Over the past two decades, cybersecurity has been structured around a simple principle: detect faster than the attacker. Companies have expanded monitoring tools, detection platforms and security operations centers to identify intrusions before they produce significant damage.
This model is, however, based on an implicit hypothesis: time remains a determining factor in the confrontation between defense and attack.
The rise of artificial intelligence is profoundly changing this balance. In many scenarios, the main constraint is no longer technical expertise, but execution speed. Where a sophisticated intrusion previously required days or weeks of system reconnaissance, exploit development, and lateral movement within the network, certain steps can now be automated by software agents capable of exploring a computing environment and testing different approaches at a pace impossible for a human team.
Cybersecurity is gradually entering a phase where the attack can progress at machine speed.
🚨 SMARTJOBS
- MISTRAL – Account Executive, Enterprise, France – Paris
- ANTHROPIC – Startup Partnerships – France & Southern Europe
- CONTEXT – HR Director – Human Resources Director
- ECOLE POLYTECHNIQUE – Director/Deputy Director of International Relations (F/M)
- CLAROTY — Sales Development Representative
- FRACTTAL — Account manager (France)
- BRICKSAI — Founding Growth Manager
👉 Find all our offers on the DECODE MEDIA Jobboard
📩 Are you recruiting and want to strengthen your employer brand? Discover our partner offers
Automation of the attack
This transformation is not just down to the power of artificial intelligence models. It is mainly due to their ability to automate tasks historically reserved for specialists.
Generative models can produce code, analyze configurations, test operating hypotheses, and construct attack scenarios. Combined with agents capable of executing actions on real systems, they make it possible to orchestrate offensive operations much faster.
Several dimensions of the attack particularly lend themselves to this automation.
Recognition first. Agents can automatically navigate an infrastructure, map exposed services and identify dependencies between systems.
The generation of exploits then. Models capable of producing code can adapt known vulnerabilities to a specific context.
Finally, coordination. Several agents can work simultaneously, share information and explore different paths to the same objective.
The result is a distributed and persistent form of attack. The goal is no longer just to find a single vulnerability, but to systematically examine an organization’s entire exposure surface.
An attack surface that continues to expand
This acceleration comes as IT infrastructures become increasingly complex.
Companies are increasing the number of cloud applications, API interfaces, external services and tools integrating artificial intelligence models. Each new technology layer introduces additional dependencies and, potentially, new entry points.
Two dynamics combine, attackers have more effective tools to explore systems, while organizations expand their exposure surface.
In this context, certain historical practices show their limits. Penetration tests carried out once or twice a year provide a snapshot of the security of an information system. However, infrastructures are constantly evolving: new applications, new configurations, new user accounts.
Between two audits, the environment may have changed profoundly.
The emergence of offensive security continues
Faced with this acceleration, one approach is gaining importance: continued offensive security.
The idea is to observe a system not only from the defender’s point of view, but also through that of the attacker. Concretely, this involves constantly simulating intrusion scenarios in order to identify truly exploitable access paths.
Several startups are now developing platforms intended to automate this type of analysis.
The Dutch company Hadrian, for example, offers tools capable of automatically mapping an organization’s external attack surface and testing for exploitable vulnerabilities.
In the United Kingdom, Mindgard focuses on the red teaming of artificial intelligence systems, in particular to test the robustness of models against adversary attacks or manipulation attempts.
Other European players are working on behavioral detection or securing development pipelines. Darktrace has been developing anomaly analysis systems based on machine learning for several years, while the Belgian startup Aikido Security is positioning itself on securing code and development chains.
In the United States, several startups are also exploring the idea of automated offensive security. The company Hex Security thus develops agents capable of carrying out continuous intrusion tests on corporate environments.
On a related note, HiddenLayer focuses on protecting artificial intelligence models themselves, a new area of cybersecurity linked to the generalization of AI systems in enterprise applications.
The major security publishers are not absent from this development. Groups like CrowdStrike or Palo Alto Networks are gradually integrating automated analysis and attack simulation capabilities into their platforms.
From detection to understanding risk
This new generation of tools doesn’t just seek to detect more vulnerabilities. It mainly aims to understand how these can be exploited in a real environment.
In a complex infrastructure, an isolated breach does not necessarily represent a critical risk. On the other hand, the combination of several vulnerabilities can allow an attacker to progress from one system to another until reaching sensitive assets.
Attack path analysis consists precisely of reconstructing these trajectories. The objective is not to produce an exhaustive list of vulnerabilities, but to prioritize risks according to two essential criteria: their actual exploitability and their potential impact on the company’s activity.
For security teams, this prioritization becomes crucial. Organizations already have a considerable volume of alerts from their detection tools. The challenge is no longer just spotting anomalies, but determining which vulnerabilities need to be fixed as a priority.
A confrontation between autonomous systems
If these technologies continue to advance, cybersecurity could evolve into an increasingly automated confrontation between offensive and defensive systems.
Attackers will use agents capable of quickly testing a large number of intrusion scenarios. Defenders will also need to rely on systems capable of constantly analyzing their environments, identifying risky configurations and correcting certain vulnerabilities before they are exploited.
This development raises several questions. Firstly that of control: in what situations can autonomy be entrusted to automated systems, and from what moment does human intervention remain essential? Then that of governance. Businesses will need to integrate these technologies into security processes that can handle decisions made at a much faster pace.
However, one thing is becoming increasingly clear: in an environment where the attack can progress at machine speed, the defense will no longer be able to make do with static tools or one-off evaluations.
She too will have to learn to operate in real time.
