5 ways to fortify your network against the new speed of AI attacks
Summary
Mandiant's 2026 enterprise security landscape survey, now part of Google Cloud, reveals a paradox in modern cyberwarfare: while both attackers and defenders increasingly use automation, humans remain the weakest link. Attackers are accelerating their operations, with "time to hand off" compromised targets dropping from over eight hours in 2022 to just 22 seconds in 2025 due to automation. The mean time to exploit zero-day vulnerabilities has also fallen to seven days. Cybercriminals and espionage groups employ distinct tactics, with dwell times averaging 14 days, but espionage incidents can extend to 122 days. High-tech (17%) and financial (14.6%) sectors are top targets. Exploits account for nearly one-third of intrusions, followed by voice-based social engineering targeting IT help desks to bypass MFA. While AI tools are used for reconnaissance and malware, most successful intrusions still stem from human and systemic failures. Organizations are improving internal detection, with 52% of 2025 investigations showing internal discovery, up from 43% in 2024.
Key takeaway
For CTOs and VPs of Engineering assessing their cybersecurity posture, recognize that rapid attacker automation necessitates a shift from traditional perimeter defense to continuous identity verification. Prioritize hardening identity controls, especially for third-party vendors, and implement structural network changes like treating virtualization platforms as Tier-0 assets and decoupling backup environments from corporate Active Directory to counter sophisticated, fast-moving threats.
Key insights
Despite increasing automation in cyberattacks, human and systemic failures remain the primary cause of successful intrusions.
Principles
- Identity is the new perimeter.
- Attackers move faster with automation.
- Decouple backup environments.
Method
Mandiant advises advanced employee training, treating virtualization platforms as Tier-0 assets, decoupling backups, deploying advanced threat detection, auditing SaaS integrations, and implementing behavior-based detection models.
In practice
- Train staff on voice-based social engineering.
- Use immutable storage for backups.
- Route all SaaS through a central IdP.
Topics
- AI Cyberattacks
- Mandiant M-Trends Report
- Zero-Day Exploits
- Social Engineering
- Network Fortification
Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, IT Professional
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.