Artificial intelligence is now dramatically accelerating cyberattacks, reducing the time between vulnerability disclosure and active exploitation to mere minutes and leaving security teams with increasingly little time to respond.
Speaking with iTNews Asia, Philippa Cogswell, VP & Managing Partner, JAPAC, Unit 42, Palo Alto Networks, discusses how AI is reshaping the cyber threat landscape, compressing attack lifecycles, why identity has become the dominant attack surface, and what architectural shifts CISOs must prioritise in 2026.
According to Cogswell, AI is transforming how threat actors identify and weaponise vulnerabilities by automating the entire process from monitoring disclosures to testing and exploiting weaknesses.
“AI has accelerated the timeline from vulnerability discovery to active exploitation down to a matter of minutes,” she said.
While the core techniques used by attackers have not become more sophisticated, AI has enabled familiar tactics to be executed faster and at much greater scale.
Cogswell said the larger challenge is the interconnected nature of modern enterprise infrastructure. Most breaches are still enabled by exposure misconfigurations, limited visibility, or inconsistent controls rather than exceptional attacker sophistication.
Today’s intrusions frequently span endpoints, cloud environments, networks, identity systems, SaaS applications, and third-party integrations, allowing attackers to move laterally and amplify impact once initial access is obtained.
Attackers are now scanning for newly disclosed vulnerabilities within roughly 15 minutes of a Common Vulnerabilities and Exposures (CVEs) announcement, she noted, often beginning exploitation attempts before security teams have finished reading the advisory.
AI is creating a speed gap. Can defenders respond?
While attackers currently enjoy a significant speed advantage, Cogswell does not believe organisations are facing an unwinnable battle. “Defensive AI can realistically keep pace by enabling defenders to leverage their own data, automation and AI to deal with the complex and dynamic attack surface that they are required to defend,” she said.
She also emphasised that AI is most effective when combined with strong identity governance, least-privilege access, and high-quality security telemetry. Organisations that treat identities including AI agents as managed operational assets generate cleaner signals for detection systems and can contain incidents more quickly.
Cogswell said agentic AI can serve as a force multiplier for security operations teams, autonomously investigating alerts and accelerating response actions, provided organisations apply strong governance and identity controls to those systems.
Identity is now the new cyber battleground
One of the strongest themes from the discussion was the shift from malware-centric attacks to identity-centric attacks.
Attackers increasingly gain access through stolen credentials, hijacked sessions, and misconfigured privileges rather than complex exploits. Identity-related weaknesses now play a material role in the overwhelming majority of investigations, Cogswell said.
Attackers now prioritise authenticated access because it allows them to move faster, blend into normal activity, and amplify impact across systems with fewer obstacles than traditional malware.
– Philippa Cogswell, VP & Managing Partner, JAPAC, Unit 42, Palo Alto Networks.
She added that machine identities, including AI agents, are proliferating rapidly, creating new governance challenges that many organisations have not fully addressed.
Cogswell warned that attackers are increasingly bypassing multi-factor authentication (MFA) through session hijacking, token theft, OAuth abuse, deepfakes, voice cloning, and highly contextualised social engineering.
“Traditional MFA alone is no longer sufficient to stop these techniques. Organisations should adopt phishing-resistant MFA, including FIDO2/WebAuthn hardware keys and passkeys.”
Zero trust is moving from strategy to necessity
With identity now central to modern intrusions, Cogswell argued that Zero Trust can no longer remain a conceptual framework. Organisations must continuously verify users, devices, applications, and sessions throughout the interaction lifecycle.
Incremental steps like removing implicit trust, enforcing least privilege, validating sessions in real time, and inspecting both trusted and untrusted traffic can significantly reduce lateral movement and limit the impact of a compromise.
She stressed that effective Zero Trust requires consolidated visibility across network, cloud, and SASE environments so that internal “east-west” traffic is analysed and controlled in real time.
The priority for CISOs in 2026
For CISOs across Asia-Pacific, the message is becoming increasingly clear: as attackers operate at machine speed, security strategies must evolve beyond reactive defence. Cogswell said that responding at machine speed requires more than automation alone.
“Organisations must adopt proactive exposure management that starts well before deployment, embedding security into development, DevOps and CI/CD pipelines to identify vulnerabilities in code, open-source components and AI systems before they reach production,” she added.
While security operations are becoming increasingly autonomous, Cogswell stressed that the future remains human-led and AI-accelerated. “AI and automation will handle speed, scale and rapid response actions, while security analysts provide context, validation and accountability for critical decisions.
Click Here For The Original Source.
