Automating More Security Decisions Key To Keeping Up With AI Attacks: Experts

Many security decisions may need to be automated in a way that many organizations have thus far been uncomfortable with—due to the risk of business disruption, experts tell CRN.

While AI and agentic capabilities are transforming how cyber defense is done, it’s widely recognized that the same is happening on the attacker side.

What is less appreciated, according to some security experts, is the fact that defenders may need to accept a level of automation that previously would’ve been unthinkable.

Many security decisions may need to be automated in a way that many organizations have thus far been uncomfortable with—due to the risk of business disruption, experts told CRN.

“When you take action and you take down the CEO’s email, you’re worried about getting fired,” said Paul Nguyen, co-founder and co-CEO of identity security startup Permiso.

AI-powered attacks, however, are changing the trade-offs and may force security teams to adopt new calculus around automation in cyber defense. If attackers are increasingly operating at breakneck “machine speed,” defensive decision-making simply can’t remain at the pace of human thinking, according to experts.

“Autonomous attacks don’t change what attackers want—they change how fast they get there,” said Morgan Adamski, a principal and U.S. leader in the cyber, data and technology risk business at PricewaterhouseCoopers.

This means both a substantially greater volume of cyberattacks—as well as attacks that move much faster than in the past—is just about inevitable going forward, experts said.

The bottom line is that “there’s no way human-powered response is going to keep up with machine-powered attacks,” said Dov Yoran, co-founder and CEO of Command Zero, a startup offering an LLM-powered cyber investigation platform.

New findings from CrowdStrike have revealed a massive acceleration in “breakout time,” the time it takes for an attacker to move from one compromised host to another host. The cybersecurity giant’s recently released 2026 Global Threat Report found that the average breakout time for cybercriminals dropped to 29 minutes in 2025—equating to a 65-percent faster speed for the attacks.

Additionally, the fastest breakout time in 2025 was just 27 seconds, according to CrowdStrike’s report.

“That means defenders are facing an unbelievable amount of pressure,” said Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, during a recent briefing with media. “They have to deal with potential breach every 30 seconds. And so that is extensive work from their perspective.”

While security teams have perennially struggled with alert fatigue—an overload of alerts from tools, many of which end up being false positives—the acceleration of AI-driven attacks are certain to exacerbate the problem, according to security experts.

While security teams are “drowning in alerts,” Yoran said, AI is especially well-equipped for handling much of the “data drudgery” that takes up security analysts’ time, Command Zero’s Yoran said.

The Security Operations Center (SOC) is without a doubt one of the first places to deploy AI and agentic capabilities for automating more security decision-making, according to BlackLake Security’s Kurt Wagner.

With the help of “agentic SOC” tools coming onto the market, “you’re able to augment your SOC and automate a lot of the Level 1 and Level 2 work that’s usually done by analysts,” said Wagner, director of sales at Austin, Texas-based BlackLake, No. 311 on CRN’s Solution Provider 500 for 2025.

Going forward, many security teams are likely to have to confront a broader set of challenges in the age of AI-intensified attacks—including cultural issues, experts said.

“From a cultural standpoint, I think we also have to move to giving security a little more power—to be able to say, ‘Something really bad is happening. We have to be able to mitigate this now,’” said Permiso’s Nguyen.

At the very least, it will become entirely necessary to automate security responses to previously known threats, according to Gonen Fink, executive vice president of products for Cortex and cloud at Palo Alto Networks.

“I think there’s still customers that are hesitant to use this [technology] to make decisions on unknown threats,” Fink said.

However, with known threats, “you could go to a place which will be a completely autonomous, automated process—and leave the humans to look at [threats] that are completely new,” he said.

Around the tech industry, many engineering teams are embracing AI to maximize their productivity to the largest possible degree, said Ian Ahl, CTO at Permiso.

However, “I feel like on the defense side, we’re hesitant to embrace some of the new technology ourselves to fight back in this,” Ahl said.

That may not be optional for much longer, though, according to security experts.

In addition to enabling threat actors to accelerate and broaden their attacks, the rise of LLM-powered coding tools and “vibe coding” has meant a significant influx of new software—and new vulnerabilities.

“The massive amount of volume coming in terms of software projects is quite overwhelming,” said Peter Girnus, senior threat researcher at Trend Micro’s Zero Day Initiative. “I think the industry really has to figure out how to add that security piece between how these agents work—between the models and the tool chains and the various components of the AI ecosystem.”

Responding to critical zero-day vulnerabilities with automated deployment of new patches may also be an area that organizations will have to more seriously consider than in the past, according to experts.

Identity and access security issues, meanwhile, are another area that will need remediation more quickly than through a standard ticketing system, Nguyen said.

Ultimately, “if the adversary is automating your attack, you have to be able to also automate the response,” he said. “We have to change our risk appetite for the security team to be able to take mitigation action faster.”