AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
The Smash-and-Grab Era

The Smash-and-Grab Era

By:

Share

TL;DR:
Cyberattack operations have shifted from patient, silent pre-positioning to loud ransoms to now: fast, parallel smash-and-grab attacks. LLMs remove the two things that made attackers slow and catchable (understanding the environment and sequential movement), leaving only inference speed as a limit. Defenders' detection-and-response model breaks when three attack paths advance in parallel and you have no way to know which to chase

Offensive operations have always had a relationship with time. But the attacker’s goal stays roughly constant; what has shifted across the decades is how long they’re willing to spend reaching it and how much noise they’re willing to make along the way. Three eras tell that story, and I think we’ve just walked into the third.

The First Era: Low and Slow

You get in, you go quiet, and you stay. The discipline is silence: no unusual traffic, no alerts, no announcement. Time is the attacker’s ally. Moving slowly is how they avoid detection while deepening access, mapping the environment, harvesting credentials, and pivoting toward higher-value systems. And for a pre-positioning mission, being in place and ready for whatever comes later is the objective.

Earlier in my career around 2004, I was responding to PRC-linked intrusions tied to what became known as Titan Rain, the first publicly disclosed Chinese state-sponsored espionage campaign. 22 years later, the names have changed and the tradecraft has sharpened, but the same patient, low-and-slow espionage is still with us. CISA, the NSA, and the FBI has assessed that the PRC-linked group Volt Typhoon has been pre-positioning on the IT networks of critical infrastructure (communications, energy, water, transportation) to enable disruption of operational technology in a future conflict. And they are patient in a way that ought to bother people more than it does. Investigators found Volt Typhoon quietly resided in some victim environments for at least five years. At that point, the attacker arguably knows where the good coffee is kept.

The Second Era: Loud is the Point

Ransomware broke the silence.

Between roughly 2016 and 2020, criminals pivoted toward targeted extortion against the organizations whose networks they had burrowed into; the industry came to call it “big game hunting.” Early access was still quiet, but everything after the encryption event was deliberately, performatively loud. This era also marked the industrialization of hacking: ransomware-as-a-service operators rented out the malware, initial-access brokers sold footholds, and cryptocurrency made the whole economy payable and anonymous. Perhaps, we could have guessed that cybercrime would eventually discover the benefits of specialization and outsourcing.

But the defining shift, for our purposes, was that it created a dialogue. The attacker announced themselves, named a price, and opened a negotiation that could drag on for weeks or months. They learned to weaponize data at every level with encryption being the first step. From there, they stole the data, threatened to leak it, and pressured to damage their reputation with customers and partners. Then came the escalation: ALPHV/BlackCat filed a complaint with the SEC against MeridianLink, accusing it of failing to disclose the breach under the four-day rule, which hadn't taken effect yet.

Regulators themselves had become one of the levers. You almost have to admire the nerve: turning a compliance rule into a negotiating lever. I take some small comfort in the fact that even cybercriminals have to stay current on regulatory developments.

The Third Era: Smash and Grab

Low-and-slow was quiet. Ransomware was loud and wanted to talk. The era now forming is loud but has no interest in a conversation — there isn’t time for one. Call it the smash-and-grab. My argument is that this mode could come to dominate with LLMs driving speed and scale.

Speed. The collapse was already underway before AI entered the picture. Secureworks watched median ransomware dwell time fall from 4.5 days to under 24 hours in a single year, with deployment within five hours at times. The point is that the floor was never human reaction time; it was the attacker’s own critical thinking and the need to move quietly enough to stay below detection thresholds. Most of that slow work went into understanding the environment like mapping topology, finding the crown jewels, learning what connects to what. Now, point an LLM at internal access, and it can read your IT support wiki, your runbooks, your architecture diagrams, and your onboarding guides.

Scale. This is the part I suspect defenders haven’t fully reckoned with. Once movement isn’t gated by comprehension, it can happen in parallel: multiple paths, multiple objectives, pursued at once rather than one careful step at a time. And we’re already seeing the mechanism that makes this possible. In 2025, Google’s Threat Intelligence Group documented the first malware observed querying a large language model in a live operation: APT28’s PROMPTSTEAL, which generates its commands on the fly instead of hard-coding them. Researchers have named the pattern: LLM-as-C2, where the implant on your network is a thin client that relays context back to a model and asks what to do next. Much of this category is still early, closer to proof-of-concept than mass deployment, but the architecture is the tell.

So, consider what’s actually left as the limit. Remove the bottleneck of human critical thinking, and in a traditional sense, the constraint falls back to network speed. But the smash-and-grab operator doesn’t care about moving slowly to stay hidden, so network speed stops being a meaningful limit, too. Strip both away and what remains is the speed of inference: how fast the model can decide what to do next (h/t Joe Demesy for being a great thought partner).

And that is what breaks the defender. Detection-and-response assumes you can spot a threat and then decide where to intervene. However, against a malicious operation moving in parallel, by the time you’ve triaged one path, three others have advanced, and you have no way of knowing which to chase first. Speed alone would be hard enough; speed and parallelism together leave no clean thread to pull.

So, What Changes?

I genuinely don’t know, which is mildly inconvenient given that I’ve just spent 1,500 words explaining why I’m concerned about it.

Maybe it’s the outcomes we already know, like data theft and extortion, just compressed to a tempo defenders will have to figure out how to match. Or maybe the noise itself becomes the point: touch enough systems fast enough and the volume becomes camouflage. You hide inside the noise.

This is the part where a LinkedIn post like this usually pivots to a product pitch…I’m not gonna do that to you. 😊

I’ve been in the breaking-in business for over 25 years, and I’m sharing here because I think it’s worth understanding what the possibilities are before they arrive. So, if you have any thoughts, I’d love to hear them.

Vinnie Liu headshot

By Vinnie Liu

CEO & Co-founder

Vincent Liu (CISSP) is CEO and cofounder at Bishop Fox. With over two decades of experience, Vincent is an expert in offensive security and security strategy; at Bishop Fox, he leads firm strategy and oversees client relationships. Vincent is regularly cited and interviewed by media such as Dark Reading, The Information, and NPR. He has presented at Microsoft BlueHat and Black Hat and has co authored seven books including Hacking Exposed Wireless and Hacking Exposed Web Applications. Vincent sits on the advisory boards of AppOmni. Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he held roles at Ernst & Young Advanced Security Centers and the National Security Agency.
More by Vinnie Liu

Subscribe to our blog

Be first to learn about latest tools, advisories, and findings.

Recommended Posts

You might be interested in these related posts.

Industry Blog

Enabling Proper PCI Testing with Internal Penetration Tests

Enabling Proper PCI Testing with Internal Penetration Tests
PCI DSS v4.0.1 made internal penetration testing more complex, bringing cloud infrastructure, SaaS apps, and build pipelines explicitly into scope. Derek Rush breaks down how to scope a compliant IPT, what to test, and what a QSA-ready deliverable actually looks like in practice.
Read Post
Industry Blog

Mythos Doesn't Deploy Itself

Mythos Doesn't Deploy Itself
AI is raising the ceiling for skilled researchers and flooding bug bounty programs with polished but inaccurate submissions at the same time. Both things are true, and the reconciling variable is the harness built around the model and the expertise of the person driving it.
Read Post
Industry Blog

Introducing Joro: Using AI to Build Security Tooling

Introducing Joro: Using AI to Build Security Tooling
Bishop Fox is releasing Joro, a collaborative web exploitation framework built almost entirely with AI. From intercepting proxy to C2 integration, this post covers how it was built, what it does, and what AI-assisted security tool development actually looks like in practice.
Read Post

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.