Cybersecurity & Tech

Driven by AI, the Future of Cybersecurity Will Resemble the Past

Jason Healey
Wednesday, July 15, 2026, 9:55 AM

AI in the near term may drive cybersecurity back to its roots, when widespread vulnerabilities, not deceptive intrusions, drove incidents.

Screen of code breaking (TheDigitalArtist, https://pixabay.com/illustrations/hacking-cyber-crime-security-hacker-2077124/; Creative Commons Zero (CC0))

Taking the advice of those of us on the security team, the investment bank cut off internet access for a week. It was January 2003, and a worm dubbed “SQL Slammer” had just “crippled global Internet activity,” including us. We did not have a big red “off” button, but the impact was the same: a complete digital quarantine while we patched the underlying vulnerability. I helped oversee reconstituting and tallied up the millions of dollars of impact afterward.

SQL Slammer was just the latest worm that set the cadence of cybersecurity careers, taking down large portions of the early cyberspace every few months through hacks known as Melissa, ILOVEYOU, Code Red, Nimda, Klez, Sobig, Blaster, MyDoom, and Sasser.

As eminent cybersecurity experts wrote in 2003, these worms “spread from one to another computer at high rates” because “they did not have to guess much about the target computers because nearly all computers have the same vulnerabilities.” No need for James Bond when a hammer would do.

Insecurity was driven by vulnerability, not deception. SQL Slammer did not even have a malicious payload; it just deluged networks with scans. Less than 10 minutes after being released, it scanned over 90 percent of the entire internet, essentially infecting all vulnerable machines.

This is our likely near-term future, with vulnerability again being the clear dominant factor as defenders struggle to patch tens of thousands of new vulnerabilities discovered by artificial intelligence (AI). At some point, an AI-cyberdefense umbrella might prevail, but that future is speculative.

Besides the technical and operational challenges, few states will be pleased to outsource their cybersecurity to a handful of U.S. or Chinese companies.

First, an Age of Vulnerability, Not (Too Much) Deception

The relative importance of deception and vulnerability shifts across adversaries and targets. For threat actors, vulnerability generally matters more when they do not care much what they target, with smash-and-grabs against many targets. This appeals to virus writers, ransomware gangs, and states looking for large-scale disruption. Deception is more useful for intelligence agencies that can lurk for long periods, seeking specific information from well-defended targets.

Their relative importance has shifted over time, as well. In early cybersecurity history, while the importance of deception was swamped by rampant vulnerability, it still mattered for quiet espionage. Today’s “advanced persistent threat” is a newer label for an older kind of adversary. Annex E of the influential 1991 report “Computers at Risk,” the first to discuss how cybersecurity needed to adapt for the internet age, warned about “high-grade threats,” who are “patient and motivated” with “extensive resources in money, personnel, and technology,” and “capable of exploiting a successful attack for maximum long-term gain.” Often rich with available vulnerabilities (even so-called zero-days, not yet known to defenders) to target, deception is far more important to such elite adversaries.

This has been a constant in the intervening 35 years. But what has changed is the number and impact of such adversaries and incidents. In this early internet, there were important intrusions in which the threat actors relied on deception to lurk for months or years as they looked for money or information to steal: the “Cuckoo’s Egg” espionage case of 1986, Vladimir Levin’s theft of $10 million from Citibank in 1994, the Moonlight Maze espionage case of the late 1990s and early 2000s.

But such deception-reliant incidents usually lacked the salience they have today, either driven by amateurs looking for lulz or bragging rights (since there were no easy paths to monetize intrusions) or state espionage agencies (whose operations were rare). There was no meaningful constant contact between military or intelligence forces nor enough incidents to demand persistent engagement to impose costs.

By comparison, vulnerability led to most of the cybersecurity issues affecting practitioners and policymakers.

The very first White House cybersecurity summit was in response to a denial-of-service attack against e-commerce sites like Amazon, eBay, and Yahoo! by a teenager dubbed “mafiaboy.” The White House’s 2003 National Strategy to Secure Cyberspace did not mention Solar Sunrise or the other espionage cases but did highlight Nimda and Code Red as examples of attacks “with little or no warning [that] spread so fast that many victims never have a chance to hear the alarms.”

Against such attacks, our bank should have had ample defenses: a risk-informed governance culture overseeing a strong security operations team and vulnerability management program. None of that mattered in the face of Nimda, Code Red, SQL Slammer, and the other worms for which I had to lead the response. All leveraged Microsoft’s insecure software.

We were not alone. These worms caused over $250 billion (in 2025 dollars) in economic losses between 1999 and 2004, according to the best estimates from Tom Johansmeyer. (Those of us with the scars from these non-state rampages tend to worry more about offense-advantage than do those who study international affairs, who tend to assume incidents by states are not “high-end” enough.)

Then an Age of Both Vulnerability and Deception

What changed so that deception became subsequently more important?

First, system-wide vulnerability decreased. Companies and policymakers successfully pushed Microsoft to make massive security changes. As retold by Scott Shapiro in “Fancy Bear Goes Phishing,” the “Windows assembly line came to a screeching halt. Eighty-five hundred Microsoft employees stopped working on feature development for Windows products. For the next two months, security engineers retrained the Microsoft staff ... to design secure software.”

Second, the growth of the modern cybersecurity industry brought layered defenses, as Jon Lindsay summarized in “Age of Deception.” In particular, “widespread offensive Chinese operations … catalyzed innovation in network defense. We have China to thank, in no small part, for the professional state of the art in cybersecurity.”

Third, the mid-2000s saw the “rise of the professionals,” when both non-state cyber criminals and state intelligence agencies ramped up, using more deception-reliant intrusions to gorge on the intelligence and (cryptocurrency-driven) feasts to be had.

While deception remains the most important factor for long-term intrusions, as documented by Lindsay, it has not eclipsed vulnerability.

Vulnerability, after all, drives scale:

  • Ransomware gangs—such as the worm authors of decades ago—rapid-fire attacks with the lightest dusting of deception needed for serial smash-and-grabs (well, intrude-and-encrypt).
  • Supply chain attacks, including against SolarWinds, are another kind of such one-to-multitude attacks, where one success leads to hundreds and thousands of further intrusions.
  • Flaws such as Heartbleed, log4shell, and MOVEit drove waves of intrusions while the Chinese-linked group Hafnium caused havoc with a vulnerability driven smash-and-grab across tens of thousands of machines. This nearly deception-free campaign was so severe that the Department of Justice got an unprecedented court order authorizing law enforcement to intrude into victims’ computers to remove the Chinese malware. Secretary of State Antony Blinken condemned China’s “pattern of irresponsible, disruptive and destabilizing behavior.”
  • And vulnerability allows state-based intelligence and military operators to amass “large numbers of devices” as hop-points and infrastructure, which “yields even greater leverage that magnifies the agility and effects of an attack,” according to Chris Inglis, a former deputy director of the National Security Agency and the inaugural national cyber director.

The AI-Driven Cleansing Forest Fire

Since the Defense Advanced Research Projects Agency’s Cyber Grand Challenge, a competition to develop autonomous hacking, a dozen years ago, cyber defenders have known that AI would find vulnerabilities faster than they could be patched.

The machine that ultimately won, Mayhem, in 2014, “found nearly 14,000 unique vulnerabilities” in Debian, a popular version of Linux; “then it narrowed that list down to 250 that were new and therefore deserved the highest priority.”

This success in finding vulnerabilities to exploit required a dedicated team with a specialized supercomputer. The new AI technologies, most famously Mythos and Fable, have made those powers available to everyone.

Mythos-class AI technologies are not only more adept at zero-days, but they can do more even with known vulnerabilities (called n-days). Anthropic found that within just a few hours, using known vulnerabilities, “Mythos Preview … not only produced a full chain exploit, but produced eight distinct exploits” for well under $20,000. And AI-discovered vulnerabilities are worrying; even before Mythos, the number of flaws that were both highly exploitable and high severity jumped 36 percent in one year.

The impact on defense will be profound. Former White House cyber coordinators Rob Joyce and Michael Daniel have complementary assessments of the dangers as, respectively, a great cleansing forest fire of old software and “our legacy technical debt” coming due.

Just five years ago, there was a gap of 10 months between the disclosure of a vulnerability and the first confirmed in-the-wild exploitation. Now the gap is down to 3 hours. Yet organizations take 243 days on average to patch vulnerabilities.

As summarized by Hacker News, since 2025, “several measures of cybercrime frequency and severity approximately doubled. Instances of malicious packages discovered on public repositories increased by 75%, cloud intrusions increased by 35%, and AI-generated phishing began outperforming human red teams entirely.” Worse, researchers recently documented the first case of “agentic ransomware infection with an [AI]—not a human—driving the entire extortion operation.”

Success of the AI-Cyberdefense Umbrella Will Be Highly Conditional

There are many potential roadblocks to an AI-cyberdefense umbrella that protects all needed systems and networks from such vulnerability-driven onslaughts.

Patching vulnerabilities will always be more difficult than finding them, requiring “engineers, operators, security teams, and business leaders to validate changes, manage risk, preserve functionality, and drive adoption across complex organizations.”

A successful AI-cyberdefense umbrella “will still depend on human judgment, institutional will, and organizations prepared to do the hard work of acting on what these systems reveal,” writes Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency. These are exactly the qualities lacking in the past, with far more global governance and cooperation. It is not clear that they may miraculously be found now.

Fortunately, the upside of a “great cleansing forest fire” is that a new ecosystem would grow out of the destruction, in which all vulnerabilities have been discovered and patched. Deception may again gain prominence.

Until then, AI-driven defenses’ main benefits will accrue to two populations: the “security one percent” of defenders with the requisite budgets and maturity, and those who must shelter under the outsourced AI-cyberdefense umbrella of major AI companies and platforms.

That AI-cyberdefense umbrella will be large but far from universal. Operational technologies, such as those used in industry and critical infrastructure, fall outside traditional information-technology protections, as do medical devices and legacy hospital hardware, satellites, weapons systems, and other high-profile targets. Likewise, consumer Internet-of-Things devices, such as smart appliances or baby monitors, and edge devices such as home routers usually fall outside enterprise defenses, which criminals and intelligence agencies target routinely.

Worse, the coverage and strength of the AI-cyberdefense umbrella is beholden to sometimes capricious politics, as Anthropic just discovered with the unprecedented and short-lived federal shutdown of its Fable 5 and Mythos 5 models. In the extreme partisanship of U.S. politics, either or both parties may turn against AI companies, infrastructure, and executives.

And as I wrote in 2017 for the Columbia University-convened New York Cyber Task Force (because of Mayhem, equating supercomputers with AI):

It is entirely possible that by 2025 or 2030, a supercomputer-driven attack could overwhelm any traditional cyber defenses on the planet; only a supercomputer-driven defense could react in time …. These conditions would call for centralized monitoring and response, handing more power to large corporations and governments.

If AI defenses are most effective when centralized, to assess ever more data and provide near-universal coverage, the cyber defenses of the entirety of humanity will need to rely on a small number of the largest AI labs and platforms that can achieve such planetary scale. Those already strong companies will only get more powerful, raising substantial antitrust and social justice issues.

The sovereignty concerns are far more grave. If they can even afford their services, other countries may have to outsource the cyber defense of their societies and critical infrastructure to U.S. and Chinese companies. Such existential dependence will be especially bitter as geopolitical tensions spike and global governance evaporates. Europe might yet be large and cohesive enough to develop its own umbrella, but all others may need to choose their protector (if they have the cash) or be left to the wolves.

Preparing for What’s Next

It is always an oversimplification to reduce any analysis of a complex topic, such as the interplay of cyber offense and defense, to just one or two factors.

AI will affect not just deception and vulnerability, but also relative organizational capability, complexity and uncertainty, and even the scale of blast radius achievable from an operation. The killer defensive application of AI may not be about vulnerability or deception at all, but about simplifying defensive collaboration, speeding recovery times, or closing long-standing workforce shortages.

Still, all things being equal, academics such as Lindsay and Lennart Maschmeyer are correct to highlight the role of deception and to predict continued difficulties for attackers at the high end of sensitive-target espionage operations. Even empowered with AI, attackers will find it hard to conduct complex operations that require extended presence to steal precise information against determined defenders.

What’s to be done? Available recommendations can seem unequal to the challenge; those from the Cloud Security Alliance are the best so far. Not just relying on AI to accelerate the productivity of defensive teams and to improve vulnerability discovery and remediation capabilities, they also suggest building collective defense. Tellingly, they call on security teams to prepare for burnout.

Beyond that, defenders need to be agile most of all. Regulators must ensure new rules are flexible and AI-friendly. And because government bureaucracies are the least dexterous organizations on the planet, defenders should be prepared to rebuild a new cyber architecture with as little dependence on governments as possible.

The AI-defense umbrella may prevail: the “beginning of the end of cybersecurity as we know it.” But to achieve that state of heaven, we must prevail on a march through years of hell first.


Jason Healey is a senior research scholar at Columbia University’s School for International and Public Affairs. He has twice worked cyber issues in the White House, including as a founding member of the Office of the National Cyber Director, and helped create the world’s first cyber command, in 1998. He is a founding member and past president of the Cyber Conflict Studies Association and is a review board member of the DEF CON and Black Hat security conferences.
}

Subscribe to Lawfare