SecuritySOC

Kill Chain Engineering for the LLM Era: Two Phases Compress, Three Explode, and the SOC Has to Restructure

Offensive AI compresses two kill chain phases to near zero and explodes three. What that redistribution means for SOC posture, headcount, and procurement.

The Lockheed Martin kill chain is a 2011 paper that's aged better than most threat models. Seven phases, in order: reconnaissance, weaponization, delivery, exploitation, installation, command and control, then actions on objectives. Those are still the right phases. What's changed is the relative volume of work the attacker does in each one, and the model the SOC needs to respond with.

I want to argue something specific. Give an attacker access to a competent offensive AI, and two of the seven phases compress to near zero while three explode in volume. The other two hold steady. If the SOC's posture, headcount, and procurement haven't adjusted to that redistribution, the SOC is fighting the 2018 kill chain against a 2026 adversary, and the math doesn't work.

What compresses

Two phases compress hard.

Weaponization is the first. In the human attacker era, weaponization meant taking a known vulnerability and turning it into a deliverable payload. Skilled work, often the bottleneck in a campaign, and it produced artifacts defenders could fingerprint: a specific exploit kit, a specific payload structure, a specific C2 framework. Defensive AI and threat intelligence have a decade of accumulated work fingerprinting exactly those artifacts.

In the offensive AI era, weaponization is generation. The agent emits a candidate payload at a token rate. It doesn't reuse a known exploit kit. It synthesizes a new one each time, often pulling elements from multiple references and parameterizing the structure so two payloads against the same vulnerability look almost nothing alike. The artifact-based fingerprinting that worked in 2020 still catches the worst offenders. It misses the median output of an offensive AI system in 2026.

Command and control is the second. C2 used to require infrastructure. Domains, servers, certificates, beacon protocols, every piece of it throwing off telemetry defenders could correlate. The current state of the art compresses C2 dramatically, because the agent can ride legitimate cloud services, legitimate document collaboration platforms, and legitimate AI APIs as carriers. The infrastructure footprint shrinks. So does the detection surface.

Both compressions are bad news for any defender whose detection strategy was tuned for 2020. Neither is unrecoverable. Both demand a shift in where the money goes.

What explodes

Three phases explode in volume. By that I mean the attacker can run them in parallel at a scale no human team could match.

Reconnaissance is the first. An offensive AI agent against a representative target enterprise runs hundreds of reconnaissance probes against the attack surface in the time a human red teamer takes to write the first email. The probes are diverse and parameterized and mostly noisy. Signal-to-noise drops, because the noise is now an industrial product.

Lateral movement is the second. Once a foothold exists, the AI agent enumerates pivot paths in parallel, tests harvested credentials across every reachable host at once, and prunes the search tree based on responses. A human attacker walks that tree depth-first, testing one hypothesis at a time over days. The AI agent walks it breadth-first in minutes. The detection signature, if you have one at all, is the volume of authentication events rather than the specific path chosen.

Actions on objectives is the third. Once the attacker is in position, exfiltration or modification or denial happens at a speed bounded only by network bandwidth. No human pause to think about what to take next. The agent ranks the targets, drains them in parallel, and stops when the objective function is satisfied or the runtime is detected.

Those three phases together are where the defensive workload has shifted. They're also where existing SOC tooling is least prepared.

Where the SOC has to restructure

If the kill chain has redistributed, the SOC has to redistribute too. Here are three concrete operational shifts.

Alert routing comes first. The 2018 SOC routed alerts by severity and source. The 2026 SOC has to route by phase, because the response to a reconnaissance burst differs from the response to a lateral movement burst, and both differ from the response to an actions-on-objectives burst. A flat alert queue produces the wrong response time on whichever phase needs the fastest reaction.

Dwell time targets come second. The traditional metric, mean time to detect, becomes the wrong number when the kill chain compresses. What matters in 2026 is mean time to phase transition detection: how fast the SOC sees the attacker move from reconnaissance to lateral movement, or from lateral movement to actions. The phase transitions are where the attacker commits resources and exposes signal. Detect a transition faster and you have more options to break the chain.

Third is the relationship between the SOC and offensive testing. In the 2018 model the red team came in once a quarter, found findings, wrote a report, and left. In the 2026 model the SOC needs continuous offensive pressure against representative targets, ideally produced by the same kind of offensive AI the real adversary is using. The output of that pressure isn't a report. It's a continuous stream of detection deltas that the SOC team and the defensive vendors both consume.

What this implies for tooling

The tooling implications fall out of the redistribution.

For reconnaissance, defenders need volumetric anomaly detection that doesn't assume reconnaissance has a predictable shape. AI-generated reconnaissance looks different every run, so fingerprint-based detection misses it. Behavioral detection that looks for the absence of expected patterns does better here, because the attacker AI hasn't learned to mimic the long tail of legitimate behavior in your environment.

For weaponization and C2, defenders should give up on specific artifact fingerprinting as a primary control. It still has value as a backstop. It's no longer the line of first defense. That line becomes the inverse: trusted by default, allowed by exception, with high-quality telemetry on every exception path.

For lateral movement, defenders need to instrument credential use at a granularity most environments don't currently have. Every authentication event, with full context, indexed for fast correlation. The volume is significant. The correlation is where the value sits.

For actions on objectives, defenders need data-plane controls that can throttle exfiltration at machine speed. Human reviewers can't keep up with the speed at which an AI agent drains a target. The throttle has to be automated, with human escalation layered on top, rather than the reverse.

A closing observation

The Lockheed kill chain was built for an adversary who shared the defender's bandwidth. The 2026 adversary doesn't. It spawns parallel kill chains across many targets at once, each one compressed in weaponization and command, each one exploding in reconnaissance, lateral movement, and actions.

The defender's response isn't a different kill chain. It's the same kill chain with rebalanced investment. The phases that compressed need less detection effort. The phases that exploded need a lot more. The SOC that hasn't done this rebalancing will discover, in the next public incident, that it's running 2018 plays against 2026 problems.

The work of rebalancing isn't glamorous. Staffing, tooling, routing decisions. None of those make for a good demo. All of them determine whether the SOC has a useful answer the next time the C-suite asks how the agent got past the controls.

← All Posts

Bring the Data Center to the Workload.

Talk to us about deploying Atlas for your mission.

Contact Us