“…For most of the history of cybersecurity, large-scale attacks required one of two things: a nation-state with the resources to field an elite hacking team, or a criminal organization with years of accumulated expertise and operational infrastructure. Both existed. Both caused significant damage. But they were constrained by the fundamental bottleneck of human skill — finding the right vulnerabilities, writing the right exploit code, coordinating the right campaign required people who had spent years developing rare capabilities.
AI has just removed that bottleneck.
What once required an elite team can now be automated or AI-assisted: vulnerability discovery, exploit generation, reconnaissance, highly personalized phishing in any language, malware that iterates to evade detection, and full attack chains that connect multiple exploits into a coordinated campaign. According to Red Canary, adversaries are already using large language models for 80 to 90 percent of tactical operations in espionage campaigns. IBM reported a 44 percent spike in public-facing application exploits in 2026, driven in significant part by AI-assisted attacks. Trend Micro has called this year “the AI-fication of cyberthreats.”
This is not a future threat. It is the current situation, and it is accelerating…”