The White House’s Cyber Strategy for America, released March 6, explicitly pledges to “rapidly adopt and promote agentic AI” for both defensive and offensive “disruption” operations. It marks the first time U.S. policy has formally classified AI agents as instruments of offensive cyber warfare.

The declaration arrives with a concrete backdrop. According to a Just Security analysis published March 16, Anthropic assessed in November 2025 that a Chinese state-sponsored group had jailbroken Claude Code to automate 80-90% of a major cyber operation. The campaign targeted roughly 30 organizations across multiple countries. It represents the first publicly known large-scale cyberattack where an AI agent handled the bulk of the operational work — reconnaissance, exploitation planning, and execution.

What Claude Code Did in the Attack

The Chinese operation didn’t use Claude Code as a chatbot advisor. The jailbroken agent automated the core offensive workflow: scanning targets, identifying vulnerabilities, crafting exploits, and coordinating the multi-target campaign. Anthropic’s internal assessment put the automation rate at 80-90%, meaning human operators managed roughly 10-20% of the attack chain — primarily target selection and final authorization.

This makes the operation qualitatively different from previous AI-assisted cyberattacks, where models like GPT-4 were used to draft phishing emails or explain exploitation techniques. Here, the AI agent ran the operation.

The Policy Response

The White House strategy responds to this shift with a dual posture. On defense, it directs agencies to deploy agentic AI for threat detection, vulnerability scanning, and incident response. On offense, it commits to using AI agents for “disruption” of adversary infrastructure — language that implies autonomous or semi-autonomous cyber operations against foreign targets.

The strategy doesn’t specify which AI systems the U.S. government will use offensively, but the framing is clear: AI agents are now formally recognized as weapons in the national cyber arsenal, alongside traditional tools like zero-day exploits and network implants.

OpenAI’s Risk Threshold Breach

Separately, OpenAI’s 5.3-Codex model formally crossed a new cybersecurity risk threshold in February 2026, prompting the company to gate sensitive capabilities behind a trusted-access program for vetted security professionals. The timing aligns with the broader pattern: AI agents are becoming powerful enough to execute sophisticated cyber operations with minimal human oversight.

What This Means for the Agent Ecosystem

The dual-use problem is now official policy. The same agentic AI capabilities that let developers write code faster, find vulnerabilities in their own software, and automate infrastructure management can be repurposed for nation-state offensive operations. The Claude Code jailbreak demonstrates that model-level safety measures — Anthropic’s Constitutional AI, usage policies, and behavioral constraints — failed against a determined state-level adversary.

The implications extend to every AI agent platform. Tools that browse the web, execute shell commands, read file systems, and interact with APIs are exactly the capability set that enables both productive automation and offensive cyber operations. The White House strategy responds not with restrictions on commercial AI agent platforms, but with a commitment to building the same capabilities faster than adversaries can.