Enable breadcrumbs token at /includes/pageheader.html.twig

Automating the Cyber Kill Chain With Agentic AI

Cyber attackers without legal constraints gain a dramatic time and scale advantage by removing humans from the loop. What is the right approach for defenders to match and win? 
By Ray DeMeo and Darnell Washington
Image
Analysis

Time Is Up—It’s Happening Now
The concept of leveraging artificial intelligence (AI) to expand adversarial cyber attacks is now well beyond theoretical. 

AI agents have already proven themselves as the ideal tool for adversaries wanting to cause irreparable harm across all facets of digital infrastructure. At the core, AI agents are large language models that have a set of instructions, context, access to tools and the ability to take action. Using agents enables automation of a vast array of techniques and tools to discover vulnerabilities, build attack sequences and pivot to new tactics with speed and scale never before imagined.

So, why can’t defenders do the same? 
In principle, we can, but experts recognize there is a multiyear catch-up effort. That’s the best-case scenario, and providing that defenders are organized, united and focused on this objective. At the 2026 RSA Conference, industry legend Kevin Mandia, now founder and CEO of AI security company Armadin, stated that “It’s a perfect storm for offense over the next year or two” as defenders try to catch up. “The scale and scope and total recall of an AI agent compromising you and swarming you is not humanly comprehensible.”

With its 24/7 army of highly effective AI agents attacking our systems, the adversary never sleeps. 

Agentic AI Is Nonnegotiable for Cyber Defense
We have reached a critical threshold where traditional human analysis is no longer a viable shield. The volume and velocity of AI-driven threats have outpaced the cognitive capacity of even the most elite security operations center teams.

To survive this shift, we must deploy agentic AI to remove the human bottleneck and handle the heavy lifting:

• Architectural Resilience: Building new systems from the ground up with significantly fewer software defects and inherent “resilience” against long-established security risks, such as access control, memory errors and OWASP Top 10.
• Autonomous Testing and Hardening: Identifying and patching weaknesses with a new level of thoroughness before a system is deployed.
• Continuous, Adaptive Monitoring: No longer just watching for known threats. Now with the goal of training defensive AI to meet adversarial agents at hyper-speed, blow-for-blow, at the tactical edge. 

There is still an opportunity to leverage AI defensively to counter a wide range of attacker approaches, exploiting vulnerabilities that exist across all facets of digital infrastructure. The defender’s effort requires time to plan and implement an asymmetrical advantage compared to those on the offensive side. 

While all of the above are essential, fragile code and architecture are frequently cited as responsible for more than 70% of critical vulnerabilities. That’s not new news. It’s just that AI now exploits this soft underbelly that has long been avoided.

Regaining the Time Advantage
Architectural resilience and autonomous testing and hardening represent the foundational measures that must be applied to defend against adversarial AI. Human defenders may be creative and experienced, but can they maintain context in real time across an information technology (IT) environment at the same pace as AI? And why do so many attacks need to be thwarted at time of execution, like an outfielder catching fly balls at a rate of thousands per minute? 

The common thread is the need for a time advantage in the face of overwhelming odds. Barring time travel as an option in today’s world, the best advantage we can gain is by preparing for cyber adversaries well in advance of bringing systems online. 

Per Palo Alto Networks Unit 42, the average time through the cyber kill chain, from discovery to exploitation of a weakness, has moved from weeks to hours. AI-assisted workflows largely remove the human capital constraint, allowing attackers to seek out vulnerabilities and work through the sequence across hundreds of targets in parallel.

Three Top Categories of How AI Is Leveraged by Adversaries

Agentic Orchestration
Fewer resources and faster attack time across the cyber kill chain mean that cyber adversaries can outmaneuver human analysts, who have long been overwhelmed even before AI. According to Palo Alto Networks Unit 42, agentic AI data exfiltration attack speed has quadrupled. Yet, in more than 90% of breaches, preventable gaps materially enabled the intrusion.  

Hyper-Personalization of Identity Deception
Phishing, the approach of deceiving humans into taking action on behalf of the attacker, spans the kill chain on reconnaissance, weaponization and most significantly on delivery. AI transforms this into phishing on steroids with more realistic impersonation techniques, leveraging deepfake images and voices, with context of people and their roles, and in greater volume. IBM X-Force research demonstrated that AI can generate highly convincing phishing emails in five minutes compared to the 16 hours typically required by experienced human operators—a 192 times improvement in efficiency. And per DarkTrace, AI-powered phishing attacks are 67% more successful than traditional ones. Voice cloning now requires just three to five seconds of audio, and convincing video deepfakes can be created in 45 minutes with free software.

Insufficient Control of In-House AI and Indirect Prompt Injection
More recent and developing are hidden prompt injection and the leveraging of AI to pollute the software supply chain in anticipation of intentionally vulnerable code being absorbed into critical systems, sometimes referred to as “slop squatting.”

According to JP Morgan, the effects of AI-generated cyber attacks on enterprises are 24% worse. Those numbers are growing, and the business risks of getting it wrong are simply too high. The question is how AI will be used to fight AI, and how long it will take to implement a workable solution. 

Zero-day vulnerabilities are now being exploited in days or weeks with AI, versus months. Deloitte projects $40 billion in AI-enabled fraud by 2027.

As has long been documented, vulnerabilities in software are the greatest source of cyber insecurity. The call for secure-by-design, secure-by-default and secure-by-customer demand recognizes the overwhelming need to build resilience into code and system design before deployment.  

At RSA 2026, Alex Stamos, chief security officer at Corridor, said, “It’s quite possible that all this development we’ve done in memory-unsafe languages, without formal methods, that none of that is actually secure in the presence of superintelligent bug-finding machines … in which case we need to be massively rebuilding the base infrastructure we all work on.”

Our opportunity to compress time defensively and ahead of cyber attackers is by leveraging AI to design and build systems with fewer vulnerabilities. AI now affords a means to remove layers of human lead time and cost, which have been the barriers up until now.

The chance to deploy architectures with far fewer vulnerabilities is within our grasp. However, the primary obstacle isn’t a lack of processing power or algorithmic sophistication—it is organizational will.

The “glitch in the matrix” is a human one. Resistance to change, bureaucratic inertia and, going forward, the need to focus on reliable autonomous agents to write code are the true vulnerabilities. We must recognize that the threat is artificial, but the solution requires collective human will to evolve.

The challenge of implementing secure-by-design has been an uphill battle, largely because of the cost to hire engineers trained in secure coding and the ever-present push to deploy new code quickly to meet revenue objectives.

Additionally, there is immense pressure to remove boundaries from AI to accelerate implementation across organizations and critical systems.

Anthropic’s chief science officer and co-founder, Jared Kaplan, recently told Time Magazine it no longer makes sense to make unilateral commitments on safety (Anthropic Responsible Scaling Policy) when competitors are moving at a much faster pace.

As it relates to developing secure-by-design systems, some argue that the need for speed in deployment outweighs the safeguards required.

Fast time-to-market versus additional months to perform deep cyber threat modeling of software and system architecture can mean a supplier gains market share over a competitor. Some say a secure product has no users because it was too late for customers to take the security risk as a calculated business risk. Or that $1 million additional spend in secure coding could just as well be spent on detection and response.  

This changes when safety of life and economic stability are no longer on some distant risk horizon. Analogous, maybe, to handing out parachutes to airline passengers versus ensuring that the wings stay bolted on. Who gets the last word in advocating for resilient design—the airplane builder or the passengers?

The reality is that AI-enhanced cyber attackers now dramatically amplify the odds of that calculated risk.

 

 

Image
Deloitte projects $40 billion in AI-enabled fraud by 2027. FBI Internet Crime Center; Deloitte Center for Financial Services

Deloitte projects $40 billion in AI-enabled fraud by 2027.
FBI Internet Crime Center; Deloitte Center for Financial Services
 

Looking Forward
The good news is that there is opportunity to fight fire with fire in the world of agentic AI cyber adversaries. It is time to leverage AI to accelerate the design and build of inherently resilient IT systems—in large part by reducing the number of humans in the loop where traditional slow and expensive communication, handoff and coordination processes can be accomplished far more efficiently with developer agents harnessed together, directly writing code and verifying performance.

Testing of these systems requires interoperability and standards to ensure they are aligned with international, federal and local regulatory frameworks.

Bolt-on AI-enabled cyber defense solutions will remain essential because systems evolve, configurations change and adversaries are forever creative, though the greatest opportunity for impact is to leverage AI to produce new and secure code. It has long been understood that it is better to build on a solid and secure foundation rather than trying to catch a falling building brick by brick, as reflected in the vast majority of our $330 billion cybersecurity industry.  

Software coding and system architecture are jobs well-suited for AI. By no means perfect, yet we are seeing impressive advances in code quality week by week. 

While the industry may have missed its opportunity to build a global IT ecosystem with robust code in the first iteration, now is the time to correct. This is our way out, and this is the dramatic benefit of AI going forward.

And it gets more exciting for humans—enabling oversight that reflects genuine care for what the product is, who it is for and how it performs.

Conclusion:

The Human Factor, a Crisis of Time and Will
The cybersecurity landscape is no longer a game of human chess; it is a high-velocity digital arms race. To protect our nation and allies, we must shift our perspective on time and defense.

For decades, cybersecurity has operated within the “rules” of human reaction time, but adversarial AI agents have now shattered those constraints.

We must acknowledge our adversaries’ capabilities to launch attacks at warp speed, utilizing autonomous agents that don’t sleep, don’t fatigue and don’t pause for committee approval. To counter them, we cannot simply run faster; we must warp time to our advantage. We must evolve our use of agentic AI digital architectures and models to “bend time and space” so that defenses evolve well ahead of the threats attacking them.
 

Ray DeMeo is a technology and business operations executive, ISC2 Certified Information Systems Security Professional (CISSP), cybersecurity technology company co-founder and patent holder, experienced in building business in both public and private sectors. DeMeo was named a Top Cyber Exec to Watch in 2024 and 2025 by WashingtonExec. As managing director of Pulse Drive Group, he helps organizations and investors drive valuation.

Darnell Washington is a distinguished cybersecurity expert, thought leader and entrepreneur with over two decades of experience shaping the digital security landscape. He is a recognized authority in the development and implementation of advanced encryption and public key infrastructure (PKI) technologies. Washington holds multiple U.S. patents, including innovations in cryptographic key generation systems and secure video encryption over the last 14 years.

Image
Reinventing legacy human process with AI is an opportunity for defenders. Google Gemini Image
Reinventing legacy human process with AI is an opportunity for defenders. Google Gemini Image

Comments

The content of this field is kept private and will not be shown publicly.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying The Cyber Edge?