SAN FRANCISCO – As always, each RSA Conference has its share of buzzwords: Cloud. Ransomware. Zero trust. All over the 87 acres of the Moscone Center complex, plastered on every booth, banner and bar. AI took center stage this year with vendors touting AI-based solutions to fix every conceivable security issue. However, something else stood out at this year's conference, namely that top-level industry officials warned about being disrupted by the very AI tech that everybody was hawking.
Unsurfaced.com sat down with Kevin Mandia, founder of Armadin (an AI-focused security firm), Morgan Adamski, a former executive director of U.S. Cyber Command, and Alex Stamos (researcher and former CSO of multiple large tech firms) at this year's conference. They told our team that the security industry is beginning to enter a historically unprecedented two- to three-year period of significant upheaval caused by AI systems finding vulnerabilities exponentially faster than defenders can address them. "We're just reaching the tipping point," Stamos said. "Over the next two to three years it'll be crazy." He predicted that AI systems will generate so many working exploits that they'll overwhelm defenses at nearly every level of the kill chain.
Mandia gave a somewhat tighter prediction. "This is a perfect storm for offense over the next year or two," he said.
According to the executives, the root cause of the problem is speed. Because AI enables finding vulnerabilities at nearly trivial speeds, but remediation requires time and effort, there exists an ever-growing gap that gives advantages to attackers throughout the kill chain. "Asymmetry in the cyber space allows someone on offense to create problems for millions of defenders," Mandia explained. "Speed amplifies that asymmetry." Mandia added, "There's an advantage to attackers in the short run as they begin to deploy models and agents to perform much of the offense."
Exponential Bug Discovery
That trend is already happening. Stamos noted that foundation model companies are currently holding tens of thousands of bugs that were found using AI-assisted tools that they do not have enough resources to validate or repair. "Exploit discovery has gone exponential," Stamos said. "What we have not seen go exponential yet is taking that exploit and turning it into working shellcode that bypasses protections on modern processors." Six months or a year from now, Stamos believes that AI will be producing sophisticated exploits automatically.
To demonstrate his point, Stamos cited examples of AI systems identifying flaws in decades-old code reviewed by thousands of developers and security professionals. In one instance, he stated that an AI system found a flaw in Linux kernel code that humans did not identify for years. According to Stamos, the "superintelligent" system was able to find a way to trick the computer into a position where the flaw was identifiable, and he said he wasn't certain how a human could have found that.
The rapid discovery process is causing what Stamos referred to as "a huge collective action problem". With each subsequent generation of AI models, hundreds of new vulnerabilities could be uncovered in foundational software. "It's entirely possible that everything we've developed using memory unsafe languages, without formal methods, isn't truly safe against super-intelligent bug-finding machines," Stamos said. "Therefore, we need to completely rebuild our basic infrastructure upon which we all rely. And no one is doing that."
The timeframe for when these types of capabilities become common is measured in months. When Chinese open source models like DeepSeek or Alibaba's Qwen reach the same performance as current American foundation models, Stamos states, "you'll have every 19-year-old in St. Petersburg with the exact capability as top-tier vulnerability researchers." Models trained on existing shellcode are already reasonably good at generating exploit code, he said, and possibly capable of producing EternalBlue-quality exploits within a year. That was the NSA-developed exploit released in 2017 that was used in both WannaCry and NotPetya attacks and continued to function for years due to how difficult it was to develop. "When that gets turned loose as needed," Stamos said.
Agents Already Beyond Human Scale
Mandia's company Armadin has developed AI agents that can autonomously penetrate networks, and he said those capabilities would be disastrous if used maliciously. Unlike human attackers who must type commands manually and await responses, AI agents operate across hundreds of threads simultaneously, calculate command output before it arrives, and execute follow-up actions in microseconds.
"The scale and range and complete recall of an AI agent penetrating you and overwhelming you is not comprehensible to humans," Mandia said. "If the old method was a red team attempting to breach your environment with a human behind a keyboard typing commands, that's child's play compared to" what AI agents can accomplish.
Those agents can defeat Endpoint Detection and Response systems within an hour, Mandia said, and operate at human speed to circumvent rate-limited detection systems. After breaching a network, an AI agent can review documentation, capture packets and read technical manuals faster than humans can read them, and design customised attacks based on control systems in real time.
"When you construct the offense, it frightens you," Mandia said. "If we release 'the beast' today, no organization will be prepared for it."
Mandia said Armadin recently conducted penetration testing with a Fortune 150 company with a robust security team and found either RCE vulnerabilities or data leakage pathways in every application they tested. "Both of us were stunned," he said.
That paradigm changes the nature of questions asked by boards after penetration testing. Traditionally, directors want to know what percentage chance existed that an attack shown during penetration testing occurred in reality. "With humans, you'd never be able to answer that question," Mandia said. "However, with AI, it's 100%. It's coming. It will be cheaper and more effective."
Impossible Timelines for Defenders
At the same time the threat landscape is compressing attack timelines, organisational realities are headed in the opposite direction. Adamski (U.S. Lead for PwC's Cyber, Data & Technology Risk practice) said CISOs are under pressure from their boards and CEOs to implement AI rapidly; many boards and CEOs are seeking to reduce headcounts, while compliance regulations remain static and threats increase.
"CISOs are being squeezed from two sides: they cannot delay implementing AI due to demands from their board and CEO," Adamski said. "All SOC 2 requirements still exist. ISO 27000 requirements still exist."
Stamos said that the difference between remediation times (i.e., patching) and attack times will grow exponentially worse. He stated that since only sophisticated adversaries were able to reverse engineer Microsoft's Patch Tuesday patches and turn them into exploits prior to AI, once AI enables others to do so, all users will have access to those same capabilities. "You'll be able to take the patch and plug it into Ghidra, using an agent and come up with [an exploit]," he said.
"I'm calling it Exploit Wednesday," Stamos said.
Most CISOs are attempting to add AI components into their existing Security Operations Centers (SOCs); however, the executives said that this approach is inadequate. "They are not stepping back to see the larger picture. We have a fundamentally deeper problem in terms of how to rethink and rebuild an entire cyber-defense ecosystem that is exclusively designed for machine-to-machine communication via AI," Adamski said.
Opening Pandora's Box
Beyond national security concerns regarding AI's ability to disrupt critical infrastructure, another layer of complexity complicates the issue further, specifically what other countries have accomplished with AI. Mandia stated that he believes the U.S. has significantly less than 50% of the AI capabilities currently employed by modern nation-states today. "They are waiting for someone else to open Pandora's Box," Mandia said.
Stamos stated that the operational tempo benefits U.S. adversaries. Russian intelligence services collect operationally relevant data from dozens of ransomware victims per day and can then apply that operational knowledge toward training their own offensive AI systems. "We don't have that level of operational tempo in the U.S.", Stamos said.
Adamski stated that developing any form of offensive AI capability in the U.S. carries inherent risks, specifically that any developed capability could potentially be used against the U.S. as well. "Every time you introduce something new into an ecosystem, you're giving them something new to use back against you," Adamski said.
Stamos said that the effects of AI on cybersecurity will probably harm society before impacting other areas, due to the fact that barriers to entry for conducting cyber operations are already relatively low in comparison to most other forms of warfare. "We permit Tuesday events in the cyber realm which we view as acts of war in any other realm," he said. "I believe this is where AI will be first utilised to harm people, via cyberattacks."
A Timeline of Two Years, Maybe
The executives provided some optimism that AI could potentially help advance defensive capabilities quickly, specifically by providing cost-effective means of scaling security testing and allowing for autonomous response systems. However, whether or when defensive capabilities can keep pace is dependent upon immediate action.
"It could happen within two years if we succeed," Stamos said. "Within two years is the absolute minimum if we actually start repairing code and reworking things into type-safe languages using formal methods."
Mandia expressed hope for success "in a few years" when defensive AI agents effectively train autonomous defensive systems; however, he emphasised how severe the situation is today. Organisations will need automated systems capable of isolating anomalous activity instantly as traditional detection and response timelines collapse.
"You won't have time to hire Mandiant on a Thursday afternoon, negotiate a contract, etc. You will have to defend yourself at machine speed," Mandia said.
Stamos advised defenders to plan accordingly, specifically assuming they will not be able to patch their way out of this problem and planning for defense-in-depth strategies focused primarily on preventing lateral movement and persistence, which are harder for AI to automate than initial exploitation.
Even with those plans, all parties agreed that organisations must assume they are running out of time quickly, if not already out of time.
Adamski summarised the impending crisis confronting the security industry:
"AI will potentially force us to pay for the sins of yesterday."