The attack chain is being automated. Most organisations haven't noticed.

Every few months, the conversation about AI and cybersecurity resets to roughly the same place. Someone senior gives a talk. A report comes out. Everyone agrees that phishing emails are getting scarier and that employees really shouldn't be typing confidential information into chatbots. Then the report gets shared on LinkedIn, and nothing much changes.

It's not that those concerns are wrong. It's that they're a bit like worrying about someone nicking your wheelie bin while your house is on fire. Technically a valid concern, not really the thing you should be focused on right now.

The thing you should be focused on is this: AI is quietly removing the friction from every stage of an attack. Reconnaissance. Research. Code analysis. Vulnerability discovery. Exploit development. Targeting. Social engineering. Post-compromise decision-making.

Every part of the process that used to cost attackers time, expertise or money is getting cheaper. Not all at once, not dramatically, but steadily and without much fanfare.

That's what should be keeping security teams up at night. Not better phishing. The industrialisation of the entire workflow.

The attack chain is speeding up, and that's the bit nobody wants to talk about

There's a habit in security of thinking about attacks in isolated chunks. A phishing email here, a vulnerability exploit there, some ransomware at the end as a sort of grim finale. In practice, attacks are chains. Adversaries work through stages, adapt when things don't go to plan, and keep pushing until something works. Much like incident response, except attackers tend to have clearer objectives and fewer Jira tickets to update.

AI fits naturally into that kind of process. Pattern recognition, summarisation, classification, rapid iteration - these are exactly the tasks that used to slow attackers down. In 2025, AI-enabled adversary activity increased 89% year-on-year, and techniques that once required serious resources are now showing up across a much broader range of criminal operations.[1] The barrier to entry is falling. Fast.

The point isn't that every attacker is suddenly a genius. It's that you no longer need to be particularly skilled to cause serious damage. The tooling is doing more of the heavy lifting.

On zero-days: let's be honest about where we actually are

People love a binary on this one. Either AI can conjure a working zero-day exploit on demand, which sounds exciting and is not quite true, or it has no meaningful role in vulnerability discovery until that exact magical threshold is crossed, which is also not true and is honestly a bit convenient for anyone who'd rather not think about it.

The reality is more mundane and more worrying. Zero-day discovery is basically a search problem with a lot of technical judgement wrapped around it. You're hunting for unusual logic, unsafe assumptions, edge cases that produce security impact. AI is genuinely useful for that.

In 2024, Google's Big Sleep project, a collaboration between Project Zero and DeepMind, autonomously found a previously unknown exploitable memory flaw in SQLite. First time an AI agent had pulled that off in widely-used real-world software, by Google's own account.[2]

Academic researchers have since shown that teams of LLM agents can exploit zero-day vulnerabilities without being told what to look for first.[3]

And earlier this year, Google's Threat Intelligence Group flagged what looks like the first confirmed case of a threat actor actually using an AI-generated zero-day exploit in the wild.[4]

So. Not a button press. Not science fiction either.

The exploitation phase is mostly boring, and AI loves boring

Exploitation gets treated like the action sequence of a cyber attack, but it's mostly just tedious iterative work. Understanding exactly how a flaw behaves, testing assumptions, adapting code when it doesn't work, troubleshooting, chaining weaknesses together, deciding which targets are worth the bother. Very unglamorous. Also very automatable.

AI can explain code, generate variants, adapt old proof-of-concepts, interpret error messages, and generally compress the gap between "interesting bug" and "usable weapon". And once something works, scaling it up becomes considerably easier than it used to be.

The average time between an attacker getting initial access and moving laterally through a network dropped to 29 minutes in 2025. Down from 48 minutes in 2024. The fastest recorded case took 27 seconds.[1] For reference, it takes most organisations longer than 27 seconds to notice there's a problem, let alone do anything about it.

The underlying models keep getting better. Quickly.

Here's something that gets smoothed over in model release coverage: the trajectory.

The UK AI Security Institute has been tracking AI cyber performance since late 2022. For most of that period, progress was steady but unremarkable - beginner-level tasks gradually became easier until every major frontier model was passing them above 95%. On expert-level challenges, as recently as April 2025, every model scored zero.

Every model. Zero.

Inside twelve months, two frontier models from different labs both hit around 70%.[9][10]

That's not incremental progress. That's a cliff edge.

Both labs have noticed. Mythos Preview isn't publicly available at all - Anthropic restricted it to a small number of critical infrastructure organisations because its offensive capabilities were considered too significant to release broadly.[11] OpenAI took a near-identical position with GPT-5.5-Cyber within days.[12] When two of the largest AI labs independently decide the same week that their latest models can't be released openly, it's worth treating that as signal rather than noise.

The DARPA AI Cyber Challenge in 2025 adds some grounding on the economics. Four AI systems, built on commercially available models with specialised scaffolding, autonomously discovered 18 real vulnerabilities in production software. Six were previously unknown zero-days. Average cost per finding: $152.[13]

The AISI's evaluation of GPT-5.5 adds another number worth sitting with. A human expert solved a reverse-engineering task in roughly 12 hours using specialist tooling. GPT-5.5 solved the same task autonomously in ten minutes and twenty-two seconds, for $1.73 in API costs.[10]

$1.73.

Here's the bit the industry really doesn't like admitting

None of this would be quite so alarming if the defensive side of the industry were in better shape. It isn't.

Most organisations still don't have a complete picture of what's connected to the internet on their behalf.

Severity scores get used as a proxy for actual risk, which they aren't.

Ownership of systems is often unclear.

Legacy infrastructure hangs around indefinitely because nobody wants to deal with the downtime.

Security teams surface findings faster than anyone can act on them, and the backlog grows quietly in the background.

The numbers aren't subtle about this. Around 131 new vulnerabilities were disclosed every single day in 2025.[8] That's one every eleven minutes, if you'd like to feel worse about your morning.

Despite that, 77% of organisations still take more than a week to deploy patches once they're available.[6]

On average, enterprises resolve vulnerabilities at a compound rate of just 5% per month.[7] Which means, if you're doing the maths, that the backlog is not shrinking.

AI is now accelerating the side of this equation that was already winning.

The window defenders rely on is getting smaller

Security has always operated on the assumption that there's some delay between a vulnerability being discovered and it being widely exploited. Sometimes that window is short. Sometimes it's longer. But it's existed, and defenders have quietly depended on it to get things patched before they're used against them.

That assumption is getting harder to justify. In 2025, the median time from a vulnerability being published to confirmed exploitation dropped to 5 days. The number of high and critical severity vulnerabilities that were actively exploited more than doubled compared to the year before.[5] The window isn't gone, but it's narrowing, and the organisations that were already struggling to use it effectively are going to feel that the most.

The question defenders need to be asking isn't just "how bad is this vulnerability?" It's "how quickly could this go from obscure technical issue to repeatable attack at scale?" Most organisations genuinely don't know. Some of them haven't thought to ask.

AI will help defenders too. That's not really the point.

Yes, AI will improve triage, code review, threat detection, all of that. There's a genuine defensive upside and it's worth taking seriously.

But the organisations that will actually benefit from it are, broadly, the ones already doing the fundamentals well. Clean asset inventories. Mature processes. Security teams that have enough organisational trust to actually get things fixed. That's not most organisations. For everyone else, layering AI on top of a broken vulnerability programme mostly just means you find out about your problems faster.

The fix isn't a tool. It's faster exposure identification, proper visibility of what's actually internet-facing, prioritisation based on real exploit paths rather than CVSS scores, secure-by-design practices, and a lot less tolerance for the kind of remediation delays that have somehow become business as usual.

The biggest AI cyber risk isn't smarter attacks.

It's faster, cheaper, more scalable attacks against organisations that are still, quietly, assuming they'll have enough time to sort it out later.

They won't. But the slide decks will look great.

Endnotes

1. CrowdStrike, 2026 Global Threat Report (February 2026). https://www.crowdstrike.com/en-us/press-releases/2026-crowdstrike-global-threat-report/

2. Google Project Zero and Google DeepMind, From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code, Project Zero Blog (November 2024). https://projectzero.google/2024/10/from-naptime-to-big-sleep.html

3. Zhu et al., Teams of LLM Agents can Exploit Zero-Day Vulnerabilities, arXiv:2406.01637 (June 2024, updated March 2025). https://arxiv.org/abs/2406.01637

4. Google Threat Intelligence Group, first confirmed AI-generated zero-day exploit in the wild (reported May 2026). https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access

5. Rapid7, 2026 Global Threat Landscape Report: Decoding the Accelerated Cyber Attack Cycle (March 2026). https://www.rapid7.com/about/press-releases/rapid7-2026-global-threat-landscape-report-shows-exploited-high-and-critical-severity-vulnerabilities-surged-105-as-attack-timelines-collapsed/

6. Adaptiva, State of Patch Management 2025 Report, in partnership with Demand Metric (January 2025). https://adaptiva.com/blog/adaptivas-report-reveals-automation-as-a-top-priority-for-patch-management-in-2025

7. Bitsight Research, A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month (January 2024). Based on analysis of 140 CVEs across 101,201 enterprises. https://www.bitsight.com/blog/mere-five-percent-vulnerable-enterprises-fix-their-issues-every-month-how-help-them-do-better

8. National Vulnerability Database, NIST. CVE publication statistics. https://nvd.nist.gov/vuln/search

9. UK AI Security Institute, Evaluation of Claude Mythos Preview's cyber capabilities (April 2026). https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities

10. UK AI Security Institute, Evaluation of OpenAI's GPT-5.5 cyber capabilities (May 2026). https://www.aisi.gov.uk/blog/our-evaluation-of-openais-gpt-5-5-cyber-capabilities

11. Anthropic, Project Glasswing (April 2026). https://www.anthropic.com/glasswing

12. OpenAI, Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber (May 2026). https://openai.com/index/gpt-5-5-with-trusted-access-for-cyber/

13. DARPA, Announces Winners of AI Cyber Challenge (2025). Reported via MeriTalk. https://www.meritalk.com/articles/darpa-announces-winners-of-ai-cyber-challenge/

Views expressed are my own.