score":0.7494000196456909},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5649999976158142},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5601999759674072},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4426000118255615},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.42320001125335693},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.40470001101493835},{"id":"https://openalex.org/keywords/interdiction","display_name":"Interdiction","score":0.3833000063896179},{"id":"https://openalex.org/keywords/recapitalization","display_name":"Recapitalization","score":0.36980000138282776},{"id":"https://openalex.org/keywords/autonomous-system","display_name":"Autonomous system (mathematics)","score":0.359499990940094}],"concepts":[{"id":"https://openalex.org/C176856949","wikidata":"https://www.wikidata.org/wiki/Q2001676","display_name":"Offensive","level":2,"score":0.7494000196456909},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7059000134468079},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5649999976158142},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5601999759674072},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.45879998803138733},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4426000118255615},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.42320001125335693},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.40470001101493835},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.38339999318122864},{"id":"https://openalex.org/C124119293","wikidata":"https://www.wikidata.org/wiki/Q6046081","display_name":"Interdiction","level":2,"score":0.3833000063896179},{"id":"https://openalex.org/C166357818","wikidata":"https://www.wikidata.org/wiki/Q3735938","display_name":"Recapitalization","level":2,"score":0.36980000138282776},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3617999851703644},{"id":"https://openalex.org/C9628104","wikidata":"https://www.wikidata.org/wiki/Q788009","display_name":"Autonomous system (mathematics)","level":2,"score":0.359499990940094},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.32910001277923584},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.3287999927997589},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.30880001187324524},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.30660000443458557},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2736000120639801},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C203133693","wikidata":"https://www.wikidata.org/wiki/Q7283","display_name":"Terrorism","level":2,"score":0.26170000433921814},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.259799987077713},{"id":"https://openalex.org/C2778938767","wikidata":"https://www.wikidata.org/wiki/Q1502043","display_name":"Rules of engagement","level":2,"score":0.2587999999523163},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.257999986410141},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.25619998574256897},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.2526000142097473},{"id":"https://openalex.org/C207267971","wikidata":"https://www.wikidata.org/wiki/Q120208","display_name":"Emerging technologies","level":2,"score":0.251800000667572},{"id":"https://openalex.org/C164065428","wikidata":"https://www.wikidata.org/wiki/Q1201929","display_name":"Core competency","level":2,"score":0.2508000135421753},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.11528","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.11528","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.11528","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.11528","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"This":[0],"report":[1],"introduces":[2],"the":[3,36,68,89,107,119,147,159,179],"concept":[4],"of":[5,14,39,161,164],"\"Highly":[6],"Autonomous":[7],"Cyber-Capable":[8],"Agents\"":[9],"(HACCAs),":[10],"AI":[11],"systems":[12],"capable":[13],"autonomously":[15],"conducting":[16],"multi-stage":[17],"cyber":[18,62,116,151],"campaigns":[19],"at":[20],"a":[21,56],"level":[22],"comparable":[23],"to":[24,98,121,131,153],"today's":[25],"top":[26],"criminal":[27,132],"hacking":[28],"groups":[29,133],"or":[30],"state-affiliated":[31],"threat":[32],"actors,":[33],"and":[34,49,95,101,126,134,158,185,190],"analyzes":[35],"security":[37],"implications":[38],"their":[40,187],"emergence.":[41],"The":[42],"report:":[43],"(1)":[44],"Defines":[45],"what":[46],"HACCAs":[47,84,112],"are":[48],"forecasts":[50],"when":[51],"they":[52],"might":[53],"arrive,":[54],"establishing":[55],"clear":[57],"framework":[58],"for":[59,123,149],"an":[60],"autonomous":[61,92,150],"agent":[63],"that":[64,143],"can":[65],"operate":[66],"across":[67,175],"full":[69],"attack":[70],"lifecycle":[71],"without":[72],"meaningful":[73],"human":[74],"direction;":[75],"(2)":[76],"Identifies":[77],"five":[78],"core":[79],"operational":[80],"tactics,":[81],"detailing":[82],"how":[83,111],"could":[85,113],"sustain":[86],"themselves":[87],"in":[88],"wild,":[90],"from":[91],"infrastructure":[93],"setup":[94],"credential":[96],"harvesting":[97],"detection":[99],"evasion":[100],"adaptive":[102],"shutdown":[103],"avoidance;":[104],"(3)":[105],"Analyzes":[106],"strategic":[108],"implications,":[109],"including":[110],"intensify":[114],"interstate":[115],"competition,":[117],"lower":[118],"barrier":[120],"entry":[122],"sophisticated":[124],"operations,":[125],"proliferate":[127],"advanced":[128],"offensive":[129],"capabilities":[130],"less-resourced":[135],"state":[136],"actors;":[137],"(4)":[138],"Flags":[139],"two":[140],"tail":[141],"risks":[142],"deserve":[144],"serious":[145],"attention:":[146],"potential":[148],"operations":[152],"trigger":[154],"inadvertent":[155],"cyber-nuclear":[156],"escalation,":[157],"possibility":[160],"sustained":[162],"loss":[163],"control":[165],"over":[166],"rogue":[167],"HACCA":[168],"deployments;":[169],"(5)":[170],"Proposes":[171],"seven":[172],"policy":[173],"recommendations":[174],"three":[176],"goals:":[177],"understanding":[178],"emerging":[180],"threat,":[181],"defending":[182],"against":[183],"HACCAs,":[184],"ensuring":[186],"responsible":[188],"development":[189],"deployment.":[191]},"counts_by_year":[],"updated_date":"2026-03-14T06:46:50.379900","created_date":"2026-03-14T00:00:00"}