AI Drives Cyber Attacks That Unfold in Minutes
AI Drives Cyber Attacks That Unfold in Minutes
https://www.govtech.com/security/report-ai-drives-cyber-attacks-that-unfold-in-minutes
Publish Date: 2026-03-24 16:34:00
Source Domain: www.govtech.com
Artificial intelligence is speeding up timelines for cyber attacks, a new report has found, creating what the authors call a widening “cybersecurity speed gap” between bad actors and defense efforts.
The report from Booz Allen Hamilton, published this month, shows that cyber criminals are now moving from initial access to broader system compromise in less than 30 minutes on average — and sometimes in seconds. And attackers are using AI as a collaborator in their speedier attacks. For example, AI is helping cyber criminals quickly create realistic phishing emails, research multiple targets in minutes and write malicious code even if they lack coding skills. It’s also enabling small groups to carry out campaigns that used to require larger, coordinated groups.
As a result, human defenders are struggling to keep pace with the speedy new landscape of AI-powered cyber threats.
Many cybersecurity processes — from alert triage to incident response — depend on human decision-making that can take days to weeks due to manual approvals, alert backlogs and other factors. That pace is no longer realistic for staying ahead of criminals, the report found.
The report also discusses barriers to entry, which have significantly dropped now that criminal organizations can code with AI tools, test exploits and refine attacks in “rapid cycles,” sharing these capabilities across their ecosystems. At the same time, AI adoption has greatly expanded the attack surface because it means that there are more platforms and workflows to target. One concern is that attackers are embedding hidden instructions in emails, documents or webpages that can manipulate AI systems or influence how they behave.
To close the speed gap, the report outlines several shifts for cybersecurity teams. First, containment should begin immediately through preapproved, automated actions that can occur while an intrusion is…
Source
