In 2025, artificial intelligence (AI) was everywhere. While we maintain in the 2026 Threat Detection Report that AI favors defenders, it’s also helping lower the barrier of entry to conduct cyber attacks. To counter this, organizations need to implement defense-in-depth strategies, including identity controls and continuous threat monitoring. Meanwhile, as AI adoption grows, security teams need to proactively vet new tools and manage supply chain risks to protect their own AI systems from becoming targeted.
Defending against AI: AI-powered threats
We see the rise of AI-powered threats as more of an evolution in speed and automation than a revolution in attack methodology. Over the last year, adversaries—including nation-state actors from Iran, China, and North Korea—have leveraged large language models (LLMs) and Model Context Protocol (MCP) servers as force multipliers. In one campaign identified by Anthropic, a Claude AI model was used to automate 80-90 percent of tactical operations, effectively lowering the barrier of entry for complex cyber espionage.
While AI allows adversaries to execute reconnaissance, vulnerability research, and phishing with unprecedented velocity, the underlying techniques, including credential theft and data exfiltration, remain the same. From a defensive standpoint, the “signals” remain the same, too; defending against these threats doesn’t require a radical departure from established security frameworks. Instead, it demands a “back to the basics” approach, utilizing automation to match the adversary’s pace.
As outlined in the 2026 Threat Detection Report, embracing the core tenets of information security—the same way you’d defend against non-AI threats—remains the most effective shield against automated campaigns.
To protect your environment from AI-powered tradecraft, focus on the following:
- Enforce least privilege: Limit the permissions granted to both human users and AI agents to prevent lateral movement and unauthorized data access.
- Adopt defense in depth: Layer your security controls (multi-factor authentication, zero trust, network segmentation) so that if an AI automated tool bypasses one layer, others remain.
- Audit AI permissions: Regularly review permissions before deploying any MCP server to understand its scope, what actions it can perform, the data it can access, etc. As AI assistants proliferate, adversaries are likely to look to exploit them.
Defending your AI: Threats to AI infrastructure
The evolution of AI infrastructure, including MCP servers and command-line interfaces (CLIs), have introduced a complicated attack surface at many organizations. Unlike traditional software, these AI agents operate as autonomous entities capable of executing code and accessing sensitive data. This integration, often in development environments and cloud resources, means that a single compromise can provide an adversary with unfettered access to conduct reconnaissance, harvest credentials, and exfiltrate data across an enterprise.
Over the last year, the primary threat to AI infrastructure has revolved around model hijacking via prompt injection. By placing malicious natural language instructions in public locations like GitHub issues or documentation, attackers can trick AI agents into executing unauthorized commands. This exploits the fundamental trust relationship between the model and the data it processes. Because these agents operate autonomously with elevated privileges, a hijacked system can pivot through a network in minutes, making traditional detection difficult. Securing these environments requires treating AI infrastructure as a high-privilege system. Organizations should move beyond basic implementation to a strategy of defense in depth—combining technical controls like container isolation and OAuth-based authentication with rigorous supply chain management. By centralizing model access and auditing third-party tools, security teams can regain visibility and limit the potential blast radius of an automated attack.
To protect your organization’s AI infrastructure from threats, implement these security controls:
- Enforce least privilege: As mentioned above, treat AI agents as privileged users; restrict their filesystem and network access to the absolute minimum required for their tasks.
- Secure your credentials: Move away from long-lived API keys. Use secrets management tools and implement short-term, scoped credentials to prevent harvesting.
- Vet your supply chain: Maintain an internal registry of approved MCP servers and audit their code before deployment rather than allowing arbitrary third-party installs.
- Segment AI environments: Ensure agents that process public data (like web scrapers) or handle external APIs are isolated from those with access to sensitive internal repositories.
Defending with AI: Human-guided AI agents
Over the past year, defenders further leveraged intelligent systems, particularly AI agents, to quantifiably improve the speed and consistency of security operations without compromising accuracy.
AI agents have become an important tool in SOC work because, unlike rigid traditional automation methods, they can dynamically adapt to new data and investigation contexts. This allows SOCs to offload tedious context gathering and initial assessments, freeing up human analysts to focus on complex problem-solving. Organizations in 2025 relied on AI agents to achieve faster threat detection, follow through on more consistent investigations, and yield higher-quality security outcomes by leveraging human expertise more effectively.
The application of AI in security has matured significantly with the emergence of human-guided AI agents. These non-autonomous agents have become more tightly integrated into specific SOC workflows to gather context and perform assessments. This development has helped reduce investigation times in some scenarios from 30+ minutes to under two minutes, accelerating threat detection and response while maintaining high accuracy through human validation.
Organizations looking to better integrate AI in their SOCs should look to implement non-autonomous AI agents within tightly controlled workflows, ensuring humans remain in the loop for critical approvals and oversight.
Here’s how to get started with agentic security operations:
- Map existing processes to identify repetitive tasks suitable for AI agents and translating these into prompts for agents.
- Continuously refine and train agents using feedback from human analysts, treating them like new hires in a probationary period to ensure accuracy and improve performance over time.
- Prioritize clear security goals and quality data as the foundation for training your agents, ensuring outputs are trustworthy.
View the 2026 Threat Detection Report to see the full data behind these findings.
Read More from This Article: The state of AI security in 2026
Source: News