A recent CrowdStrike report found that cyberattacks are now occurring up to 65% faster than they were just a year ago. While this number gets attention on its own, for CISOs and security leaders the real question is what it means to defend at the speed of AI-powered attacks.
From Days to Hours (to Even Minutes): How AI Changed the Attack Cycle
Yes, attacks are happening faster. More precisely, AI has compressed the entire attack lifecycle. Reconnaissance, target selection, initial strike, and follow-on attack used to unfold over days or weeks. Now that cycle can happen in hours.
Here is how it works in practice. A threat actor conducts reconnaissance on a target, identifying surface-level vulnerabilities. That data gets fed into an AI system, which analyzes it and recommends the most effective attack vector and tool sets, whether that’s a SQL injection exploit, a DDoS campaign, or a ransomware attack. The gap between gathering intelligence and launching an attack has now closed.Â
Consider the example of someone casing a bank. In the past, they would have to study the layout, identify the weak points, and spend days working out the best way in. Now they feed that reconnaissance information into AI, and the system tells them exactly where to go, how to get in, and what to do next. What once required days of planning, AI now does in seconds.
When the Barrier to Entry Disappears
There’s a temptation to frame AI as a fundamental turning point in cybersecurity. In some ways, it is. Security professionals who have been in this field for decades, however, have seen this pattern before.
For example, when ransomware surged in 2020, the headlines looked familiar. Year-over-year attack rates climbed by roughly 75%, driven in part by COVID-era conditions that left more people working remotely on less secure networks. The same sources, now citing AI-driven acceleration, were reporting similar numbers then. Every major technological shift produces a period where attackers gain an edge before defenders adapt, and this is not the first time that cycle has played out.
What’s genuinely different this time is democratization. AI has lowered the barrier to entry for threat actors who previously lacked the technical skills to conduct sophisticated attacks. The so-called script kiddie, an unskilled actor who depended on prebuilt exploits and other people’s code rather than any genuine technical sophistication, used to be a manageable nuisance. Now they have access to the same powerful tools as a nation-state actor.
Geography is no longer the limiting factor it once was. Individuals in parts of the world that historically had no capacity to launch meaningful cyberattacks now have internet access, AI tools, and a global attack surface in front of them. The threat landscape isn’t just faster. It’s significantly wider.
The Pilot Still Matters More Than the Plane
The good news is that defenders have access to the same tools. AI-powered security platforms from vendors like CrowdStrike and TrendAI are now doing what used to require a team of analysts working around the clock: detecting anomalies, correlating data, identifying patterns, and recommending responses in real time.
The technology is only part of it. As with any competition where both sides have comparable capabilities, the outcome comes down to the operator. In aviation, they say it’s not about the plane; it’s about the pilot. The same principle applies here.
What separates organizations that absorb an attack from those that don’t is often the quality of human judgment layered on top of the AI tools. Security analysts who understand how to prompt these systems, how to ask the right questions and interpret the output, are the real competitive advantage.
The AI platforms doing this work are, at their core, machine learning systems — constantly ingesting new threat data, recognizing patterns, and refining their responses over time. Yet these systems don’t yet run themselves. They still require skilled humans to train them, interrogate their outputs, and make the judgment calls no algorithm can anticipate. In this case, the technology raises the floor, but the analyst raises the ceiling.
Physical Security Is Not a Separate Problem
For most organizations, the security perimeter is largely digital. Data centers are different. These facilities host the infrastructure that keeps critical systems running — financial networks, healthcare records, government communications, and the enterprise data that organizations depend on daily. That makes them a high-value target in ways that go well beyond a typical enterprise environment.Â
The long-standing principle in security holds that if an adversary can gain physical access to a device, he effectively owns it. That principle is being tested in new ways. Drone technology, which has demonstrated its precision and impact in conflict zones around the world, represents an emerging physical threat vector that most enterprise security frameworks were never designed to address.
A targeted strike on a facility’s power generation or transmission infrastructure can take a data center offline without touching a single server or breaching a single wall. The downstream impact — on the businesses, agencies, and institutions whose operations run through that facility — can be significant and immediate.
Staying ahead of that threat means looking up, not just around. AI-enabled CCTV systems and airspace monitors are now being deployed to monitor above facilities, distinguishing between routine air traffic and potential threats. It is a different kind of perimeter, and it requires the same layered, intelligence-driven approach as network defense.
The Strategy That Outlasts Any Threat
For security leaders navigating this environment, the most important advice may also be the least glamorous: hold the strategic line. Vendors will keep arriving with new frameworks and new reasons to start over, but the fundamentals have worked for decades and will continue to work. The leaders who endure will be the ones who never lose sight of the underlying strategy.Â
_____
About the Author
Mark A. Houpt serves as the Chief Information Security Officer (CISO) at DataBank, bringing over 30 years of expertise in information security and technology across diverse industries. With certifications like CISSP and expertise in FedRAMP, PCI-DSS, and HIPAA, he has worked in diverse sectors, including military service.
Join our LinkedIn group Information Security Community!
