Index  ›  ai  ›  Forbes

AI Attacks Move At Machine Speed. Is Your Security Architecture?

Forbes Published Jul 16, 2026 Reviewed Jul 16, 2026 ✓ Reviewed by citations.press editors
Anthropic disclosed in November 2025 an AI-orchestrated espionage campaign in which an agentic coding framework was manipulated to execute 80% to 90% of an attack chain autonomously.
85 · attack chain execution
According to Anthropic's report, agentic systems can make thousands of requests per second when connected to tools and agentic workflows.
at least 1000 · agentic system requests

Etay Maor is Vice President of Threat Intelligence for Cato Networks, a leader of advanced cloud-native cybersecurity technologies.

One of the key processes within a cybersecurity framework is identifying vulnerabilities, assessing the asset exposure resulting from those vulnerabilities, closing them and ensuring patches are applied quickly before attackers get a whiff of the weakness.

This process takes time, which has become a serious problem when frontier AI attacks are moving at machine speed as opposed to human-led attacks moving at human speed.

As a vice president of threat intelligence, I spend my days tracking exactly this kind of AI-accelerated attack activity. Watching how bad actors weaponize AI in real time, I believe the pace of vulnerability management can no longer keep up with what's coming at defenders today. Here's a clear-eyed look at what's actually changed.​

Frontier AI models are upending the attack cycle by enabling greater autonomy, as demonstrated in Anthropic's November 2025 disclosure of an AI-orchestrated espionage campaign, where an agentic coding framework was manipulated to execute 80% to 90% of an attack chain autonomously.​

When connected to tools and agentic workflows, these models can scan, probe and discover exploit paths without the manual searching attackers once relied on. This work can be accelerated by agentic systems that can make thousands of requests per second, according to Anthropic's report.

With discovery, decision and exploitation running in parallel, AI-driven systems can probe across layers, test different paths and daisy chain weaknesses faster than human teams can manually investigate and fix them.

This means continuous pressure with a compressed response time, not just faster attacks.

Many organizations still depend on traditional security infrastructure underpinned by security hardware managed in-house. Firewalls, gateways and other security solutions are patched, maintained and tested by the organization.

The update process is long and time-consuming, with security teams identifying issues, assessing the impact and scheduling maintenance within a suitable window.

Frontier AI models will not wait for internal approval, maintenance schedules or rollout plans to launch attacks. The patch-led model is not designed for AI-speed attacks.

The zero-trust model hinges on trusting nobody and nothing without explicit permission or verification. It is an important brick in the organization’s cybersecurity wall, cemented with least-privilege access, identity-based controls and reduced exposure.

While zero trust has its upside, some zero-trust implementations rely on proxy-based models that inspect selected traffic flows, leaving parts of the environment less visible and less consistently protected. This means an organization will not have complete visibility into traffic patterns, which devices are connecting to sensitive systems or whether unusual traffic is moving between cloud, branch and data center environments.

AI models can and will exploit these gaps. They can spot small inconsistencies, test them repeatedly and turn them into a workable attack path.

A panic move to address AI-enabled attacks may entail adding a layer of disconnected tools. The focus should instead be on an architectural road map centered on visibility, shared context, automation and consistent enforcement.

This helps enable the shift from time-to-patch to time-to-protect, in which the security architecture acts at the speed of attack.

As I've written about previously, cloud-native SASE brings networking and security together, rather than having both functions operate in silos. My company operates in this space, so this is the model that I know best, even though others may achieve similar results.

Aspects such as network connectivity, traffic visibility, security inspection and policy enforcement work in unison and enable security to be applied closer to where users, devices, applications and cloud services connect.

This is important because AI-driven attacks don’t care about operational boundaries. Once they get in, they can move across users, devices, applications, locations and traffic flows. A cloud-native model can allow security teams to apply patch updates at the platform level rather than manually moving from appliance to appliance across distributed hardware.​

However, achieving the platform-level advantage of SASE requires a transition plan. With networking and security running on a unified platform, migration should happen in a coordinated, phase-wise manner.

This is a departure from the one-appliance-at-a-time swaps of point solutions. Teams instead need a cutover period where traffic gradually shifts from legacy controls to the new platform.​​

Proxy-only inspection models are like a partial blindfold, as they don’t provide visibility into the entire environment. No doubt, such gaps were already a problem in a slower-moving threat landscape, but in an AI-driven reality, they become more dangerous.

Organizations need comprehensive visibility across network flows, user behavior, device activity, applications and traffic patterns in a connected manner for shared context.

The problem with collecting more data is that it has the potential to create more alerts, duplicate signals and additional noise. If the system is poorly tuned, teams will have to manage false positives, and weak correlation might mean genuine threats remain undetected. Full-context visibility only delivers value when teams prioritize and correlate the information without being overwhelmed.

Autonomous attacks demand security automation. You can’t hope to match the attacker’s speed if plugging every weakness demands testing windows, team handoffs or policy change.

To be clear, you are not removing human oversight, only unnecessary delay. Automated updates, real-time policy enforcement and consistent policy application help the organization respond faster when new risks emerge.​

In practice, this means teams need visibility into the automated actions, including audit trails, approval thresholds for high-impact changes and the ability to roll things back in case of misfire. You are essentially not doing routine work but keeping an eye on the system that does it. Security teams can then focus on investigation, strategy and high-level decision-making.​

While many organizations are responding to AI-enabled attacks by bringing on new tools, this can add to already overflowing tool sprawl. Instead, it's often more valuable to take a step back and determine how your architecture can reduce blind spots, unify context and enforce security consistently across the environment.​

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

This article was originally published by Forbes ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error