AI Is Making Attackers Faster. Cybersecurity Needs Orderly Urgency.

Leapfrog’s C-Suite Toads' insights on IT trends and strategic topics shaping the digital landscape.

There has been a lot of noise recently about new AI models being used for cybersecurity research and offensive security. Some headlines make it sound like artificial intelligence has suddenly created an entirely new category of cyber risk.

The reality is more practical, but still urgent.

AI is not replacing the fundamentals of cybersecurity. It is accelerating them.

The UK National Cyber Security Centre has assessed that AI will almost certainly make elements of cyber intrusion more effective and efficient, increasing the frequency and intensity of cyber threats. Importantly, the NCSC also notes that this is more about enhancing existing tactics, techniques, and procedures than creating entirely new threat vectors. (National Cyber Security Centre)

That distinction matters.

The risk is not just that phishing emails will sound more convincing. The bigger issue is speed. Attackers are beginning to use AI to move faster through the same attack lifecycle security teams have been defending against for years: reconnaissance, vulnerability research, exploit adaptation, scripting, malware modification, and chaining together multiple steps in an attack path.

Google Threat Intelligence Group has reported that adversaries are already using AI across vulnerability discovery, exploit generation, malware development, autonomous command execution, reconnaissance, and attack lifecycle support. Google also reported that it identified a criminal threat actor using a zero-day exploit that Google believes was developed with AI support. (Google Cloud)

That is the practical issue. AI can help attackers identify weak configurations, exposed systems, unpatched software, over-permissioned accounts, legacy platforms, and gaps in visibility faster than before. For organizations with fragmented technology environments, inconsistent patching, weak identity controls, or incomplete endpoint coverage, that creates real exposure.

This is not a reason to panic. Panic creates poor decisions, wasted spending, and operational chaos.

But it is a reason to move with urgency.

A useful analogy is the safety briefing given before every airplane departure. No one expects a problem on every flight, but everyone is still reminded where the exits are, how to use the oxygen mask, how to secure their seat belt, and what to do if the situation changes. The point is not fear. The point is readiness.

The same is true in a skyscraper fire drill. The goal is not to create a stampede. The goal is to make sure people know the exit path, understand the process, move with urgency, and do not wait until smoke is in the hallway to figure out what to do.

Cybersecurity modernization needs that same mindset.

Orderly. Disciplined. Urgent.

Many Organizations Are Not Moving Fast Enough

Over the last several years, I have seen a variety of business responses to the modernization needed to feel reasonably secure.

This is not a formal market survey. It is a field observation from working with businesses that are trying to decide how quickly to modernize.

A small percentage of organizations, likely less than 15%, have been truly proactive. These businesses have leaned into modernization, standardized their environments, strengthened identity controls, improved endpoint visibility, adopted modern security platforms, and treated cyber resilience as an ongoing business priority.

Another group, perhaps around 20%, is partially modern. These organizations have made meaningful progress in some areas, but they still have important gaps. They may have modern endpoint protection but weak identity governance. They may have cloud identity but inconsistent device management. They may have strong backup but incomplete vulnerability remediation. They are moving in the right direction, but they are not fully where they need to be.

The vast majority are lagging.

They know legacy systems need to be replaced. They know remote access needs to be modernized. They know patching needs to improve. They know identity controls need to be stronger. They know their environment is too fragmented. But decisions get delayed, budgets get deferred, projects get reprioritized, and exceptions become normal.

That was risky before.

In an AI-accelerated threat environment, it is becoming dangerous.

The uncomfortable reality is that many of these organizations will become more vulnerable targets. Not because they are careless. Not because they lack good intentions. But because attackers are getting faster while their modernization programs are moving too slowly.

The NCSC has warned that there will almost certainly be a digital divide between systems that keep pace with AI-enabled threats and a large proportion of systems that become more vulnerable. It also states that, if cyber security mitigations lag or do not change, there is a realistic possibility that critical systems will become more vulnerable to advanced threat actors by 2027. (National Cyber Security Centre)

In aviation terms, many organizations are waiting until turbulence starts to read the safety card.

In a fire drill, they are still debating the evacuation route after the alarm sounds.

This Is Not Theoretical Anymore

The warning signs are no longer limited to speculation.

Anthropic has reported that its Project Glasswing partners found more than 10,000 high- or critical-severity security flaws using Claude Mythos Preview, with some partners saying their bug-finding rate increased by more than ten times. Anthropic also reported that Mythos Preview was used to scan more than 1,000 open-source projects and identify thousands of potential high- or critical-severity vulnerabilities. (Anthropic)

The UK AI Security Institute evaluated Claude Mythos Preview and found that it represented a step up over previous frontier models in cyber performance. In controlled evaluations, AISI reported that Mythos Preview could execute multi-stage attacks on vulnerable networks and was the first model to complete its 32-step simulated corporate network attack from start to finish, succeeding in 3 out of 10 attempts. (aisi.gov.uk)

Reuters also reported that Anthropic’s Mythos model identified vulnerabilities in highly sensitive U.S. government computer systems during a testing exercise. The same report noted an important clarification: identifying vulnerabilities quickly does not necessarily mean the model exploited them within that same timeframe. (Reuters)

That distinction is important. The message is not that AI can magically hack everything. The message is that AI can dramatically compress the time required to find, analyze, and act on weaknesses.

That is enough to change the risk calculation.

The Cybersecurity Basics Matter More Than Ever

In an AI-accelerated threat environment, the fundamentals become more important, not less important. Organizations need cleaner environments, better visibility, faster remediation, and stronger identity controls.

That starts with reducing complexity.

Many businesses are still operating with a mix of legacy systems, partially managed devices, inconsistent security tools, older remote access methods, and aging endpoint platforms. These environments are harder to secure, harder to monitor, and harder to recover when something goes wrong.

AI-enabled attackers benefit from that complexity. They benefit when systems are exposed, identities are over-permissioned, patches are delayed, devices are unmanaged, and logs are incomplete.

Modern cybersecurity depends on standardization. It is much easier to defend an environment when devices, identities, networks, security tools, backup systems, and monitoring platforms are integrated into a consistent operating model.

That does not mean every business can modernize everything overnight. But it does mean organizations need a clear path, a defined priority order, and the discipline to keep moving.

Modernization Is Now a Security Requirement

Technology modernization is often viewed as an IT refresh. That view is outdated.

Modernization is now a security requirement.

Moving to modern desktop management, cloud identity, strong endpoint protection, centralized logging, vulnerability management, conditional access, multifactor authentication, secure remote access, and managed detection and response is no longer just about convenience or productivity. It is about reducing risk before attackers find and exploit the gaps.

This is where the safety briefing analogy matters. You do not brief passengers because you expect every flight to have an emergency. You brief them because preparation matters before the emergency occurs.

For IT and security, that means moving organizations away from legacy, fragmented, and partially managed environments and toward modern, standardized, well-monitored platforms.

Modernization efforts such as Windows 11 readiness, Intune adoption, Entra ID cleanup, endpoint standardization, removal of legacy remote access, Fortinet network standardization, Microsoft Defender adoption, SIEM and MDR integration, backup modernization, and vulnerability management should be treated as core parts of the security roadmap.

These are not optional improvements for some future budget cycle. They are the exit rows, oxygen masks, and evacuation routes of the modern security program.

Patching and Vulnerability Remediation Need More Urgency

One of the clearest impacts of AI-enabled cyber activity is the increased pressure on patching and vulnerability management.

As vulnerability research becomes faster and more automated, organizations have less time to respond to known weaknesses. Internet-facing systems, firewalls, VPNs, browsers, servers, identity platforms, and known exploited vulnerabilities need especially close attention.

This does not mean every patch can be applied instantly without planning. Businesses still need maintenance windows, testing, coordination, and change control. But the old model of slow, inconsistent, or loosely governed patching is becoming harder to defend.

Organizations should be asking:

  • Are we patching high-risk systems quickly enough?
  • Do we know which devices are missing patches?
  • Are we prioritizing internet-facing and actively exploited vulnerabilities?
  • Do we have a clear exception process when remediation is delayed?
  • Can leadership see where risk remains unresolved?

The goal is not just to install more patches. The goal is to reduce the time between detection, prioritization, remediation, and risk acceptance.

When a fire alarm sounds in a skyscraper, the process needs to be clear. People should know which stairwell to use, where to gather, and who is accountable for making sure the floor is clear. Vulnerability management requires the same clarity. Which systems are at risk? Who owns remediation? What is the deadline? What happens if remediation is delayed? Who accepts the risk?

Identity Is One of the Most Important Control Points

AI does not eliminate the need for credentials. In many cases, it makes identity-based attacks more efficient.

Attackers still want valid usernames, passwords, sessions, tokens, admin accounts, and remote access paths. That makes identity security one of the most important areas of defense.

Organizations should prioritize strong multifactor authentication, phishing-resistant MFA where appropriate, conditional access, least privilege, admin separation, periodic access reviews, and secure remote access models such as ZTNA.

Identity should not be treated as a one-time setup. It should be continuously reviewed and improved.

In the airplane analogy, identity is like knowing who is on board, who has access to the cockpit, and who is responsible for making decisions in an emergency. If everyone has unrestricted access, the situation becomes much harder to control.

The Right Response Is Not Fear. It Is Disciplined Action.

The right response to AI-enabled cyber risk is not fear-based buying or chasing every new security product. The right response is disciplined modernization.

That means:

  • Standardizing the endpoint environment.
  • Improving patch and vulnerability remediation.
  • Strengthening identity security.
  • Replacing legacy remote access.
  • Expanding endpoint detection and response.
  • Centralizing logs and alerts.
  • Improving backup and recovery readiness.
  • Using MDR and SIEM capabilities effectively.
  • Reporting risk clearly to business leadership.
  • Reducing exceptions and unmanaged assets.

AI may make attackers faster, but it can also make defenders better. Security teams can use automation, better analytics, improved detection, and more efficient investigation workflows to respond more quickly and consistently.

But defensive AI will only be effective if the underlying environment is manageable. You cannot automate your way out of a disorderly, poorly documented, fragmented technology estate. First, you need order. Then you can add speed.

Orderly Urgency Should Be the Operating Model

The best response is not panic. It is also not complacency.

The right operating model is orderly urgency.

Orderly means having standards, priorities, ownership, change control, communication, and reporting.

Urgency means moving faster than we have historically moved, especially when risk is clear and the remediation path is known.

That combination is important. Urgency without order creates chaos. Order without urgency creates delay. In the current threat environment, delay is becoming more dangerous.

Business leaders should expect IT and security teams to identify the highest-risk gaps, communicate them clearly, recommend a practical path forward, and keep modernization moving. Technology leaders should also be willing to explain when delayed action means accepted risk.

The organizations stuck in analysis paralysis need to recognize that indecision is still a decision. Delaying modernization does not pause the threat environment. It only extends the window of exposure.

The Business Message Is Simple

AI is making attackers faster.

That means businesses need to move faster too.

Older, fragmented, partially managed IT environments are becoming harder to defend. Modern, standardized, well-monitored environments are easier to secure, easier to operate, and easier to recover.

For business leaders, the priority should be clear: modernization and security stack adoption are no longer optional improvements. They are core parts of cyber resilience.

This is not a stampede. It is not a fear campaign. It is the cybersecurity equivalent of listening to the safety briefing, knowing where the exits are, and moving with purpose when action is required.

The best time to reduce complexity, strengthen identity, improve visibility, and accelerate remediation is before an incident occurs.

AI is changing the pace of cybersecurity. Organizations need to adapt their technology, their processes, and their expectations accordingly.

Know the exits. Follow the plan. Move with discipline.

But move now.

If your organization is trying to determine how quickly to modernize, where to reduce risk first, or how to bring more order to its cybersecurity program, Leapfrog Services can help. For more than 25 years, we have helped organizations simplify complex IT environments, strengthen security foundations, and align technology decisions with business priorities. In an AI-accelerated threat environment, readiness matters. Reach out today for a practical conversation about where to start and how to keep moving with orderly urgency.

Emmett Hawkins III – Chief Technology Officer, Leapfrog Services

Emmett leads Leapfrog’s technology strategy, service innovation, and hosted solutions, while advising clients as a trusted solutions architect. He co-founded Virtex Networks, one of the nation’s first IT infrastructure service providers, acquired by Leapfrog in 2001. With deep expertise in enterprise management technologies, Emmett has held leadership roles at Computer Associates and served on advisory committees for the City of Atlanta. He is a member of InfraGard and a trustee of the Grace Scholarship Foundation. Emmett holds a BA from Emory University and is a graduate of Duke University’s AMP program.