AI-driven cyberattacks demand resilience over traditional prevention, experts say
The cybersecurity landscape is undergoing a fundamental shift due to frontier AI models, which enable autonomous attacks capable of compromising systems in as little as 27 seconds. This speed far surpasses human-operated security workflows, rendering traditional detection and prevention methods insufficient. Dev Rishi, GM of AI at Rubrik, emphasizes that security operations can no longer rely on human intervention between breach and damage. Instead, the focus must pivot to cyber resilience, which involves continuously identifying clean recovery states, mapping critical data and identity dependencies, and automating restoration processes to recover systems in hours rather than days.
Traditional security relies on rule-based logic designed for deterministic software, but AI agents are non-deterministic and can find multiple pathways to achieve objectives, circumventing static defenses. These agents can also blur the lines between internal and external threats, as their access to multiple systems and high speed of operation can mimic malicious insider activity or amplify the impact of a compromised external attacker. Rishi advocates for an AI-native guardian layer that monitors agent behavior semantically, understands intent across actions, and can terminate misbehaving agents at machine speed, triggering immediate recovery.
The inevitability of attacks, driven by AI's ability to discover zero-day vulnerabilities, necessitates a strategic investment in resilience and rapid recovery. This reframes recovery from a post-incident activity to a designed and continuously validated capability. True cyber resilience requires both real-time intelligent enforcement and automated recovery. Rubrik's approach leverages small language models (SLMs) for efficient, low-latency enforcement, enabling immediate detection of destructive actions, identification of the last clean snapshot, and automated restoration. This shift moves security from a focus on detection to architectural resilience, aiming to shorten the gap between detecting an issue and restoring affected systems.
The rapid evolution of AI in cyber warfare presents a significant challenge to existing security paradigms, which were designed for a slower, more predictable threat landscape. The core issue is the compression of the attack-to-impact window, moving from hours or days to mere seconds, which outpaces human-centric response mechanisms. This necessitates a strategic reorientation towards 'resilience'—the ability to withstand and rapidly recover from inevitable compromises—rather than solely focusing on prevention. The integration of AI within enterprise systems, while offering potential benefits, also introduces new attack vectors and complexities, blurring the lines between internal and external threats and demanding sophisticated, AI-native monitoring and enforcement. The economic viability of such advanced security measures hinges on efficient AI models, suggesting a future where smaller, specialized models play a crucial role in real-time threat interception and automated recovery, balancing cost and performance.
AI-generated to prompt reflection — not editorial opinion, not advice, not a statement of fact. How this works.