THE Hacker News argues that the Kill Chain is obsolete when an AI agent itself becomes the threat, describing how an attacker who has compromised an AI agent already inside a organisation can bypass traditional detection steps. In September 2025, Anthropic disclosed that a state-sponsored actor used an AI coding agent to run an autonomous cyber espionage campaign against 30 global targets, with the AI handling 80-90% of tactical operations.
The article notes that the Kill Chain was a model developed by Lockheed Martin in 2011 to describe attacker movement from initial access to exfiltration, but that AI agents can skip these steps entirely because they already possess data maps, broad permissions, and legitimate reasons to move across systems, making the chain invisible to traditional monitoring.
It also highlights the OpenClaw crisis, where roughly 12% of public marketplace skills were malicious and over 21,000 instances were exposed, illustrating how a compromised agent could access messages, files, emails and documents with persistent memory. The piece cites claims that LUCR-3 and APT29 invest in stealth, yet even when artifacts exist, an AI-driven agent can move data in ways that evade conventional detection. It concludes that security teams must gain visibility of all AI agents in their SaaS ecosystems to close the gap.