Sreenath Kurupati, CTO and co-founder, Straiker.getty​When it comes to AI and security, most conversations—and headlines—tend to focus too much on intelligence. Public discussion typically centers on whether AI can outsmart human hackers. Media coverage frequently focuses on advances in reasoning, coding and autonomous problem-solving, fueling speculation that organizations are on the verge of facing machine-driven cyberattacks beyond human comprehension. Although it’s true that model capabilities have increased significantly, the framing misses the broader operational shift underway.​Business leaders need to understand that the bigger risk isn’t necessarily that AI has become a superior attacker but rather that AI has fundamentally changed the economics of cybercrime. Organizations have traditionally viewed cyber threats through a human lens, assuming attackers are constrained by time, expertise, staffing and operational capacity. AI challenges all of those assumptions simultaneously.​As a result, enterprise risk exposure is changing faster than traditional security assumptions.​Forces Reshaping The Threat Landscape​To understand how to defend the modern enterprise, it’s necessary to identify the three primary forces affecting the threat environment:​1. Increased Reasoning Capabilities: Modern AI systems can identify and connect vulnerabilities across complex environments. Multistep attack paths that once required significant expertise can now be discovered more efficiently.​2. Infinite Effort Changes The Economics Of Attack: Even a group of human attackers becomes constrained by time, fatigue and attention, but AI agents can test combinations continuously without interruption.​3. Scale Creates A New Challenge: Organizations are no longer facing a handful of attackers. AI enables hundreds or thousands of parallel attack attempts at relatively low cost.​A sophisticated human hacker can sit behind the scenes, guiding and nudging the autonomous swarm. Intelligence, persistence and scale together create unprecedented pressure on existing defenses.Why Legacy Systems Have Become The Softest TargetsLegacy vulnerabilities that have existed for decades are now being discovered and exploited, not necessarily because they're new, but because attackers now have unprecedented capability to find them. Technical debt is now becoming a security liability. Aging software was designed for a different, pre-AI threat environment; existing controls may not withstand AI-enabled attack volume​.There's a growing security divide between organizations. Large technology companies can invest heavily in continuous hardening and testing. Midmarket enterprises and legacy organizations may struggle to keep pace.​ For the latter two, leaders must reassess risk based on new attacker capabilities rather than on past spending.Ultimately, organizations must rethink their defensive posture. This includes adopting AI-driven testing, increasing investment in vulnerability discovery and preparing for a surge in both visible and silent breaches, especially across legacy systems.​Security's Next Unpopular Reality: Friction Is Coming Back​The long-standing business preference for convenience must be reconsidered. Organizations have spent years removing barriers from digital experiences. Speed and simplicity became competitive advantages.That's changing as AI-powered attacks increase the cost of frictionless environments. Additional verification and authentication measures may become necessary. Friction might be reframed as a trust-building mechanism. Customers increasingly value security and reliability. Visible safeguards can strengthen confidence rather than diminish experience.​The executive challenge lies in balancing growth, usability and protection. It’s crucial to determine where short-term convenience should yield to long-term resilience.​A New Leadership Playbook For The AI Attack Era​Only AI-driven defenses can protect against AI-driven attacks. It’s become imperative to use AI-based testing, validation and vulnerability discovery before attackers do, and to expand proactive security assessments across critical systems.​Leaders must prioritize resilience over perfection. Focus first on the most exposed legacy assets, then add layers of protection that slow attackers and limit damage. Accept that the threat environment has permanently changed; AI has lowered barriers to sophisticated attacks. That means intelligence is only part of the story. Security strategies must evolve from defending against skilled individuals to defending against scalable automated adversaries.​​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?