— AI is crossing from a hacking tool to an autonomous operator that decides and acts on its own. A field analysis. full document For two years, "AI in offensive security" mostly meant one thing: a faster human. Attackers used large language models to write phishing emails, draft malware, translate lures, or summarize stolen data. The model was a power tool. A human still held it. A cluster of incidents disclosed in late May 2026 quietly broke that assumption. In at least one case, the human let go of the wheel — and the attack kept driving. I publish an independent, OSINT-based CTI archive (TLP:GREEN), and over the past week I released five reports in four languages that, read together, sketch the same arc: AI is moving from a tool you point at a target to an operator that picks the target's locks by itself. Here is the field view. The spectrum: tool → operator → attack surface It helps to think of AI's role in an intrusion as a spectrum, not a switch.…