COMMENTARY: Cybersecurity evolution has always been a cycle of adaptation. Adversaries innovate, defenders respond, and the cycle repeats. Historically, most cyberattacks fell into a volume-based model. Phishing campaigns, brute force attacks, and ransomware were cast broadly across thousands of targets with minimal customization.Now, artificial intelligence (AI) has driven a significant transformation in attack strategies, enabling a shift from spray-and-pray to surgical strikes.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]AI lets threat actors dramatically reduce the time and cost of identifying, profiling, and targeting specific organizations. What once took months of reconnaissance and planning can now be done in hours by a small, well-resourced group with access to AI tooling and publicly available data. This shift isn’t theoretical. It’s already happened.Our modern adversaries are agile, informed, and AI-enabledHistorically, highly-targeted attacks were reserved for high-profile targets or nation-state campaigns. They required deep knowledge of internal systems, executive profiles, third-party vendors, and IT infrastructure. Now, AI makes this level of targeting available to a much broader class of threat actors.Attackers use AI to scan digital footprints, analyze exposed credentials, scrape employee information, and identify outdated software or other weak points. Social media, GitHub repositories, press releases, vendor documentation, and job listings all feed the model. AI tools correlate these data points to uncover potential vulnerabilities, suggest social engineering vectors, and even generate plausible emails or deepfake audio to exploit trust.These tactics are no longer limited by manual capacity. A single attacker can use AI to profile and prioritize dozens or even hundreds of organizations at once, ranking them by likelihood of compromise and value of breach.AI has dramatically changed the scale, speed, and specificity of attacks. Organizations can no longer rely solely on broad defenses or hope that attackers will move on to easier targets. If AI makes it cheap to conduct deep reconnaissance, every company becomes a potential high-value target.The new threat landscape demands a new defense model. Organizations that can detect and respond to early signs of targeting will gain a critical advantage. The ones that can’t or won’t adapt may find themselves outmaneuvered before they even realize they are under attack.Dave Tyson, chief intelligence officer, iCOUNTERSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Think bank heist, not brute force
The difference in strategy is stark. Yesterday’s attacker resembled a street-level criminal, hoping to find an unlocked door or absentminded victim. Today, any AI-augmented threat actor can behave more like a professional bank heist crew.Imagine a team planning “Oceans 11” hits on major banks or casinos. Traditionally, they would physically stake out branches, watch guard rotations, and study alarm systems for months. Now imagine they have AI doing all that work—analyzing blueprints, satellite imagery, past incident reports, and social media posts to identify the best times and methods for entry. That’s what AI does in cyberspace, and it's happening in days rather than months.Attackers are no longer limited to generic payloads. They can deliver highly-customized campaigns, crafted to leverage a specific organization's environment, policies, personnel, and defenses. This has resulted in a sharp increase in high-confidence, high-success strikes, executed with the precision of tailor-made attacks.The defender playbook must evolve
Traditional cybersecurity models are built around generalized defenses. Firewalls, endpoint detection, antivirus, and patch management remain essential, but they are often geared toward broad-spectrum threats. When attackers leverage AI to elevate their campaigns, defenders must adapt their approach to combat intelligence, precision, and speed.Defenders need to move toward a model that mirrors the use of special operations in the military. We must complement large-scale, conventional defenses with agile, intelligence-led teams that can detect and counter specific threats before they strike. This model requires better situational awareness and earlier threat visibility.An important element of this approach is advanced cyber risk intelligence (CRI).CRI lets organizations detect signs that they are being profiled or targeted before an attack gets launched. It also helps defenders understand what weaknesses an attacker might prepare to exploit.Security teams must take action in at least these five areas:- Monitor the digital footprint: Continuously assess what the organization has exposed publicly, including metadata, employee information, and third-party connections.
- Practice early detection of reconnaissance: Deploy tools that detect subtle indicators of intelligence gathering activity directed at the company or its vendors.
- Harden internal AI systems: Secure in-house AI tools against manipulation, prompt injection, or unauthorized data extraction.
- Tailor threat intelligence: Shift from generic feeds to intelligence specifically focused on your industry, infrastructure, and risk profile.
- Ensure cross-functional readiness: Align IT, security, legal, communications, and executive stakeholders to respond quickly to AI-enhanced incidents.
