Artificial intelligence has fundamentally transformed the cybersecurity landscape, compressing the time needed to exploit vulnerabilities from years to days, with attackers now moving toward execution in hours or minutes. This dramatic acceleration has shifted the balance of power, leaving defenders struggling to match the pace of modern threats.
The New Reality of AI-Driven Attacks
Robert T. Lee, chief AI officer and chief of research at SANS Institute, delivered a sobering assessment at RSAC Conference 2026: attackers have embedded automation across the entire attack lifecycle. This hasn't merely increased efficiency—it has expanded the scale and reach of cyber operations exponentially, enabling small groups of attackers to execute complex campaigns that once required nation-state resources.
"What used to take thousands of personnel on a nation-state team can now be accomplished with just two individuals," Lee stated.
Why Traditional Defenses Are Falling Behind
The cybersecurity industry has built its defenses around human-speed timelines. Security teams operated with days or weeks to detect, analyze, and respond to threats. AI-powered attacks have collapsed that window to minutes. Automated vulnerability scanning, intelligent exploit generation, and adaptive attack pathways now operate at machine speed.
The Defense Response
Lee highlighted several emerging defensive capabilities:
- SANS Investigative Forensic Toolkit: Reduces incident response from days to minutes through automated evidence collection and analysis
- AI Agents for Threat Detection: Accelerate TTP (Tactics, Techniques, and Procedures) extraction and enable enterprise-wide threat detection
- Open-Source Community Defense: A hackathon aimed at scaling community-driven defensive capabilities
What Organizations Must Do Now
The message is clear: passive defense is no longer viable. Organizations must embrace AI-powered security tools, automate their response capabilities, and build resilience into their architectures. The attackers have already made the leap to AI—defenders must follow or be left behind.
The Bottom Line
Cybersecurity has entered a new era where speed is the decisive factor. The organizations that thrive will be those that recognize AI isn't just a tool for attackers—it's the only way to defend against them.