We’ve all seen this before: a developer deploys a new cloud service and grants overly broad permissions to keep an athlete moving. A developer generates a “temporary” API key for testing and forgets to revoke it. In the past, these were small operational risks, bills that you would eventually pay off during the slow cycle.
In 2026, “Finally” now
But today, in a matter of minutes, AI-powered conflicting systems can find that workload, map its ownership relationships, and calculate an efficient route to your critical assets. Before your security team has even finished their morning coffee, the AI agents have simulated thousands of attack sequences and gone for the kill.
AI compresses retesting, simulation, and prioritization into one automated sequence. The exposure you created this morning can be refined, validated, and put into an effective attack plan before your team eats lunch.
Exploitation Window Wrapping
Historically, the exploit window favored the defender. Vulnerabilities were disclosed, teams evaluated their exposures, and fixes followed a predictable patch cycle. AI has broken that timeline.
By 2025, more than 32% of vulnerabilities were exploited on or before the date a CVE was issued. The infrastructure that powers this is massive, the AI-powered scanning function reaches 36,000 scans per second.
But it’s not just about speed; it’s about context. Only 0.47% of identified security issues are actually exploitable. While your team is burning cycles that review 99.5% of the “noise,” the AI focuses on the 0.5% that matters, isolating the small portion of exposure that can be tied to the active path of your valuable assets.
To understand the threat, we must look at it through two different lenses: how AI accelerates attacks on your infrastructure, and how your AI infrastructure presents a new attack surface.
Scenario #1: AI as an Accelerator
AI attackers don’t use “new” exploits. They exploit the exact same CVEs and vulnerabilities they always have, but they do it at machine speed and scale.
Automatic chain vulnerability
Attackers no longer need a “Critical” vulnerability to breach it. They use AI to piece together “Low” and “Medium” issues, an old identity here, a poorly configured S3 bucket there. AI agents can import proprietary graphs and telemetry to find these convergence points in seconds, performing a task that used to take weeks for human analysts.
Identity sprawl as a weapon
Machine ownership now outnumbers workers 82 to 1. This creates a large web of keys, tokens, and service accounts. AI-driven tools excel at “identity hopping”, mapping token exchange paths from a low-security dev container to an automated backup script, and finally to a high-value production database.
Social Engineering at scale
Phishing has increased by 1,265% because AI allows attackers to reflect your company’s internal tone and “vibe” of efficiency. These are no ordinary spam emails; they are context-aware messages that go beyond the “red flags” staff are trained to spot.
Scenario #2: AI as the New World of Attack
While AI accelerates attacks on legacy systems, your adoption of AI creates entirely new risks. Attackers don’t just use AI; they directed it.
Model Context Protocol and Extreme Agency
When you connect internal agents to your data, you introduce the risk that it will be identified and turned into a “confused agent.” Attackers can use rapid injection to trick your public-facing agents into querying internal databases they shouldn’t have access to. Sensitive data surfaces and is leaked by the very systems you’ve trusted to protect it, all while posing as legitimate traffic.
Poisoning the Source
The effects of this attack extend beyond the time of exploitation. By inserting false data into the agent’s long-term memory (Vector Store), attackers create a dormant payload. The AI agent absorbs this toxic information and later provides it to the users. Your EDR tools only recognize normal activity, but AI is now acting as an insider threat.
Supply Chain Hallucinations
Finally, attackers can poison your stores before they even touch your systems. They use LLMs to predict “hallucified” package names that AI coding assistants will suggest to developers. By registering these malicious packages first (slopsquatting), they ensure that developers inject the backend directly into your CI/CD pipeline.
Retrieval of the Response Window
Traditional defenses cannot match the speed of AI because they measure success with the wrong metrics. Teams count alerts and patches, treating volume as progress, while enemies exploit gaps that accumulate in all this noise.
An effective strategy to stay ahead of attackers in the age of AI must focus on one simple, but important question: What are the key exposures to an intruder on your property?
To answer this, organizations must move from proactive documentation to Continuous Threat Exposure Management (CTEM). It is an operational pivot designed to align security exposure with true business risk.
AI-enabled attackers don’t care about a single discovery. They combine exposure together into effective routes to your most valuable assets. Your repair strategy needs to take that same fact into account: focus on intersections where multiple exposures reach, where one fix clears dozens of lanes.
The general action decisions your teams made this morning can become an effective attack method before lunch. Close the paths faster than the AI can calculate them, and you restore the exploit window.
Note: This article is well written and contributed to our audience by Erez Hasson, Director of Product Marketing at XM Cyber.
