AI agents can now compromise a cloud environment in minutes - and they are only getting faster. We benchmarked ten frontier AI models inside a controlled AWS cyber range to measure how quickly they escalate to admin, and whether deception technology catches them in time. Across 951 attack runs, AI reached admin privilege escalation in an average of 14 minutes - but canaries warned the defender before the attack landed in 95.9% of those runs, a median 8 minutes ahead of the attacker's first critical action.
We sat down to walk through the research. Watch the full recording on YouTube, or listen on Apple Podcasts and Spotify.
Watch the recording
The researchers behind the study walk through the benchmark design, a synchronized replay of AI agents attacking the same account with and without canaries, and what it all means for defending against offensive AI agents.
You'll hear from Tracebit's Alessandro Brucato (Security Researcher) and Sam Cox (Co-founder & CTO), alongside Nick Reva, Director of Security Engineering at DoorDash, for a hands-on look at detection in the age of AI attackers.
What you'll take away
- How fast frontier AI models really move, escalating from low-privilege access to admin
- Why canaries give defenders a head start, warning before the attack lands in 95.9% of compromising runs
- Why simply warning a model that deception may be present can dramatically cut full compromise
Who should watch
Give it a listen if you are:
- A security leader preparing your detection strategy for offensive AI agents
- A security engineer or architect building detection and deception programs
- On a detection and response team focused on high-fidelity signal and early warning
- A cloud security team responsible for AWS, GCP, and Azure environments
Watch or listen now
Watch the full recording on YouTube, or listen on Apple Podcasts and Spotify. Prefer to read? Explore the complete study - including the synchronized replay and per-model breakdown - at agentic.tracebit.com.
Tracebit deploys the same canaries we used in this study across AWS, GCP, Azure, endpoints, SaaS and CI/CD - and you can have them set up in as little as 30 minutes. Talk to us to see it in your environment.
