We’ve all seen the situation where a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving forward. An engineer generated a “temporary” API key for testing and forgot to revoke it. Previously, these were small operational risks and liabilities that would eventually be repaid in a slower cycle.
In 2026, “eventually” is now
But today, AI-powered adversarial systems can discover that over-granted workload, map its identity relationships, and calculate viable routes to critical assets within minutes. Before the security team had even finished their morning coffee, the AI agents had simulated and executed thousands of attack sequences.
AI compresses reconnaissance, simulation, and prioritization into a single automated sequence. The exposures you created this morning can be modeled, validated, and placed within a viable attack path before the team goes to lunch.
Exploit window collapse
Historically, the exploit window has favored defenders. Vulnerabilities were uncovered, teams assessed them, and remediation followed a predictable patch cycle. AI has shattered that timeline.
In 2025, over 32% of vulnerabilities were exploited on or before the date the CVE was issued. The supporting infrastructure is massive, with AI-powered scanning activity reaching 36,000 scans per second.
But speed isn’t the only thing that matters. It’s a matter of context. Only 0.47% of identified security issues are actually exploitable. While teams run cycles that review 99.5% of the “noise,” AI focuses on the critical 0.5%, isolating a small portion of exposure that can be chained into actionable routes to critical assets.
Understanding this threat requires looking at it through two different lenses: how AI accelerates attacks on infrastructure, and how the AI infrastructure itself introduces new attack surfaces.
Scenario #1: AI as an accelerator
AI attackers aren’t necessarily using “new” exploits. They exploit the same CVEs and misconfigurations all the time, but they do so with machine speed and scale in mind.
Automated vulnerability chaining
Attackers no longer need a “critical” vulnerability to gain entry. They use AI to chain together “low” and “medium” issues: old credentials here, misconfigured S3 buckets there. AI agents can ingest identity graphs and telemetry and find these points of convergence in seconds, doing what would take a human analyst weeks.
The spread of identity as a weapon
Currently, machine IDs outnumber human employees by a ratio of 82 to 1. This creates a large web of keys, tokens, and service accounts. AI-driven tools excel at “identity hopping,” mapping token exchange paths from low-security development containers to automated backup scripts and ultimately to high-value production databases.
Social engineering at scale
Phishing spiked 1,265% because AI allows attackers to perfectly mirror a company’s internal and operational “feel.” These are not regular spam emails. These are context-aware messages that avoid the usual “red flags” that employees are trained to spot.
Scenario #2: AI as a new attack target
While AI is accelerating attacks on legacy systems, the introduction of homegrown AI is creating entirely new vulnerabilities. Attackers aren’t just using AI; That’s what they’re aiming for.
Model Context Protocols and Excessive Agency
Connecting internal agents to data runs the risk of them being targeted and turned into “disrupted agents.” An attacker could use prompt injection to trick a public support agent into querying an internal database that it shouldn’t access. Sensitive data surfaces and is leaked through the systems you trusted to protect it, in what appears to be authorized traffic.
poison the well
The consequences of these attacks extend far beyond the moment of exploitation. The attacker creates a dormant payload by feeding fake data into the agent’s long-term memory (vector store). The AI agent absorbs this poisoned information and later provides it to the user. While EDR tools only recognize normal activity, AI is acting as an insider threat.
supply chain illusion
Finally, attackers can poison the supply chain before touching the system. They use LLM to predict “illusory” package names that their AI coding assistant will suggest to developers. Registering these malicious packages in the first place (slopsquatting) ensures that developers directly insert backdoors into the CI/CD pipeline.
Reusing response windows
Traditional defenses cannot match the speed of AI because they measure success with the wrong metrics. While teams count alerts and patches and treat volume as progress, adversaries exploit the gaps that accumulate due to all this noise.
An effective strategy to stay ahead of attackers in the age of AI should focus on one simple but important question: It’s about what the real danger is for an attacker moving laterally through the environment.
To answer this, organizations must move from reactive patching to continuous threat exposure management (CTEM). This is an operational point designed to balance security exposure with real business risk.
AI-powered attackers don’t care about individual findings. These cascade exposure into viable paths to your most important assets. Remediation strategies must also consider the same reality. This means you should focus on convergence points where multiple exposures intersect, where a single fix eliminates dozens of routes.
A normal operational decision made by the team this morning could become a viable attack vector before lunch. If you close the path faster than the AI can calculate it, you can regain the window of exploitation.
Note: This article was thoughtfully written and contributed to our readers by Erez Hasson, Director of Product Marketing at XM Cyber.
Source link
