The 2024 Hong Kong Deepfake CFO Scam, in which fraudsters used AI-generated deepfakes to authorize a $25 million transfer, is a stark illustration of a rapidly escalating cybersecurity threat, according to security leaders. The incident underscores a fundamental shift in the landscape, where autonomous AI agents are now capable of launching attacks at machine speed, exploiting vulnerabilities far faster than traditional defenses can respond.
A growing consensus within the cybersecurity community is that conventional security approaches are no longer sufficient. “We must reframe 95-98% compliance as 2-5% exposure,” a sentiment echoed by multiple CISOs and adjust both protective and resilience measures accordingly. The speed at which attackers can now operate – moving from initial intrusion to a full system compromise in minutes – renders patching schedules of days or even weeks obsolete.
The rise of “agentic AI” – autonomous systems capable of interpreting data, making decisions, and executing tasks with limited human intervention – is reshaping the scale and velocity of cyber threats. According to recent data, 54 percent of Chief Information Security Officers (CISOs) report feeling unprepared for AI-powered threats. This lack of preparedness is compounded by the fact that 55 percent of organizations have already experienced a cyberattack, ransomware infection, or compromise that rendered endpoint devices inoperable in the past year.
The challenge isn’t simply the emergence of new attack vectors, such as prompt injection and model poisoning, but also the sheer volume and sophistication of attacks. Attackers can now launch thousands of automated phishing attempts per second, dynamically adapting each attempt to maximize its effectiveness. The Global Cybersecurity Outlook 2026 reinforces this urgency, with 94 percent of respondents identifying AI as the single biggest driver of change in cybersecurity over the next year.
However, the emergence of agentic AI also presents opportunities for bolstering cybersecurity defenses. Autonomous agents can automate the process of identifying and closing security gaps that humans often miss, potentially achieving near-100% compliance by continuously reasoning through failure cases and resolving vulnerabilities. This requires, however, “complete visibility and control over endpoints,” and an “unbreakable tether” to devices, allowing defenders to remain proactive rather than reactive.
The shift in attacker speed is also impacting recovery times. Currently, 87 percent of CISOs report requiring between one and 14 days for full remediation and recovery following a successful attack. In a world where attackers can escalate privileges in minutes, even a single day of downtime represents a significant strategic failure. Traditional recovery methods, often reliant on manual processes like reimaging devices, are proving inadequate.
A key element in addressing this challenge is firmware-level persistence, which maintains a connection to devices even when the operating system or other tools are compromised. This allows for rapid, remote recovery at scale, minimizing downtime and operational disruption. The role of security leaders is also evolving, with 72 percent now responsible for leading business continuity recovery following a cyberattack, rather than solely focusing on prevention and risk mitigation.
The expectation is no longer simply to restore operations, but to “come back stronger and more secure,” a concept known as anti-fragility. This requires a shift in key performance indicators (KPIs), with recovery time becoming as important as, or even more important than, prevention. The organizations that succeed will be those that can harness the power of agentic AI while simultaneously building the governance, oversight, and cyber resilience needed to stay ahead of machine-speed attackers.
