Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI speed campaigns in the DIB: is manual defense already broken?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: AI-enabled offense is collapsing time-to-exploit, with Anthropic reporting one campaign against 30 organisations where the agent executed 80 to 90 percent of operational steps autonomously, while Microsoft and Chrome shipped 165 and 127 fixes in recent release cycles. The defender's real problem is no longer visibility alone but whether governance, identity, and response can move at machine tempo.

NHIMG editorial — based on content published by Secureframe: The Adversary Is Already Inside, former NSA director Rob Joyce on why the DIB can't afford to defend at human speed

By the numbers:

Questions worth separating out

Q: What breaks when DIB security teams still rely on human-speed defense?

A: Human-speed defence breaks when attackers can scan, exploit, and move laterally in hours rather than days.

Q: Why does AI-enabled offense change Zero Trust planning?

A: AI-enabled offense changes Zero Trust planning because trust assumptions must be checked continuously, not assumed after network entry.

Q: What do security teams get wrong about CMMC readiness?

A: Teams often treat CMMC as a documentation exercise instead of an operating model.

Practitioner guidance

  • Map where CUI actually lives Inventory repositories, file shares, collaboration tools, and external services that store controlled unclassified information, then assign explicit owners for each location.
  • Harden identity before the next exploit wave Enforce phishing-resistant MFA on every account, remove exception paths, and eliminate stale accounts that persist after staff departure.
  • Move from annual tests to continuous validation Replace point-in-time assurance with continuous penetration testing, drift detection, and evidence generation for the systems that handle CUI.

What's in the full article

Secureframe's full blog covers the operational detail this post intentionally leaves for the source:

  • The article's full discussion of Rob Joyce's six recommended actions for DIB organisations, including where to start first.
  • The way Secureframe frames CMMC as a floor rather than a ceiling, with more detail on operational sustainment.
  • The article's examples of Volt Typhoon, Salt Typhoon, and AI-enabled offensive tooling in context.
  • The original summit framing and the article's additional commentary on AI-driven defence maturity.

👉 Read Secureframe's analysis of AI-enabled offense and DIB defence readiness →

AI speed campaigns in the DIB: is manual defense already broken?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

AI speed campaigns invalidate the assumption that defenders can review and respond on human timelines. The article's core point is not simply that attackers are faster. It is that the operating model of many defence programmes still assumes inspection, escalation, and remediation will happen slowly enough to be meaningful. That assumption fails when discovery, exploitation, and follow-on actions can be automated across many targets at once. The implication is that identity governance must be built for continuous state change, not periodic review.

A few things that frame the scale:

  • 69% of organisations now have more machine identities than human ones, according to The Critical Gaps in Machine Identity Management report.
  • 57% of organisations lack a complete inventory of their machine identities, which is why access mapping and ownership are still breaking down at scale.

A question worth separating out:

Q: Who is accountable when AI-assisted attackers exploit supplier environments?

A: Accountability sits with the organisation that owns the CUI path, not only with the largest prime contractor. The supply chain reality described in the article means smaller suppliers, MSPs, and business owners all influence exposure. Governance must define ownership for data, identity, and containment boundaries before the attacker does.

👉 Read our full editorial: AI speed campaigns are outpacing DIB defense and CMMC readiness



   
ReplyQuote
Share: