Key insight
The kill chain describes a typical intrusion as an ordered series of stages, and breaking it at any single stage stops the whole thing, which is why defenses belong at multiple stages, not just the first one. AI agents compress this multi-stage chain dramatically, sometimes into a single moment, because one convincing piece of content can deliver the foothold and the damaging action at once.
A chain is simply a series of connected links, and if any single link breaks, the whole chain falls apart, no matter how strong every other link happens to be. The kill chain borrows that exact idea to describe a typical computer intrusion as an ordered series of stages, rather than one single event, and this article walks through what those stages are and why the metaphor matters so much for defense.
1 · Why a chain, and not just one event
An intrusion is rarely one dramatic moment. It is usually a sequence: research, then entry, then expansion, then finally the action that was the entire point of the intrusion. Describing it as a chain of separate stages, instead of one single event, matters enormously for defense, because it means there are multiple separate opportunities to stop it, not just one.
2 · The typical stages, one at a time
- Reconnaissance. Researching a target from the outside, the way a burglar might quietly study a house’s routines before ever approaching it.
- Initial access. Gaining a first foothold, often through a convincing phishing email or a software flaw.
- Persistence. Establishing a way back in that survives even if the original entry point is later discovered and closed.
- Expansion. Moving sideways and upward toward something valuable, using the earlier foothold as a starting point.
- Action on objective. Carrying out the actual goal of the intrusion: stealing data, destroying it, or whatever the point of the whole effort was.
3 · Why breaking any one link stops the whole chain
The single most useful fact about the entire chain is that defenders do not need to stop every stage. Breaking the chain at any one link stops the whole intrusion from completing, exactly the way removing one link from a physical chain leaves two separate, useless pieces instead of one working chain. This is why security teams deliberately place independent defenses at multiple different stages, rather than betting everything on stopping an attacker only at the very first step.
4 · A worked example: a phishing intrusion, stage by stage
An attacker researches a company's public employee directory, reconnaissance. They send a convincing phishing email to one employee, gaining initial access when it is clicked. They quietly install a small program that lets them reconnect later even if the employee changes their password, persistence. They move from that employee's laptop toward a shared file server, expansion. And finally they copy sensitive files off that server, action on objective. A defense that only exists at the phishing email stage misses every other opportunity; a defense at the persistence or expansion stage can still stop the chain even after the phishing email already succeeded.
5 · Why AI agents compress the chain dramatically
An AI agent, software that decides on its own which tools to call based on instructions written in ordinary language, compresses this whole multi-stage chain dramatically, sometimes down to a single stage. One cleverly worded piece of content can simultaneously deliver the initial foothold and the final damaging action in the very same moment, because the agent reads the content and acts on it in one continuous step, skipping several stages a human-driven intrusion would normally need days or weeks to work through one at a time.
6 · Applying the kill chain on purpose
- Defend at multiple stages, not just one. A single strong defense at only the first stage leaves every later stage completely unguarded.
- Detect persistence specifically. A way back in that survives password changes is one of the most valuable stages to catch early.
- Watch for compressed chains around agents. Do not assume an intrusion will politely take several separate steps.
- Rehearse breaking the chain, not just noticing it. Knowing a stage happened is different from having a plan that actually stops it.
7 · A simple test you can run this week
1. Pick one system, or one AI agent, that matters to you.
2. List a defense you currently have at each of the five stages.
3. Note any stage with no real defense at all.
4. Add one for the stage that worried you most.
8 · Glossary — every short-form term, spelled out
- Kill chain
- An ordered series of stages a typical intrusion moves through, from research to final damaging action.
- Reconnaissance
- Researching a target from the outside before ever attempting to get in.
- Persistence
- A way back into a compromised system that survives even after the original entry point is closed.
- AI agent
- Software that decides, on its own, which tools to call and which actions to take, based on instructions written in ordinary language.
The kill chain describes an intrusion as ordered stages, not one single event.
Breaking any one link stops the whole chain, so defenses belong at multiple stages, not just the first.
Persistence and expansion are stages worth catching even after initial access already succeeded.
AI agents can compress the whole chain into a single moment, so do not assume an attacker needs several separate steps.
References
- Lockheed Martin, Cyber Kill Chain framework, Lockheed Martin Corporation. lockheedmartin.com
- MITRE ATT&CK, Tactics overview, The MITRE Corporation. attack.mitre.org