AI-driven attacks compress cyber response window, demand new resilience approach
Frontier AI models enable autonomous attacks in 27 seconds, forcing enterprises to prioritize cyber resilience over traditional detection and prevention.

Presented by Rubrik Enterprise cybersecurity is facing a fundamental speed problem. Frontier AI models are now enabling autonomous attacks that can move from initial access to full system breakout in as little as 27 seconds. That's faster than any human-operated security workflow can detect, escalate, and respond.
As a result, security operations can no longer assume there is time for humans to respond between breach and damage. The security posture that enterprises need for the AI era centers on cyber resilience: continuously identifying clean recovery states, mapping critical data and identity dependencies, and automating restoration so that operations can recover in hours not days. 'Everything that relied on process or human-in-the-loop intervention is no longer going to be able to execute at the speed of the attacks,' says Dev Rishi, GM of AI at Rubrik.
'If the attacks are happening in 27 seconds, it means I need my recovery to happen just as quickly.' Traditional detection and prevention are failing against AI-driven attacks. The rules-based logic that has defined enterprise security for decades, such as static access controls, known signature detection and deterministic behavioral policies, was engineered for deterministic software. AI agents behave differently.
They're non-deterministic, capable of pursuing the same objective through many different paths, and increasingly capable of circumventing static guardrails by finding alternative routes when one is blocked. The deeper problem is that conventional security logic checks identity, permissions, and access, and asks whether each individual access is permitted. But it can't evaluate whether a sequence of permitted actions, taken across multiple applications, constitutes either a data leak, a destructive operation, or an attack.
'You need a system that can understand context,' Rishi says. 'You need to use AI to look at what an agent is doing and say, 'it looks like what you're doing might be a risk of leaking sensitive data externally.'' Enterprise security has historically maintained a meaningful distinction between external and internal threat vectors. External threats can be multidimensional, lightning fast, and come from a variety of vectors.
On the other hand, internal threats were traditionally bounded by what a single human actor could accomplish before detection, constrained in speed, scope, and scale, but that distinction is falling apart as AI agents operate inside enterprise environments. These agents have access to multiple systems simultaneously and move at speeds no human employee can match. When an agent makes a mistake, such as a hallucination, misread instruction, or an unintended data transfer, the resulting damage can look operationally identical to a malicious insider attack.
Source: VentureBeat