Brief IA

AI Attacks: Strengthening Corporate Defenses by 2026

🤖 Models & LLM·Tom Levy·

AI Attacks: Strengthening Corporate Defenses by 2026

AI Attacks: Strengthening Corporate Defenses by 2026
Key Takeaways
1Cyberattacks are accelerating, prompting companies to automate their defenses.
2Mandiant reveals that the average time to exploit a vulnerability is now seven days.
3In 2025, 52% of intrusions were detected internally, compared to 43% in 2024.
💡Why it mattersCompanies need to adapt their security strategies to counter increasingly rapid and sophisticated cyberattacks.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The Rapid Evolution of Cyberattacks

Cybercriminals are continuously refining their methods, making attacks on corporate networks faster and more complex. IT professionals must therefore constantly enhance their skills to combat these threats in 2026.

A Race Against Time

In the field of cybersecurity, a paradox emerges: while attackers use machines to operate at speeds unattainable by humans, targeted companies increasingly rely on automated systems to detect and repel these intrusions. However, despite this growing automation, humans remain at the heart of the battle, often considered the weakest link. This is revealed in the latest report from Mandiant, an American cybersecurity firm integrated into Google Cloud, specializing in investigating major security breaches.

Corporate Networks Under Pressure

Today's corporate networks are largely distributed and engage partners through software services. Cybercriminals have adopted a similar approach, employing a "division of labor." An initial group uses low-impact techniques, such as malicious ads or fake browser updates, to infiltrate a network. They then pass the compromised target to another group for more direct access. This strategy unfolds at an alarming pace. In 2022, Mandiant reported that the "transfer time" between these groups exceeded 8 hours. By 2025, this delay had been reduced to an average of just 22 seconds. Furthermore, the average time to exploit zero-day vulnerabilities has dropped to seven days, even before vendors can release a patch.

The Different Types of Attackers

Mandiant identifies two main categories of groups conducting "manual operations" within compromised networks. Cybercriminals seek quick financial gain, often through ransomware, while espionage groups aim for stealthy and prolonged access. The former focus on immediate impact and denial of recovery, while the latter, more sophisticated, bet on extreme persistence, using unmonitored peripheral devices and native network features to evade detection. On average, the "dwell time" of attackers, which is the duration between intrusion and detection, is 14 days. However, espionage incidents can last much longer, with a median dwell time of 122 days.

Intrusion Vectors

Nearly one-third of detected intrusions stem from exploits. Highly interactive voice social engineering is the second most common vector, often targeting IT help desks to bypass multi-factor authentication (MFA) and gain access to software service environments. The increasing use of AI for reconnaissance, social engineering, and malware development is also on the rise. Once a network is compromised, attackers use AI to automate the collection of sensitive data. For example, the data thief QUIETVAULT has been observed checking targeted machines for AI command-line tools to execute predefined tasks, such as searching for configuration files and collecting GitHub and NPM tokens.

Corporate Response

Fortunately, companies are also becoming smarter in their response to cyber threats. In 2025, 52% of organizations detected evidence of internal malicious activity, an improvement from 43% in 2024. This increased ability to quickly identify intrusions allows for an earlier start to the recovery process.

Strengthened Defense Strategies

In the face of increasingly sophisticated attackers, IT professionals must elevate their skill levels. Mandiant recommends advanced training for employees and support staff to recognize modern attack vectors, such as social engineering attacks using voice tools and messaging applications, as well as unauthorized MFA reset requests.

Other defense strategies include changes to network infrastructure:

  • Treat virtualization and management platforms as level 0 assets with strict access constraints.
  • Decouple backup environments from the corporate Active Directory domain and use immutable storage to counteract the destruction of recovery capabilities.
  • Deploy advanced threat detection across the entire ecosystem and extend log retention policies well beyond the standard 90-day windows.
  • Regularly audit SaaS integrations and route all SaaS applications through a central identity provider (IdP).
  • Implement behavior-based detection models that flag abnormal activities and deviations from established norms.

In conclusion, Mandiant researchers emphasize that "identity is the new perimeter." It is no longer sufficient to rotate passwords and enforce MFA. Strengthening identity controls and shifting to continuous identity verification, especially with third-party vendors, is now essential.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.