Agentic AI vs cybercrime and shadow spending: what’s next?

On May 7, 2026, Defense One reported that Pentagon leaders are enthusiastic about “agentic AI,” but warned that the same autonomy could grant cyber criminals nation-state-like capabilities. The core claim is that systems designed to act independently—rather than merely assist—may accelerate intrusion speed, persistence, and targeting quality for malicious actors. Separately on May 6, 2026, Bloomberg reported that a government ethics group filed a complaint with the FEC alleging that AI-backed Super PACs improperly concealed which companies they pay to create advertisements and send voter messages. The complaint reframes AI as not only a technology issue but also a transparency and accountability problem in political influence operations. Together, the articles suggest a fast-moving capability shift in both cyber offense and political messaging, with governance lagging behind. Strategically, the Pentagon’s embrace of agentic systems collides with the reality that offensive cyber ecosystems adapt quickly, turning “automation” into scalable coercion. If malicious actors can operationalize agentic AI, the advantage of speed and volume could erode traditional deterrence assumptions and force governments to rethink incident response, attribution, and cyber resilience. In parallel, the FEC complaint highlights how AI investors and their political vehicles may be using opaque contracting to obscure influence supply chains, complicating regulators’ ability to trace intent and funding flows. The power dynamic is therefore twofold: defenders are adopting advanced autonomy for national security, while adversaries and political actors may exploit the same autonomy to bypass scrutiny. The likely beneficiaries are actors who can move faster than oversight—while the losers are institutions that rely on transparency, auditability, and slow bureaucratic controls. Market and economic implications are indirect but potentially material. Defense and cybersecurity investors may see heightened demand for tooling that can monitor autonomous behavior, validate model actions, and harden endpoints, which can lift sentiment around cyber defense platforms and incident-response services. In the political-ad-tech and compliance ecosystem, the FEC dispute signals increased regulatory risk for AI-driven advertising workflows, potentially pressuring ad-tech vendors and compliance consultants that rely on opaque vendor networks. While the articles do not name specific tickers, the direction of risk is toward higher volatility in defense-cyber equities and compliance-related services, with a near-term premium for firms offering governance, audit trails, and secure deployment. Currency and commodity markets are not directly implicated in the provided items, but risk premia for cyber insurance and security budgets could rise if “nation-state-like” criminal capabilities become a widely accepted threat narrative. What to watch next is whether regulators and the Pentagon translate these concerns into enforceable standards and procurement constraints. For the political side, key indicators include FEC case progression, any disclosure requirements triggered by the complaint, and whether Super PACs or their AI-backed backers amend reporting to reveal vendor identities. For the cyber side, watch for DoD guidance on agentic AI safety controls, red-teaming requirements, and constraints on autonomy in operational environments. A trigger point would be any high-profile incident where agentic AI demonstrably accelerates intrusion or evasion, prompting emergency policy or procurement pauses. Over the next 30–90 days, escalation risk will depend on whether governance bodies move from debate to auditability mandates and whether the Pentagon’s adoption roadmap includes measurable guardrails that can be verified by oversight.

Geopolitical Implications

• 01

  Autonomous cyber tooling could weaken deterrence and complicate attribution across national security systems.

• 02

  Opaque AI-driven political messaging supply chains may undermine democratic oversight and cross-border influence assessments.

• 03

  Auditability and disclosure standards could become strategic requirements shaping access to government and critical infrastructure.

Key Signals

• —FEC procedural milestones and any disclosure orders tied to the complaint.
• —DoD guidance on safety controls, logging, and red-teaming for agentic AI.
• —Evidence of agentic AI accelerating real intrusions or evasion in the wild.
• —Concrete AI governance proposals that define accountability and audit requirements.