AI Agents vs. Canaries: Detecting Attacks That Move at AI Speed

AI agents can now compromise a cloud environment in minutes - and they're only getting faster. Tracebit benchmarked ten frontier AI models inside a controlled AWS cyber range to measure how quickly they can escalate to admin, and whether deception technology catches them in time. Across 951 attack runs, AI reached admin privilege escalation in an average of 14 minutes - but canaries warned the defender before the attack landed in 95.9% of those runs, a median 8 minutes ahead of the attacker's first critical action.

Missed the live session? Watch the full recording on YouTube. The researchers behind the study walk through the benchmark design, a synchronized replay of AI agents attacking the same account with and without canaries, and what it means for defending against offensive AI agents.

In the recording, Tracebit's Alessandro Brucato (Security Researcher) and Sam Cox (Co-founder & CTO), alongside Nick Reva, Director of Security Engineering at DoorDash, give a hands-on look at detection in the age of AI attackers.

The team also digs into a challenge they faced: using AI to research AI. They cover how to get reliable signal out of models that tend to agree with whatever you put in front of them, and how to keep your testing objective so the results aren't skewed by a model telling you what you want to hear.

What you'll take away:

Who Should Watch:

• Security leaders preparing their detection strategy for offensive AI agents
• Security engineers and architects building detection and deception programs
• Detection and response teams focused on high-fidelity signal and early warning
• Cloud security teams responsible for AWS, GCP, and Azure environments