CrowdStrike’s 2026 Global Threat Report documented an 89 percent surge in AI-enabled adversary attacks. The fastest observed breakout time — initial compromise to lateral movement — was 27 seconds. The average eCrime breakout now runs at 29 minutes. These are not projections. They are measurements from active incidents. The adversary side of the AI arms race is not coming. It is here, and it has been iterating for longer than most security programmes have been paying attention.
What does AI-enabled attack actually look like from inside a malware sample? I’ve spent the last four years reversing the tooling behind these campaigns, and the shift is visible at the binary level. Custom packers that mutate on each compile, using neural network-generated obfuscation that defeats YARA rules trained on static patterns. Implants that adapt their C2 communication cadence based on observed network behaviour, evading heuristic detections trained on fixed timing signatures. Social engineering lures generated by large language models that pass every readability test a security awareness programme would apply — because they were specifically optimised to do so. The craft of writing evasive malware, which used to require deep expertise, is being systematically automated.
The defensive response cannot be to work harder with the same tools. The tools are the problem. Signature-based detection was built for a world where malware samples were relatively static and catalogued. It has no theoretical mechanism to catch malware it has never seen, generated at scale by an adversary who knows your detection stack. The only viable response is detection that does not depend on prior knowledge of the threat — which means models that reason about raw behaviour, not patterns. Byte-transformer models trained on binary sequences rather than parsed structure can flag payloads that have never been catalogued. Anomaly detection trained on baseline network behaviour can identify C2 communication that looks legitimate by every static rule but deviates from how that host actually operates. These are not theoretical capabilities. They are in production, and they work.
The harder problem is organisational, not technical. Most enterprise security programmes have adopted AI for one use case: compliance monitoring and reporting. They have not adopted it for detection, response, or adversary analysis — the places where it matters most. The reason is usually resourcing and risk aversion: AI in detection feels less auditable than a deterministic rule, and false positives are politically expensive. This is a reasonable concern handled incorrectly. The answer is not to avoid AI in detection; it is to build the evaluation frameworks that make AI-driven detection auditable and the operational practices that make false positives a manageable cost rather than a career event. Organisations that get this right are building the ability to out-iterate adversaries. Organisations that do not are choosing to fight a 2026 threat landscape with 2019 tooling.
The gap between organisations that are ahead of this and those that are behind it is widening faster than most security budgets can respond to. The organisations I work with that have made the transition report not just better detection rates but a qualitative shift in what their teams are capable of: analysts who spend their time on genuine investigation rather than alert triage, IR teams that contain in minutes rather than days, detection engineering that ships rules based on original research rather than vendor advisories. That is what the other side of the transition looks like. The path there is not comfortable, but the alternative is worse.