We’ve all seen this earlier than: a developer deploys a brand new cloud workload and grants overly broad permissions simply to maintain the dash shifting. An engineer generates a “short-term” API key for testing and forgets to revoke it. Previously, these have been minor operational dangers, money owed you’d ultimately pay down throughout a slower cycle.
In 2026, “Ultimately” is Now
However immediately, inside minutes, AI-powered adversarial techniques can discover that over-permissioned workload, map its id relationships, and calculate a viable path to your vital belongings. Earlier than your safety crew has even completed their morning espresso, AI brokers have simulated 1000’s of assault sequences and moved towards execution.
AI compresses reconnaissance, simulation, and prioritization right into a single automated sequence. The publicity you created this morning might be modeled, validated, and positioned inside a viable assault path earlier than your crew has lunch.
The Collapse of the Exploitation Window
Traditionally, the exploitation window favored the defender. A vulnerability was disclosed, groups assessed their publicity, and remediation adopted a predictable patch cycle. AI has shattered that timeline.
In 2025, over 32% of vulnerabilities have been exploited on or earlier than the day the CVE was issued. The infrastructure powering that is large, with AI-powered scan exercise reaching 36,000 scans per second.
However it’s not nearly velocity; it’s about context. Solely 0.47% of recognized safety points are literally exploitable. Whereas your crew burns cycles reviewing the 99.5% of “noise,” AI is laser-focused on the 0.5% that issues, isolating the small fraction of exposures that may be chained right into a viable path to your vital belongings.
To grasp the menace, we should take a look at it by way of two distinct lenses: how AI accelerates assaults in your infrastructure, and the way your AI infrastructure itself introduces a brand new assault floor.
State of affairs #1: AI as an Accelerator
AI attackers aren’t essentially utilizing “new” exploits. They’re exploiting the very same CVEs and misconfigurations they all the time have, however they’re doing it with machine velocity and scale.
Automated vulnerability chaining
Attackers now not want a “Crucial” vulnerability to breach you. They use AI to chain collectively “Low” and “Medium” points, a stale credential right here, a misconfigured S3 bucket there. AI brokers can ingest id graphs and telemetry to search out these convergence factors in seconds, doing work that used to take human analysts weeks.
Identification sprawl as a weapon
Machine identities now outnumber human staff 82 to 1. This creates an enormous internet of keys, tokens, and repair accounts. AI-driven instruments excel at “id hopping”, mapping token change paths from a low-security dev container to an automatic backup script, and eventually to a high-value manufacturing database.
Social Engineering at scale
Phishing has surged 1,265% as a result of AI permits attackers to reflect your organization’s inner tone and operational “vibe” completely. These aren’t generic spam emails; they’re context-aware messages that bypass the same old “crimson flags” staff are skilled to identify.
Scenario #2: AI as the New Attack Surface
While AI accelerates attacks on legacy systems, your own AI adoption is creating entirely new vulnerabilities. Attackers aren’t just using AI; they are targeting it.
The Model Context Protocol and Excessive Agency
When you connect internal agents to your data, you introduce the risk that it will be targeted and turned into a “confused deputy.” Attackers can use prompt injection to trick your public-facing support agents into querying internal databases they should never access. Sensitive data surfaces and is exfiltrated by the very systems you trusted to protect it, all while looking like authorized traffic.
Poisoning the Well
The results of these attacks extend far beyond the moment of exploitation. By feeding false data into an agent’s long-term memory (Vector Store), attackers create a dormant payload. The AI agent absorbs this poisoned information and later serves it to users. Your EDR tools see only normal activity, but the AI is now acting as an insider threat.
Supply Chain Hallucinations
Finally, attackers can poison your supply chain before they ever touch your systems. They use LLMs to predict the “hallucinated” package names that AI coding assistants will suggest to developers. By registering these malicious packages first (slopsquatting), they ensure developers inject backdoors directly into your CI/CD pipeline.
Reclaiming the Response Window
Traditional defense cannot match AI speed because it measures success by the wrong metrics. Teams count alerts and patches, treating volume as progress, while adversaries exploit the gaps that accumulate from all this noise.
An effective strategy for staying ahead of attackers in the era of AI must focus on one simple, yet critical question: which exposures actually matter for an attacker moving laterally through your environment?
To answer this, organizations must shift from reactive patching to Continuous Threat Exposure Management (CTEM). It is an operational pivot designed to align security exposure with actual business risk.
AI-enabled attackers don’t care about isolated findings. They chain exposures together into viable paths to your most critical assets. Your remediation strategy needs to account for that same reality: focus on the convergence points where multiple exposures intersect, where one fix eliminates dozens of routes.
The ordinary operational decisions your teams made this morning can become a viable attack path before lunch. Close the paths faster than AI can compute them, and you reclaim the window of exploitation.
Note: This article was thoughtfully written and contributed for our audience by Erez Hasson, Director of Product Marketing at XM Cyber.
