Hacking is often misunderstood as simply “breaking into computers.” But at its core, hacking is something broader and more fundamental:
Hacking means making a system do something it was not meant to do.
Sometimes that is creative. Sometimes it is criminal. The difference is permission, intent, and consequence.
A child who finds ten strange uses for an everyday object is thinking like a hacker. A security researcher who discovers an unexpected weakness in software is thinking like a hacker. An attacker who chains credentials, APIs, remote access tools, and network paths to move through an enterprise is also thinking like a hacker.
The common thread is this: hackers are not limited by what something was designed for. They ask what else it can be made to do.
In psychology, the term for this is divergent thinking: the ability to generate varied ideas or solution possibilities in response to a problem. Guilford called this “divergent production,” where idea generation matters because “variety is important.”
“DP abilities pertain to generation of ideas, as in solving a problem, where variety is important.”
— J. P. Guilford, Creativity: Yesterday, Today and Tomorrow, 1967
Computer hackers add one more dimension to divergent thinking: harmful intent. When the intent is criminal, ideological, or nation-state driven, the same ability to find unexpected uses becomes dangerous.
Until now, cyber defense has depended on two assumptions: humans have intent controls, and traditional software has functional fixedness. Agentic AI weakens both.
1. Human “Intent” We “Trust”
In the human world, organizations rely on many forms of trust. Human intent is not controlled only by technology. It is surrounded by social, legal, economic, and moral systems.
Employees have contracts, paychecks, reputations, social norms, audit trails, and legal consequences. Contractors have agreements, payments, and reputational risk. Partners have obligations and business intent alignment. Bad behavior has consequences.
This does not make humans perfectly trustworthy. But human intent is surrounded by controls.
A person may have access to sensitive systems, but they usually understand the boundary between legitimate work and abuse. If they cross that boundary, there are consequences.
That is why traditional access models often assumed some level of human intent:
“This person is an employee.” “This person is in finance.” “This person is an administrator.” “This person is trusted.”
Human-focused hacking is built around breaking this trust. Coercion, social engineering, phishing, credential theft, and privilege escalation all try to move trusted privilege into the hands of someone it was never intended for.
Who the privilege was intended for versus who actually gained control of it.
Human cyberattacks exploit trust and privilege by stealing it, coercing it, or tricking trusted parties into giving it away.
2. Traditional Software Has Functional Fixedness
Traditional software does not have human judgment. But it does have something close to functional fixedness.
It has zero divergent thinking.
A payroll application does payroll. A database responds to queries. A remote access tool opens remote sessions. A script executes a defined task. A service account calls a known API.
Traditional software is bounded by the logic developers wrote into it. It does not wake up and ask, “What else could I try?” It does not creatively search for a different path when blocked. It does not brainstorm twenty alternate ways to reach the same goal.
That boundedness gave defenders a certain advantage. Software had expected workflows, expected dependencies, expected ports, expected identities, and expected behaviors.
Software hacking is built around breaking this functional fixedness. Buffer overflows, SQL injection, command injection, API abuse, living-off-the-land techniques, and lateral movement all exploit the same basic gap:
What the system was intended to do versus what it can actually be made to do.
Software cyberattacks exploit the unintended possibilities hidden inside traditional software.
3. Agents Are Divergent Thinkers Without Human Moral Controls
Agentic AI changes the equation.
An agent is not just traditional software executing a fixed workflow. A powerful agent can reason, plan, call tools, retry failed attempts, chain steps, search documentation, write code, use APIs, analyze errors, and find alternate routes to a goal. It is a divergent thinker. That is exactly what makes agents useful. It is also what makes them dangerous.
Agents are powerful because they break functional fixedness. They are dangerous because they do so without the human intent controls that partially constrain people. Agents are not malicious in the human sense, but they operate entirely outside the bounds of social consequences, reputational risk, or fear of punishment.
This creates the perfect hacker shape: divergent thinking, machine speed, privileged tool access, and no moral compass.
It does not mean every agent is malicious. It means an agent can behave like a computer hacker: divergent thinking at machine speed, without the human intent controls that normally constrain behavior.
4. The Mythos Moment: When This Stops Being Theoretical
The Mythos moment is not just about one model or one vendor. It is a signal that the world has changed.
Mythos matters because it turns this argument from theory into evidence.
Anthropic says Mythos Preview:
- Found thousands of high-severity zero-day vulnerabilities, including some in every major operating system and web browser.
- Autonomously chained several Linux kernel vulnerabilities to escalate from ordinary user access to complete control.
- Wrote exploits in hours that expert penetration testers said would have taken weeks.
The pattern is clear: find, chain, accelerate.
This is divergent thinking executed at machine speed. The agent isn’t just following a script; it is creatively bypassing functional fixedness to achieve a goal. That means security teams can neither trust an agent’s intent nor underestimate its ability to chain complex tactics and techniques, create new procedures on the fly, and break through systems at machine speed. It is essentially a sophisticated hacker with machine speed and insider privilege: the most dangerous kind.
This is the core shift:
In the agentic era, intent is harder to trust, and bypassing controls through creative divergent thinking becomes a normal path, not an exceptional edge case.
Privilege becomes the controllable variable.
Organizations must assume that any user, workload, identity, service, agent, or tool could be used in an unintended chain. The answer is not to guess intent better. The answer is to reduce what each entity is allowed to do.
That means controlling access, permissions and reachability across users, workloads, applications, APIs, cloud services, OT/IoT systems, and networks.
Identity answers who or what is acting. Permissions define what it is allowed to do. Microsegmentation limits where it can go. Together, they constrain privilege and reduce the damage possible when divergent thinking finds an unintended path.
Conclusion
The Agentic Era makes Zero Trust essential.
Not because every agent is malicious, but because every powerful agent can behave like a sophisticated hacker: it can explore unintended paths, chain legitimate tools, and act faster than humans can review — all without a human moral compass to constrain its intent.
When intent can no longer be trusted or constrained, privilege is the only variable left to control. In the Agentic Era, Zero Trust is not just a framework; it is the only defensible model.
If your team is evaluating how to secure agentic systems without expanding risk, Contact Us to explore how Zero Trust and microsegmentation can reduce privilege, limit reachability, and contain unintended action paths.
