Adversary-Indistinguishability Blind Spot

Problem

An autonomous attacker is not more anomalous than a human — it is less. It runs flawless, consistent sequences with legitimate credentials and standard tool calls, so it sits well inside the normal band that anomaly detection is tuned to, and the very tooling meant to catch intrusions is structurally blind to it. The blind spot exists precisely because the adversary is an agent: the cleaner and more consistent its behaviour, the more normal it looks, while a human doing the same actions would have tripped the irregularity heuristics. Detection calibrated to human irregularity therefore misses the threat it most needs to see.

Solution

Stop equating 'looks normal' with 'is safe' when the adversary can be an agent. Supplement human-irregularity anomaly detection with signals an autonomous attacker cannot make look human. Add cryptographic provenance and identity for which automation is acting, intent and authorisation checks on sequences rather than per-action normality, and rate and volume baselines specific to legitimate automation. Scope capabilities tightly so a credential-legitimate agent still cannot reach a lethal combination of actions. Treat flawless, high-consistency activity as a category to verify against its authorised purpose rather than as evidence of benignity. The defence is to detect on what an agent adversary cannot fake, not on the human-noise signature it never had.

When to use

• Recognising this blind spot when intrusion detection relies on deviation from a human behavioural baseline.
• Reviewing a SOC whose anomaly tooling has no signal for credential-legitimate, highly consistent automated activity.
• Diagnosing why a known autonomous-agent intrusion produced no anomaly alerts.