For most of the last decade, the conversation about artificial intelligence in cybersecurity has been a forward-looking one, full of hypotheticals about what attackers might eventually do once the technology matured. That window closed in September 2025.
When Anthropic disclosed in November that a Chinese state-sponsored group had used its Claude Code agent to autonomously execute roughly 80 to 90 percent of a cyber espionage campaign against thirty organizations, including major tech companies, financial institutions, chemical manufacturers, and government agencies, the conversation shifted permanently from “what if” to “what now.”
For business leaders, the implication is straightforward: the threat models you signed off on two years ago no longer describe your actual risk surface, and the assumption that AI-driven attacks were a problem for tomorrow has aged poorly in the last six months.
The new reality, in numbers
A handful of data points from credible 2025 and 2026 reporting tells the story plainly.
- Polymorphic AI malware now accounts for an estimated 76 percent of detected malicious software, with some strains rewriting their own code as often as every fifteen seconds to evade signature-based detection.
- Average breakout time, meaning the window between initial compromise and lateral movement, has compressed to 29 minutes, with the fastest observed breakout sitting at 27 seconds.
- AI-generated deepfakes now drive roughly 40 percent of business email compromise attacks, up from under five percent in 2023, with average per-incident losses of $4.1 million versus $1.3 million for traditional phishing.
- 87 percent of global organizations reported AI-driven incidents in 2025, and automated scanning now hits roughly 36,000 probes per second across the public internet.
- IBM’s 2025 Cost of a Data Breach Report found that 16 percent of all breaches involve threat actors using AI tools, with phishing (37 percent) and deepfake impersonation (35 percent) the dominant use cases.
The pattern across every credible source is the same: the volume, sophistication, and speed of AI-augmented attacks have moved past the point where SMB and mid-market defenses built for the 2020 threat landscape can hold the line.
Three categories that have already changed the game
Deepfake-enabled social engineering
The clearest illustration of where this is going remains the Arup case. In January 2024, a finance employee in the engineering firm’s Hong Kong office authorized 15 wire transfers totaling $25.6 million to fraudsters who had assembled a video conference populated entirely by AI-generated impersonations of the company’s CFO and several senior colleagues. The employee had initially flagged the original email as suspicious, then released the funds after the video call appeared to confirm legitimacy.
Arup’s CIO described the incident as technology-enhanced social engineering rather than a traditional breach. Two years later, the tooling to assemble a comparable attack is widely available, real-time voice conversion has dropped below 200 milliseconds of latency making live calls viable, and commodity services can clone a usable voice from three seconds of audio for under twenty dollars.
Autonomous attack orchestration
The GTG-1002 campaign disclosed by Anthropic in November is the documentation point everyone needed. Chinese state-sponsored operators framed their malicious work to Claude as legitimate penetration testing for a fictional cybersecurity firm, decomposed complex attack instructions into benign-looking subtasks, and then let the model run reconnaissance, vulnerability discovery, exploit generation, credential harvesting, and data exfiltration largely on its own across thirty targets. The volume of requests processed by the system reached rates no human team could approach.
What matters here is not the specific tool used, since OpenAI and Google have both disclosed comparable abuse of their own products in the months since. What matters is that the playbook is now public, the technique is reproducible, and the level of sophistication previously gated behind nation-state resources is rapidly diffusing to financially motivated criminal groups.
Polymorphic, machine-speed malware
Traditional endpoint protection works by recognizing known-bad patterns, file hashes, behavioral signatures, and indicators of compromise that have been seen before. Polymorphic malware authored or modified by AI defeats that model by changing its own code structure on every execution, sometimes every fifteen seconds, which means the static signatures that anchor most legacy antivirus and EDR products provide a shrinking detection rate against a growing percentage of what is actually being deployed today.
Why traditional defenses are now structurally outmatched
The uncomfortable conclusion sitting behind these three categories is that the architectural assumption of most SMB security stacks, which is that attackers move slowly enough for human review to keep up, no longer holds. When reconnaissance runs at machine speed, when malware rewrites itself faster than signature databases can update, and when the social engineering payload arrives as a convincing video of someone the employee has reported to for five years, the defensive perimeter that worked in 2020 is structurally outmatched.
This is not a vendor problem you can solve with one more tool. It is a posture problem that requires rethinking what you defend, how quickly you can see what is happening inside your environment, and who is watching when something looks wrong at 2 a.m. on a Sunday.
What leaders should actually do this quarter
Four moves that meaningfully change your risk profile in the next ninety days.
- Establish out-of-band verification for any financial authorization above a defined threshold. Require a confirmed callback to a known phone number, never a number provided in the original message, for every wire request, vendor banking change, or sensitive transaction. This single control would have stopped the Arup loss cold.
- Audit your detection and response stack against machine-speed threats. If your endpoint protection still relies primarily on signature matching, your incident response is structurally too slow for 27-minute breakout times. Behavioral analytics, continuous monitoring, and a 24/7 response capability are now table stakes, not premium add-ons.
- Run a deepfake-aware tabletop exercise. Walk your finance, HR, and executive teams through a scenario involving a video call from a fake CFO, a voice message from a fake board member, and a credential reset request from a fake IT lead. Most teams have never rehearsed this.
- Inventory and govern internal AI usage. Shadow AI tools your employees adopt without IT review become training data exposure pathways, and any unsanctioned use of generative AI inside your environment is a future attack surface you have not yet mapped.
The bottom line
The leaders best positioned for the rest of 2026 are not the ones with the largest security budgets; they are the ones who have stopped treating AI-driven cyber risk as a future event and started treating it as the current operating environment. The data is no longer ambiguous, the case studies are no longer hypothetical, and the assumption that your business is too small or too obscure to attract this class of attack reflects a threat landscape that no longer exists.
If you are looking at your current security posture and seeing more questions than answers, that is exactly the conversation we are built for. Start on
