In recent months, a new infrastructure for cyber-operations has begun to take shape in the United States, one in which automated agents are no longer auxiliary tools but full-fledged participants in offensive campaigns. Amid intensifying strategic competition with China and the rapid expansion of autonomous capabilities, Washington is investing heavily in technologies that broaden the scale of attacks and shrink operational lead times, moving toward the concept of multithreaded, AI-driven intrusion. At the center of this initiative stands a little-known company called Twenty, based in Arlington, which has already secured multiple contracts with U.S. military agencies.
Although still operating in a semi-stealth mode, the firm has signed an agreement with U.S. Cyber Command worth up to $12.6 million, alongside a separate research contract with the Navy valued at $240,000. The fact that a venture-backed startup is receiving funding for offensive technologies distinguishes it from the traditional contractors that typically dominate this sphere. Twenty is also supported by entities tied to the intelligence community: its investors include In-Q-Tel — the venture arm established with CIA involvement — as well as private funds specializing in high-risk technological ventures.
According to Twenty’s website, the company builds automation tools that convert labor-intensive offensive procedures from manual workflows into continuous, parallelized operations executed simultaneously against a large set of targets. Its phrasing suggests systems engineered to autonomously identify vulnerabilities, prepare intrusion scenarios, and launch chains of attacks with minimal human involvement. Such an approach effectively turns offensive operations into a perpetual conveyor, with hundreds of addresses and services processed at once.
The company’s job postings reveal even more. Requirements for a director of offensive research include developing new methods of penetrating adversary networks, designing structures that model attack pathways, and creating automated exploitation systems built atop AI models. Engineers sought by Twenty are expected to work with tools that orchestrate multiple AI agents, including emerging open-source frameworks for coordinating groups of autonomous assistants. Other listings reference the creation of realistic digital personas designed to participate in social-engineering campaigns and infiltrate online communities or closed communication channels — a long-standing tactic employed by state agencies to gain access to hostile networks without direct technical intrusion.
Twenty’s team is composed of individuals with extensive experience in U.S. military and intelligence institutions. The company’s chief executive served in the Navy Reserve and worked on security products at a major American firm after its acquisition of a startup specializing in national-security network mapping. The chief technology officer focused on network-exposure analysis and previously served in Army signals-intelligence units. The head of engineering spent more than a decade at U.S. Cyber Command and in Army cyber divisions, while the director of government engagement worked on Capitol Hill and later joined the National Security Council’s transition team.
The United States is not the only country using AI models for intelligence and cyber-operational tasks. A recent report by Anthropic found that Chinese threat groups deploy models to prepare attacks, enabling autonomous agents to perform much of the routine groundwork — from infrastructure reconnaissance to crafting exploitation strategies. These systems dramatically reduce the time needed to plan complex operations and accelerate the discovery of weaknesses in the networks of rival states.
The Pentagon has also signed agreements worth up to $200 million each with OpenAI, Anthropic, and xAI, though the contents of these projects remain undisclosed. It is unknown whether these companies’ technologies are being adapted for offensive use. Given their access to models and infrastructure, such a scenario cannot be ruled out, especially amid mounting pressure from China.
In the broader context, the startup Twenty should be viewed alongside firms like Two Six Technologies, which has spent years developing an automation platform for offensive campaigns known as IKE. That system allows an autonomous module to green-light an attack once the probability of success passes a defined threshold. Although the total funding for IKE has reached $190 million, there is no indication it can execute parallel operations against hundreds of targets on the scale advertised by Twenty.
On the defensive side, the use of models is far more widespread. For example, the Israeli company Tenzai adapts AI models to search for vulnerabilities in corporate software. Its tools simulate attacks, not to compromise systems but to assess their resilience.
The emergence of automated, offensive-capable architectures is reshaping the landscape of cyber conflict. With technologies designed for broad, parallelized impact on adversary infrastructure, offensive operations become faster and vastly more expansive. Based on current contracts, the United States clearly aims to secure a decisive advantage in this domain — leveraging a coalition of major corporations, venture investors, intelligence resources, and agile startups building systems optimized for multithreaded, automated campaigns.