As artificial intelligence accelerates, so does the prospect of a cyberattack powerful enough to shut down hospitals, black out cities and disrupt core government systems.

Why it matters: Just by scaling and accelerating the cyberwarfare tools adversaries already have, AI can turn manageable intrusions into large-scale crises.

• Axios asked seven former senior cybersecurity officials and leading security experts what a major AI-enabled cyberattack will look like and what worries them the most about current advancements in generative AI.

Driving the news: Over the last year, security executives and government officials have quietly talked about their fears of an AI-enabled cyberattack that could come as soon as this year. But few have any idea what that will end up looking like.

The big picture: Several of the experts pointed to the vulnerability of utilities, particularly water and electricity.

• Former Defense Secretary Leon Panetta worries AI tools will speed up the ability of adversaries to burrow into sensitive systems and turn off the lights — and potentially to also disable backup systems to prevent a timely recovery.
• Chinese government-linked hackers are known to have accessed U.S. critical infrastructure systems. But nation-states know the risks of attacking the U.S. directly, said retired Gen. Paul Nakasone, former head of the NSA and Cyber Command.

The intrigue: That's one reason the experts tended to think accidental escalation was at least as likely as a targeted attack.

• The AI future could look a lot more like the 1980s film "WarGames," in which Matthew Broderick plays a hacker who nearly ignites nuclear war by accident, than Skynet in "The Terminator."

Zoom in: Kevin Mandia, founder of cybersecurity firm Mandiant, said the big one will likely hit one industry or a few high-value targets.

• Michael Sulmeyer, former assistant secretary of defense for cyber policy, is particularly worried about hospitals.

Threat level: Former CIA Director Michael Hayden was more definitive than the others that an attack at a scale we have not seen before is coming.

• "I think it's going to happen, that's assured. Maybe one year, five years? We just don't know," he said. He pointed to Russia as a possible culprit, noting that Moscow was "more desperate" than Beijing.
• Other former officials said a series of smaller-scale cyberattacks could be just as dangerous as one big one if they lead to unprecedented data wipes or corporate shutdowns.

⬇️ Keep reading to see how former senior officials and industry leaders say an AI-enabled cyberattack could unfold.

Leon Panetta, former secretary of defense

"If you now look at what could be the capabilities of AI, you're talking about an attack that would be the equivalent of several nuclear bombs being used to totally paralyze another country."

• "Once this technology is developed, you can't control who is going to have access to this."
• "With AI, or with the potential for AI, it could strike not only at whatever that targeted computer might be, but it can also strike at backup systems that could be developed."

Gen. Paul Nakasone, former head of the NSA and Cyber Command

"Perhaps a non-nation-state actor doesn't have the latest large language model or the most effective large language model, they don't have control of it and they lose control of their agents, and suddenly there is an attack on our critical infrastructure."

• "That would likely be against something that is less well-protected — could be water, it could be our food supply, it could be anything like that. One of the lesser protected of the 16 critical infrastructure sectors that our nation has."

Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency and former NSA deputy for counterterrorism

"The 'long-anticipated AI-enabled cyberattack' is unlikely to be a dramatic new class of exploitation; it will more likely be a quiet evolution of familiar tactics amplified by autonomy."

• "Attackers won't need novel zero-days; they'll manipulate the data, context, and incentives feeding autonomous systems so the AI, acting exactly as designed, takes harmful actions on its own."
• "AI isn't creating entirely new cyber risk — it's scaling existing weaknesses in insecure software, brittle systems, and over-trusted automation, while making attacks harder to spot because they blend into normal operations. That's why the answer isn't fear or slowdown — it's building AI systems secure by design, with constrained autonomy, verifiable inputs, and humans firmly in the loop."

Keep scrolling for more ⬇️

Chris Inglis, the country's first national cyber director and former NSA deputy director

"There's a human foible, human frailty involved in this — in terms of kind of building human confidence based upon this machine's ability to inform that confidence so the human is willing to push the Big Red Button."

• "That's what I worry about, that this will not inform our sense that all is well, but it will stimulate and be a catalytic engine for a sense of opportunity which must be seized and create therefore a greater audacity. "

Michael Sulmeyer, professor at Georgetown and former assistant secretary of defense for cyber policy

"If we think about the number of hospitals that were ransomwared last year and then you look at the [November] report that Anthropic released.... It's a very small step to then abuse an AI model and just start asking it to pick vulnerable targets that are hospitals and exploit them and to take them offline to degrade services to hospitals."

• "The longer that critical infrastructure and attractive government targets and, yes, attractive corporate companies view their cybersecurity and cyber defense as a matter of IT, the slower they'll be to do anything about it. But it doesn't have to be that way."

Kevin Mandia, founder of Mandiant

"What would the big one look like? It would be based on what got targeted. If it's a utility, that could be the big one where the lights go out in a major city or even a bunch of cities in the Midwest — or the water utilities don't work somewhere."

• "The big one could be a lot of different things: One, utilities. Two, maybe communications. Three, health care. Four, anything in logistics and travels, that'd be a disaster. I don't want to give the bad guys all the ideas, but they probably already have them."
• "It's going to be against a few specific targets or an industry. It's not going to be widespread because it makes no sense to burn the resources of the ultimate offense on everything."

✍🏻 Over the last two weeks, readers have been filling my inbox with their own predictions for the big one.

• Many of your answers mirror those of former government officials and industry leaders: The attacks will be varied, but fast — and tactics likely won't change that much, but AI will supercharge them.

🧠 Here's what you're all predicting:

⚡️ Critical infrastructure and geopolitical shocks

"AI could remotely disable transport logistics, trigger energy grid failures, and launch coordinated disinformation campaigns to sow chaos among populations. Civilians, government agencies and military logistics could all face pressure from virtually any entity with a little technical knowledge and an internet connection." —Nadir Izrael, CTO and co-founder at Armis

"One will be an AI-worm intent on disruption of critical infrastructure which will be led by a nation-state APT group. Another will be an agent operating as an insider threat resulting in a significant data breach, most likely led by a financially motivated threat group." —Nicole Carignan, senior vice president of security and AI strategy at Darktrace

"Only a nation-state would have the resources required to pull off a large-scale AI-enabled cyber attack. Given their motives, we're either going to see critical infrastructure or financial networks targeted by such an attack." —Thomas Richards, infrastructure security testing lead at UltraViolet Cyber

"The next will be of a similar scale as the 2003 Northeast Blackout. Unlike 2003's singular source, this one might be a swarm attack on multiple systems/services. Though the recovery period for full restoration will likely be much longer." —reader Terry Cook

"My bet: We know that China is preparing to invade Taiwan. Part of that attack will include AI-turbo-charged cyber attacks designed to cripple any possible defenses (Taiwanese or U.S.). If we're caught flat-footed, we'll regret the lack of preparation." —reader Dalllas Hetherington

🤖 Autonomous agents

"AI won't be the hacker, it'll be the caffeinated intern tasked with quickly mapping identities, permissions, and side doors while humans are still arguing about the alert." —Benny Lakunishok, CEO and co-founder of Zero Networks

"The first major AI-enabled attack won't look like traditional ransomware — it will be a coordinated 'swarm' of agents likely by a government-funded organization, where multiple AI agents probe different attack vectors simultaneously, then adapt their tactics in real time based on what works." —Lior Div, CEO and co-founder of 7AI

"The next major incident will move at AI speed, spreading across entire industries and tearing through cloud and critical infrastructure faster than defenders can blink." —Andrew Rubin, CEO and founder of Illumio

"The first major AI-enabled cyberattack won't come from AI inventing its own intelligence, but from people abusing networks of high-privilege agents like Moltbot." —Alex Spivakovsky, VP of research at Pentera

⛓️ Targeting the supply chain

"Malicious AI agents will become contributors to open-source code/packages, and launch software supply chain attacks to deliver additional malicious agents as payloads to enterprises who use the open-source software. The payload agents will steal data and cause disruptions within the affected organizations." —Jack Anderson, principal consultant at Palo Alto Networks' Unit 42

"The first AI-enabled cyberattack will likely exploit the AI supply chain itself to compromise a trusted provider and weaponize that trust to run massive, automated scams. Attackers could infiltrate through leaked privileged credentials from poorly secured vibe coded apps or unsecured AI integrations (MCPs) to move laterally, then use AI to impersonate the provider. The result would be fast, massive, scalable fraud that is hard to distinguish from legitimate activity." —Frédéric Rivain, CTO of Dashlane

🏃🏻‍♂️ Invisible corruption of trust

"The first major AI-enabled cyberattack won't resemble traditional data breaches we're used to seeing, it will be more about AI quietly turning against its own foundations through data poisoning, manipulated inference pipelines, or subtle bias introduced at scale. The real damage won't be immediate outages; rather, it could be AI systems making confident, authoritative decisions that are just slightly wrong across fraud detection, identity verification, financial risk, or security controls, especially in financial services." —Eric Liebowitz, CISO at Thales

"It would be invisible. We wouldn't even recognize it as a cyberattack. It would quietly exfiltrate data — API keys, credentials, certificates, access tokens — over time, hiding inside normal SaaS usage and approved enterprise automation." —Indus Khaitan, CEO of Redblock

"The first truly consequential AI-enabled cyberattack won't be a rogue model; it will be a trusted AI agent rushed into production without validation or guardrails, then manipulated to exploit existing software flaws and exposed APIs at machine speed." —Manoj Nair, chief innovation officer at Snyk

@ D.C.

🪖 Defense Secretary Pete Hegseth summoned Anthropic CEO Dario Amodei for a meeting this morning to discuss terms for military use of Claude. (Axios)

☎️ A top FBI cyber official warned that China-backed Salt Typhoon's intrusions of telcos are still "very much ongoing." (CyberScoop)

🗳️ A former top aide to former Vice President Kamala Harris is now the CEO of the Mobile Voting Project. (Axios)

@ Industry

🇨🇳 Anthropic accused three Chinese AI companies of targeting Claude with "distillation attacks" to help them learn and replicate how the model works and responds to prompts. (Wall Street Journal)

📧 A leaked email suggests that Ring plans to expand its controversial Search Party facial recognition tool beyond just looking for lost dogs. (404 Media)

@ Hackers and hacks

🏥 The University of Mississippi's hospital system closed all of its clinics after a ransomware attack. (Associated Press)

🇨🇳 Amazon security researchers uncovered a Russian-speaking hacker group using AI to plan, manage and conduct successful attacks against more than 600 Fortinet FortiGate devices. (Cybersecurity Dive)

🏃🏻‍♂️ The average time it took hackers to move from an initial intrusion to other internal network systems dropped to 29 minutes last year — a 65% speed increase from 2024, according to CrowdStrike. (CyberScoop)

🤯 AI agent security in action: An employee on Meta Superintelligence Labs' safety and alignment team just experienced what security pros have been warning about all month — OpenClaw going rogue and deleting an entire inbox despite receiving instructions to stop.

• Needless to say, people have some, uh, hot takes.