Cybersecurity’s Fast and Furious Era: Why AI Must Be at the Core

The cybersecurity landscape is undergoing a significant transformation, driven by the increasing use of artificial intelligence (AI) by attackers. The traditional cat-and-mouse game between defenders and attackers has become more complex, with the introduction of generative and agentic AI altering the pace of attacks. What was once a gradual evolution has turned into a non-linear change, leaving the industry struggling to keep up.

The Rise of AI-Driven Attacks

Generative AI has made it easier for attackers to create convincing phishing emails, impersonate executives, and automate code exploits. Ransomware groups can now launch high-volume, rapid-fire attacks, compressing timelines and leaving defenders with limited time to respond. This shift from patience to aggression has significant implications for security operations centers (SOCs), which are no longer equipped to handle the speed and scale of these attacks.

According to Lior Div, co-founder and CEO of 7AI, the industry is witnessing a move from “low and slow” to “fast and furious” attacks. Attackers are using AI to sharpen their tools, making phishing emails more personal and less obvious, and reducing the time it takes to develop each one. This has resulted in an overwhelming number of alerts for SOCs, making it challenging for analysts to investigate and respond effectively.

The SOC Bottleneck

Security operations centers have become the nerve center of defense, but they have also become a significant bottleneck. The traditional model of tiered analysts, supported by managed security service providers (MSSPs) and a patchwork of tools, was not designed to handle the current level of speed and scale. Analysts are drowning in alerts, and the notion of “helping analysts work faster” is no longer sufficient. The industry needs a more radical approach to address the SOC bottleneck.

Richard Stiennon, chief research analyst at IT-Harvest, emphasizes the urgency of the situation, stating that proof of concepts have already been published for AI-automated attacks, and the time for enterprises to detect and respond needs to be shortened by two orders of magnitude. This can only be achieved by leveraging AI, which can process vast amounts of data and respond at machine speed.

Re-Balancing the Human-Machine Partnership

The path forward is not to replace humans with machines but to re-balance the work. Machines are better suited for repetitive, high-volume, rules-based tasks, while humans excel at strategy, creativity, and nuanced problem-solving. Agentic AI offers a way to divide labor, allowing machines to investigate end-to-end, document every step, and present a conclusion for human review. This approach gives analysts back time and focus for higher-order threats.

Div emphasizes the importance of documenting the steps taken by AI, just like a good analyst would, to ensure transparency and trust. This approach enables teams to audit the process rather than accept conclusions blindly. By re-balancing the human-machine partnership, the industry can unlock the full potential of AI and improve the efficiency and effectiveness of SOCs.

Trust and Transparency

Giving AI more autonomy raises valid questions about trust and control. How much control is too much, and how can bad calls be prevented in sensitive environments? Transparency is the answer, and AI must document every step of the process, from VirusTotal lookups to sandbox detonations, to ensure that teams can verify the decisions made by machines.

The Skills Debate

As AI handles the basics, there is a concern that the next generation of analysts may lose foundational skills. However, history suggests that tools reshape skills rather than erase them. Calculators changed what math students memorize, and GPS changed how we navigate. In security, AI’s ability to document investigations can double as a teaching tool, accelerating how analysts learn to frame better questions, validate AI work, and apply judgment at the strategic level.

The Geopolitical Imperative

The use of AI in cybersecurity has significant geopolitical implications. While the West debates AI guardrails, adversaries are pressing forward without hesitation, weaponizing AI to scale attacks. This raises a harder truth: defenders don’t have the luxury of waiting. If attackers adopt non-linear change first, they will gain the upper hand, and the consequences will be severe.

Adapting to Non-Linear Change

Cybersecurity stands at a turning point, and incremental improvements will no longer suffice. The industry must embrace non-linear change, deploying AI not as a helper for humans but as a partner that takes on repetitive work while humans focus on what only humans can do. The question is no longer whether AI belongs in the SOC but how quickly defenders can adapt before attackers leave them behind.