SAN FRANCISCO — Industry experts at the 2026 RSA Conference are sounding alarms about the rapid acceleration of cyber threats driven by artificial intelligence (AI). Kevin Mandia, founder of AI security company Armadin, Morgan Adamski, former executive director of U.S. Cyber Command, and Alex Stamos, chief security officer at Corridor and former executive at major tech companies, warned that the next two to three years could mark unprecedented disruption in cybersecurity.
AI Accelerates Vulnerability Discovery
The experts highlighted that AI systems are identifying software vulnerabilities far faster than organizations can patch them. “We are at an inflection point that is going to be pretty insane,” Stamos said, noting that AI-generated exploits could soon flood the threat landscape. Mandia described the situation as a “perfect storm” favoring attackers in the near term.
Stamos explained that AI has already found flaws in decades-old, widely reviewed software, including core Linux kernel code, demonstrating a level of insight humans could not achieve. As AI models improve, they could generate sophisticated exploits capable of bypassing modern security protections, potentially on demand.
AI Agents Operate Beyond Human Scale
Mandia emphasized that AI-driven attack agents operate far beyond human capabilities. Unlike human hackers, these agents can launch attacks across hundreds of simultaneous threads, evade detection in under an hour, and analyze network data and technical documentation in microseconds.
In recent tests, Armadin found either remote code execution vulnerabilities or data leakage paths in every application tested at a Fortune 150 company, highlighting the scale and speed at which AI can compromise systems. “If we let the animal out of the cage today, nobody’s ready for it,” Mandia said.
Defensive Challenges and Organizational Pressure
Defenders face compressed timelines for patching and response, while corporate boards demand rapid AI adoption, often with staffing reductions, Adamski noted. Traditional compliance and security frameworks are struggling to keep pace with the speed of AI-driven attacks.
Stamos warned that AI will democratize exploit development, allowing individuals worldwide to generate advanced exploits as easily as elite researchers once could. “Patch Tuesday, exploit Wednesday,” he said, summarizing the emerging reality.
National Security Implications
The experts also raised concerns about nation-state AI capabilities. Mandia stated that current offensive AI programs in modern nation-states may represent less than half of their potential, leaving room for rapid escalation. Stamos added that adversaries like Russia can accelerate learning through frequent ransomware campaigns, giving them operational advantages over U.S. defenses.
Looking Ahead: Defense Must Evolve
While AI could eventually enhance defensive cybersecurity—through autonomous response systems and scalable security testing—the panel warned that organizations must act immediately to modernize infrastructure. Refactoring software into type-safe languages and adopting formal methods could take at least two years.
Mandia emphasized that traditional incident response will no longer suffice. “You’re going to have to be able to respond at machine speed,” he said, highlighting the urgency of autonomous defensive systems capable of immediate action.
Adamski summarized the looming threat: “AI is going to potentially make us pay for the sins of yesterday.”
