5 ways to fortify your network against the new speed of AI attacks

· Source: News and Advice on the World's Latest Innovations | ZDNET · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure · Depth: Intermediate, short

Summary

Mandiant's 2026 enterprise security landscape survey, now part of Google Cloud, reveals a paradox in modern cyberwarfare: while both attackers and defenders increasingly use automation, humans remain the weakest link. Attackers are accelerating their operations, with "time to hand off" compromised targets dropping from over eight hours in 2022 to just 22 seconds in 2025 due to automation. The mean time to exploit zero-day vulnerabilities has also fallen to seven days. Cybercriminals and espionage groups employ distinct tactics, with dwell times averaging 14 days, but espionage incidents can extend to 122 days. High-tech (17%) and financial (14.6%) sectors are top targets. Exploits account for nearly one-third of intrusions, followed by voice-based social engineering targeting IT help desks to bypass MFA. While AI tools are used for reconnaissance and malware, most successful intrusions still stem from human and systemic failures. Organizations are improving internal detection, with 52% of 2025 investigations showing internal discovery, up from 43% in 2024.

Key takeaway

For CTOs and VPs of Engineering assessing their cybersecurity posture, recognize that rapid attacker automation necessitates a shift from traditional perimeter defense to continuous identity verification. Prioritize hardening identity controls, especially for third-party vendors, and implement structural network changes like treating virtualization platforms as Tier-0 assets and decoupling backup environments from corporate Active Directory to counter sophisticated, fast-moving threats.

Key insights

Despite increasing automation in cyberattacks, human and systemic failures remain the primary cause of successful intrusions.

Principles

Method

Mandiant advises advanced employee training, treating virtualization platforms as Tier-0 assets, decoupling backups, deploying advanced threat detection, auditing SaaS integrations, and implementing behavior-based detection models.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, IT Professional

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.