We’re fighting smarter, but the attackers are moving faster, says Cody Barrow, CEO, EclecticIQ.
Security teams now face more than 550,000 new malware variants every day, which is roughly one every 0.15 seconds. This scale illustrates how drastically the tempo of cyber threats has changed. Attackers are not just becoming more sophisticated; they are becoming significantly faster.
Artificial intelligence is now embedded across the entire threat lifecycle. Adversaries are generating polymorphic malware that constantly changes its code. They create deep-fake audio and video to impersonate executives. They are launching highly targeted phishing campaigns at volumes and speeds that would have been impossible only a few years ago. One such operation targeting European energy companies produced more than 50,000 tailored phishing emails in 14 languages.
AI also gives attackers new strategic advantages. Some threat groups use machine-learning to study defender behaviour, identifying ideal moments to strike. In extreme cases, attacks that once took days can now succeed in a matter of hours.
This acceleration is creating what many in the industry now call the speed differential crisis. Human analysts, no matter how capable, cannot investigate, correlate and respond at the pace required to stop attacks that evolve at machine speed. The gap between the time it takes to launch an attack and the time it takes to detect and contain it continues to widen.
Why traditional defences are falling behind
Many organisations still operate with fragmented tooling and limited visibility. Rapidly expanding attack surfaces, cloud growth and unsanctioned “shadow AI” projects make it harder to maintain an accurate picture of risk. A third of security teams find it difficult to operationalise the intelligence they collect (ESG, 2025), while 42 per cent say their biggest challenge is monitoring a rapidly changing attack surface.
This operational pressure benefits attackers. They no longer need to outthink defenders; they only need to outrun them.
Moving towards proactive, predictive security
Defenders now need to adopt an operating model built for speed. That means transitioning from reactive investigation to proactive and predictive security. Automated attack-surface discovery, continuous exposure assessment and dynamic attack-path modelling are becoming essential. These approaches enable organisations to focus resources on the areas most likely to be targeted and to take action before an intrusion occurs.
In our work with European financial institutions, we have seen the impact of this shift. Automation and intelligent correlation have reduced mean time to detection by around 70 per cent and lowered false positives by 85 per cent. These improvements are not derived from larger teams or bigger budgets, but from embracing AI as a force multiplier.
Beyond generative AI: the rise of autonomous agents
Generative AI has helped streamline tasks like alert triage and report writing, but the next step is the adoption of fully autonomous agents. These agents operate continuously, collaborate across systems and initiate responses in milliseconds. They do not wait for prompts. They monitor, correlate and defend as part of an integrated security fabric.
By 2027, many security teams will rely on specialised agents for intelligence collection, analysis and rapid response. This represents a significant shift in how cyber operations will be structured in the coming years.
Guardrails, trust and the evolving role of humans
Greater autonomy does not eliminate the need for human oversight. Every action taken by an intelligent system must be auditable, explainable and aligned with organisational risk thresholds. The most effective operational model is one built around graduated autonomy, where AI initially handles low-risk or repetitive tasks and expands its remit as confidence grows.
For analysts, this transition is empowering. Instead of spending their days chasing alerts, they focus on strategic priorities: understanding adversary intent, shaping defensive posture and strengthening organisational resilience.
The new operating model for cybersecurity
The next stage of cyber defence will be defined by effective collaboration between humans and intelligent systems. Human creativity and judgement will combine with machine speed and precision. In our Intelligence Center deployments, this partnership has already proven its value. Analysts spend less time on manual research and more time guiding and validating autonomous processes.
AI is not only changing the nature of threats; it is changing the nature of time within cybersecurity. Detection, decision and defence are beginning to merge into a single, near-instant cycle. In this environment, success will not favour the biggest organisations or even the smartest ones. It will favour those that can act the fastest.
A new urgency
The speed gap is real, and it is widening. Security leaders now have a narrow window to redesign their operating models and adopt the autonomous capabilities that will define the next decade of cyber defence. Those who act now will be positioned to outrun the next generation of threats. Those who wait will simply be overtaken.
