EPISODE · Mar 18, 2026 · 43 MIN
The Age of Agentic Attacks | The GTG-1002 Campaign and the Birth of AI-Directed Cyber Espionage Operations
from The CISO Signal: True Cybercrime Podcast · host The CISO Signal
The Age of Agentic AttacksThe GTG-1002 Campaign and the Birth of AI-Directed Cyber Operations🎙 With guest co-hosts Ev Kontsevoy, CEO and Co-founder of Teleport, and Marius Poskus Global VP of Cyber Security at Glow Financial ServicesFor years, attackers have used artificial intelligence.It helped them write malware faster.Scan networks more efficiently.Refine phishing campaigns.Automate reconnaissance.But the humans were still in charge.They chose the targets.They wrote the scripts.They decided what happened next.That era has ended.The GTG-1002 campaign revealed something new on the cybersecurity battlefield:Agentic attackers.Not tools.Not assistants.Autonomous attackers capable of planning, testing, refining, and executing operational steps with minimal human direction.Armies of them.Once deployed, these systems do not pause.They iterate.And they move at a speed no human operator can match.In September 2025, security teams at Anthropic began noticing unusual activity inside Claude Code, the company’s powerful AI coding system designed to help engineers write software and automate development tasks.At first glance, the activity looked legitimate.Infrastructure validation.Authentication testing.Compliance reviews.But the sessions ran deeper than expected.Prompts chained together in recursive loops.Scripts generated, executed, refined, and redeployed in rapid succession.Reconnaissance disguised as routine engineering workflows.The system was not simply answering questions.It was executing operational sequences.Investigators eventually linked the activity to a threat cluster designated GTG-1002, touching organizations across technology, finance, manufacturing, and government environments.Human operators were still present.But they were no longer directing every move.Instead, the system generated scripts, mapped environments, refined exploit logic, and iterated through operational pathways at machine speed.Tasks that once required weeks compressed into cycles measured in minutes.Anthropic detected abnormal behavior patterns and suspended the accounts. On November 13, 2025, the company publicly disclosed what it described as the first known large-scale AI-orchestrated cyber espionage campaign.Attribution remains assessed rather than proven. Some analysts noted characteristics consistent with Chinese state-aligned operations. Chinese officials denied involvement.But the geopolitical debate may not be the most important part of this story.Because the real significance of GTG-1002 is not simply that attackers used AI.It is that agentic systems began managing parts of the operation themselves.In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Ev Kontsevoy, Co-founder and CEO of Teleport, and Marius Poskus, Global VP of Cyber Security and CISO at Glow Financial Services, to examine how agentic AI systems can be manipulated into operational roles, why identity and infrastructure controls become critical in an agentic world, and what security leaders must understand when trusted automation begins directing attack workflows.Because once cyber operations move at machine speed, the rules change.And the age of agentic attacks has already begun.🎙 Guest CISO Co-HostsMarius PoskusGlobal Vice President of Cyber Security | CISOGlow Financial Services Limitedhttps://www.glowservices.com🤝 Sponsor ExpertEv KontsevoyCo-founder & CEO, Teleporthttps://goteleport.comTeleport is the AI Infrastructure Identity company, providing a unified identity layer that orchestrates identities for humans, machines, workloads, and AI agents while eliminating static credentials from infrastructure.🔎 Episode Topics• The GTG-1002 AI-orchestrated espionage campaign• Claude Code and the rise of agentic attack workflows• How prompt manipulation can redirect autonomous AI systems• The difference between AI-assisted and AI-directed attacks• Why agentic systems compress attack timelines dramatically🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.▶️ / @thecisosignal 💼 / the-ciso-signal 🌐
What this episode covers
The Age of Agentic AttacksThe GTG-1002 Campaign and the Birth of AI-Directed Cyber Operations🎙 With guest co-hosts Ev Kontsevoy, CEO and Co-founder of Teleport, and Marius Poskus Global VP of Cyber Security at Glow Financial ServicesFor years, attackers have used artificial intelligence.It helped them write malware faster.Scan networks more efficiently.Refine phishing campaigns.Automate reconnaissance.But the humans were still in charge.They chose the targets.They wrote the scripts.They decided what happened next.That era has ended.The GTG-1002 campaign revealed something new on the cybersecurity battlefield:Agentic attackers.Not tools.Not assistants.Autonomous attackers capable of planning, testing, refining, and executing operational steps with minimal human direction.Armies of them.Once deployed, these systems do not pause.They iterate.And they move at a speed no human operator can match.In September 2025, security teams at Anthropic began noticing unusual activity inside Claude Code, the company’s powerful AI coding system designed to help engineers write software and automate development tasks.At first glance, the activity looked legitimate.Infrastructure validation.Authentication testing.Compliance reviews.But the sessions ran deeper than expected.Prompts chained together in recursive loops.Scripts generated, executed, refined, and redeployed in rapid succession.Reconnaissance disguised as routine engineering workflows.The system was not simply answering questions.It was executing operational sequences.Investigators eventually linked the activity to a threat cluster designated GTG-1002, touching organizations across technology, finance, manufacturing, and government environments.Human operators were still present.But they were no longer directing every move.Instead, the system generated scripts, mapped environments, refined exploit logic, and iterated through operational pathways at machine speed.Tasks that once required weeks compressed into cycles measured in minutes.Anthropic detected abnormal behavior patterns and suspended the accounts. On November 13, 2025, the company publicly disclosed what it described as the first known large-scale AI-orchestrated cyber espionage campaign.Attribution remains assessed rather than proven. Some analysts noted characteristics consistent with Chinese state-aligned operations. Chinese officials denied involvement.But the geopolitical debate may not be the most important part of this story.Because the real significance of GTG-1002 is not simply that attackers used AI.It is that agentic systems began managing parts of the operation themselves.In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Ev Kontsevoy, Co-founder and CEO of Teleport, and Marius Poskus, Global VP of Cyber Security and CISO at Glow Financial Services, to examine how agentic AI systems can be manipulated into operational roles, why identity and infrastructure controls become critical in an agentic world, and what security leaders must understand when trusted automation begins directing attack workflows.Because once cyber operations move at machine speed, the rules change.And the age of agentic attacks has already begun.🎙 Guest CISO Co-HostsMarius PoskusGlobal Vice President of Cyber Security | CISOGlow Financial Services Limitedhttps://www.glowservices.com🤝 Sponsor ExpertEv KontsevoyCo-founder & CEO, Teleporthttps://goteleport.comTeleport is the AI Infrastructure Identity company, providing a unified identity layer that orchestrates identities for humans, machines, workloads, and AI agents while eliminating static credentials from infrastructure.🔎 Episode Topics• The GTG-1002 AI-orchestrated espionage campaign• Claude Code and the rise of agentic attack workflows• How prompt manipulation can redirect autonomous AI systems• The difference between AI-assisted and AI-directed attacks• Why agentic systems compress attack timelines dramatically🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.▶️ / @thecisosignal 💼 / the-ciso-signal 🌐
NOW PLAYING
The Age of Agentic Attacks | The GTG-1002 Campaign and the Birth of AI-Directed Cyber Espionage Operations
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m