COMMENTARY: The role of a cybersecurity leader today has transformed from a mere gatekeeper of infrastructure to a crisis manager who combats highly-sophisticated attacks.
The stakes are higher than ever, as CISOs and their teams are bombarded by a constant stream of threats that grow in both frequency and complexity. AI-powered attacks drive this heightened pressure, coupled with traditional vectors such as ransomware and data breaches. The very tools that organizations use to safeguard their operations are often part of the problem, contributing to burnout by overloading teams with thousands of alerts.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
AI has been weaponized by threat actors to create smarter, faster, and more deceptive attack vectors. OpenAI recently stated that they have shut down more than 20 deceptive attacks in 2024, and there are probably dozens they miss.
Threat actors are getting better and better at simply prompting LLMs and then getting very sophisticated results. For example, BlackMamba was created using AI. It synthesized a polymorphic keylogger and was tested against an EDR system that did not raise an alert. Passwords, credit card details, and all kinds of valuable data assets just need to get sent to a Slack or Teams channel for the threat actor to access them. Imagine how powerful these tools are in the hands of an experienced hacker?
It’s no wonder CISOs feel the pressure.
Many existing security products that are used against these advanced AI-driven assaults focus heavily on detection, generating alerts in massive quantities, but fail to deliver clear, actionable intelligence. Security teams typically drown in data, sifting through alerts for clues that might indicate malicious activity. This volume of alerts exacerbates stress for CISOs and security leaders, who are already stretched thin.
Traditional SIEMs, vulnerability management tools and endpoint detection products might offer valuable insight into the security ecosystem, but they are limited by their reactive nature. By the time an alert gets flagged, it’s often too late to prevent damage. Worse yet, these systems cannot demonstrate which threats are most likely to result in data exfiltration, privilege escalation, or lateral movement, leaving security teams blind to the most critical vulnerabilities within their infrastructure.
Many of today’s existing security tools and models don’t account for the human element in attacks. A determined attacker doesn’t need access to sensitive data directly: they can use privilege escalation to move laterally across systems, hijacking user roles or exploiting weak infrastructure to gain unauthorized access. Now reimagine this with an AI attacker. Consider the scale and the speed.
Can humans keep up?
In most cases, breaches aren’t the result of a single vulnerability, but rather a series of weaknesses chained together. Security systems that detect and respond in isolation cannot map these multi-step attack paths, nor can they understand the complexity of human behavior in the way attackers manipulate systems.
So, how can CISOs compete with the looming threat of AI? Organizations need a paradigm shift: from reactive, alert-based models to proactive, AI-driven tools that can anticipate, simulate, and test against possible attack scenarios before they happen.
Use AI to fight AI
Proven, simulated attacks offer the only viable option to reducing the noise created by endless alerts. Through war-gamed attacks, AI can calculate every possible vector an attacker might use, which lets security teams focus on real threats. This approach highlights specific vulnerabilities in cloud assets, user roles and privilege escalation paths, giving security teams a clear understanding of how an attacker could exploit these weaknesses to cause catastrophic damage—whether through data exfiltration or ransomware.
An advanced, purpose-built AI can identify potential privilege escalations, lateral movements, and other critical points of attack, allowing organizations to neutralize threats before they become breaches. With a focus on prevention, not just detection, this technology ensures that security teams are no longer drowning in alerts, but are instead empowered to defend their environments with confidence.
In a world where cyberattacks have become faster and more sophisticated, only AI-driven, autonomous systems that simulate real threats can deliver the protection organizations need. Tools on the forefront of technology offer a path forward, promising CISOs and their teams the ability to proactively defend against AI-powered threats while reducing the stress and burnout that have plagued the cybersecurity industry for too long.
Adi Golan, director, solutions engineering, Skyhawk Security
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
