SAN FRANCISCO — AI will be much more helpful to amateur cybercriminals than to sophisticated threat actors in the near future, a former senior FBI cybersecurity official warned at the RSAC 2026 Conference here on Monday.
Despite all the hype about sophisticated AI-powered hacking capabilities, “I still think the threat is really [centered] on that wannabe, novice group trying to use some of these orchestration attacks to make themselves more effective,” Cynthia Kaiser, the senior vice president of the security firm Halcyon’s Ransomware Research Center, said during a panel about the legal and security challenges associated with businesses’ increased AI use.
Her mention of orchestration was a reference to hackers’ use of the Model Context Protocol and other orchestration platforms to connect AI tools to third-party services, thus expanding the potential reach of their abusive tactics.
Low-level AI-fueled attacks won’t be complicated to block, but a tidal wave of them will still be able to overwhelm defenders, said Kaiser, a former deputy assistant director of the FBI’s Cyber Division. “The volume is about to increase substantially,” she warned.
That will increase defenders’ fatigue, she said, as security operations center (SOC) personnel have to deal with far more potential incidents than in years past.
And even half-baked attacks can still cause problems.
Kaiser described one incident that Halcyon observed in which the hackers’ reliance on AI turned out to be their undoing.
“The actors had actually created this whole ransomware [attack chain], and they used AI across the [various] tasks and then ugly-chained it together,” she said. But in the end, “they forgot to actually make something that allowed [encrypted files] to be decrypted. … You need a place to put the key, like a keyhole, and they forgot to make the keyhole.”
These attacks are “not great,” Kaiser said, “but they’re dangerous, they’re destructive, and they’re just fatiguing.”
Fighting AI with AI in cyberattacks
Jennifer Burnside, a practice leader with Google Cloud’s cyber crisis communications and response team, said the only effective way to triage an avalanche of AI-fueled attacks was with defensive applications of AI, particularly autonomous agents to which SOC employees can delegate some laborious tasks.
“You have to fight AI with AI,” Burnside said. “That’s just the bottom line. … That response shifts towards proactive defense using those AI agents — it’s a huge growth area.”
Kaiser added that the growing number of attacks meant “shorter patch-to-exploit windows, more tailored social engineering and faster iteration” from threat actors.
“Organizations that prioritize strong cyber hygiene, identity-hardening, rapid patching of vulnerabilities and resilient containment and recovery are really going to be best positioned to withstand the advances that AI is giving our adversaries,” she said.
