Rethinking MDR as Attackers and Defenders Embrace AI

Staff Editor 2026-06-12
Rethinking MDR as Attackers and Defenders Embrace AI

Rethinking MDR as Attackers and Defenders Embrace AI

https://thehackernews.com/2026/06/rethinking-mdr-as-attackers-and.html

Publish Date: 2026-06-12 07:00:00

Source Domain: thehackernews.com

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn’t staff around the clock, couldn’t hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now.

The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more convincing phishing at scale, automate reconnaissance, and create malware variants that evade signature-based detection. The attack surface has expanded from endpoint to cloud, identity, and network simultaneously. And yet MDR is still doing what it always did. Routing alerts to human analysts who triage what they can, in the order they can get to it.

That is no longer enough. The data we share below proves it and security leaders might consider exploring whether they have outgrown their MDR.

MDR’s 24/7 promise doesn’t cover 60% of your alerts

MDR promised 24/7 human coverage. What it delivered was a 24/7 human capacity to triage high-severity alerts. Those are not the same thing.

Across the industry, approximately 60% of alerts go unreviewed. That’s not a performance failure. Human teams, whether in-house or outsourced to an MDR, cannot process the volume of alerts that modern environments generate. So they do what any rational person does. They prioritize. P1s and P2s get worked. P3s and P4s pile up.

But this is exactly where attackers hide.

Analysis of 25 million alerts across global enterprises in 2025 found that nearly 1% of real threats originate in low-severity and informational alerts. In an enterprise generating 450,000 alerts annually, that translates to roughly 54 real incidents per year, about one per week, sitting in the deprioritized queue where no one is looking.

The breaches hiding in that backlog are not theoretical. They are happening right now, in organizations that believe they have coverage.

Note: The math behind the above statement assumes…

Source

More Stories

Pittsburgh cybersecurity company Qintel inks deal with Pentagon

Pittsburgh cybersecurity company Qintel inks deal with Pentagon

Staff Editor 2026-06-12
Webflow Web Design Agency Absurdity Wins Best Cybersecurity Marketing Agency at The Hacker News 2026 Cybersecurity Stars Awards

Webflow Web Design Agency Absurdity Wins Best Cybersecurity Marketing Agency at The Hacker News 2026 Cybersecurity Stars Awards

Staff Editor 2026-06-12
Marshall cybersecurity students earn national ranking | WV News

Marshall cybersecurity students earn national ranking | WV News

Staff Editor 2026-06-12

Terms and Conditions - Privacy Policy