Recent incidents show attackers moving beyond LLM-written phishing lures to using AI across attack chains. Security teams must sharpen playbooks in response.
Enterprises have worked for years to improve detection and response times in the face of increasingly sophisticated attacks that relied on manual hacking and living-of-the-land techniques. AI is now threatening to undo those efforts.
An increasing number of threat actors are automating all phases of attacks, including lateral movement by using LLM-powered agents, severely reducing the time from initial access to deep environment compromises.
...
“What this exposes is a truth that all security personnel must come to terms with: Most breaches won’t hinge on advanced AI, but on unpatched systems, exposed services, and weak identity controls,” Gidi Cohen, CEO and co-founder of AI security startup Bonfy.ai, tells CSO. “AI just makes those gaps impossible to ignore. The organizations that will struggle aren’t the ones lacking AI defenses; they’re the ones still relying on human-speed security in a machine-speed threat environment.”