Darren Guccione, CEO and cofounder, Keeper Security.gettyMost cybersecurity leaders know AI is changing the threat landscape. Far fewer are doing anything about it.This gap is documented and measurable. Keeper Security recently surveyed practitioners at several of the world’s largest cybersecurity conferences, including RSA, Infosecurity Europe and Black Hat USA. Only 16% of U.S. security leaders said their organizations are fully prepared for AI-enhanced attacks. In the U.K., that number was 12%. Even in Germany, where zero-trust maturity is higher than in most markets, just 28% said they felt ready. These aren't junior IT staff—they're the people responsible for security at some of the world’s most sophisticated organizations, and most aren't confident in their own defenses.The Offensive Playbook Has ChangedThe numbers are striking, but the story behind them matters more. CrowdStrike's "2026 Global Threat Report" found that there was "an 89% year-over-year increase in attacks by AI-enabled adversaries," but raw volume isn't even the most alarming part. The average e-crime breakout time—the window between initial access and lateral movement expanding access within an organization—now stands at 29 minutes. The fastest recorded was 27 seconds. That's not a gap a human analyst can close.What's changed isn't just speed but also the creativity behind attacks. Attackers aren't only using AI to move faster; they're turning enterprise AI tools against the organizations that own them. CrowdStrike documented adversaries injecting malicious prompts into AI systems at more than 90 organizations, essentially weaponizing the tools companies bought to make their teams more productive.The Storm-2139 case is a clear illustration of where we are today. When Microsoft and the Department of Justice disclosed it in early 2025, people expected to hear about some sophisticated zero-day exploit. Instead, the group used stolen credentials to hijack Microsoft's generative AI services and resell access to other bad actors. That's it. There was no exotic malware or nation-state tradecraft, just compromised credentials and an access path nobody was watching closely enough.That tracks with what Verizon found in its "2025 Data Breach Investigations Report": Credential abuse is the top initial access vector, accounting for 22% of breaches. AI-assisted malicious emails have doubled as a share of the total over two years. The Federal Bureau of Investigation's "2025 Internet Crime Report" put business email compromise (BEC) losses at $3 billion, with $30 million of that tied specifically to AI-based fraud. The sophistication of the threat has increased, but the entry point is often the same one it's always been: an account that has too much access or one that nobody noticed was compromised.The Defenses Exist; The Deployment Doesn’tKeeper’s research found that 72% of security leaders see AI-powered anomaly detection as important to the future of privileged access management, and more than half of U.S. respondents specified AI-driven identity validation as the most transformative security technology coming in three to five years.The IBM "Cost of a Data Breach" report found 97% of organizations that suffered an AI-related breach didn't have proper AI access controls. Organizations that deployed AI extensively for defense shortened breach timelines by 80 days and cut costs by $1.9 million compared to those that didn't.What To Do NowThe Storm-2139 group didn't need a sophisticated exploit. All they needed was an API key that no one was watching. This is where most organizations are exposed—not at the perimeter but in the corners nobody is paying attention to. A credential exposure audit is the right starting point, but the scope matters more than just the exercise itself. Privileged accounts, service accounts and third-party integrations each deserve their own scrutiny because they fail in different ways and for different reasons. The core questions are the same for each: Who has access? Do they still need it? And is anyone monitoring what they're doing with it?The tools to close the gaps exist, but tools without governance are just infrastructure waiting to be exploited. What's still missing is clear ownership of AI access and the organizational will to treat that accountability with the urgency the threat demands.Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
AI Is On Both Sides Of The Fight Now
Most cybersecurity leaders know AI is changing the threat landscape. Far fewer are doing anything about it.







