In 2022, when attackers compromised an enterprise network, the average time before they handed off access to a secondary attack group was more than eight hours. By 2025, that window had collapsed to an average of just 22 seconds.
That single statistic from Mandiant's 2025 global threat report captures the shift better than any trend deck. The attack lifecycle — from initial compromise to active exploitation — has been compressed to the point where human-speed detection and response simply cannot keep up. And the tools driving that compression are the same tools defenders are scrambling to adopt: artificial intelligence.
This is not a theoretical risk. It is the operational reality of enterprise security in 2026. Here is what the data shows, and what defenders can do about it.
The New Attack Architecture: Division of Labor at Machine Speed
The most important structural change in the modern threat landscape is not a new piece of malware — it is a business model. Attackers have adopted a division-of-labor model that mirrors legitimate SaaS operations. One group handles initial access using low-impact, high-volume techniques: malicious advertisements, fake browser update prompts, and voice-based social engineering targeting IT help desks. Once they have a foothold, that access is packaged and sold or handed off to a secondary group for hands-on exploitation.
In 2022, that handoff window averaged more than eight hours. In 2025, Mandiant measured it at 22 seconds on average. That is not a marginal improvement in attacker efficiency — it is the difference between a detection window and no detection window at all.
By the numbers (Mandiant 2025 threat report): Mean time to exploit zero-day vulnerabilities has dropped to 7 days — before most vendors have shipped a patch. Average dwell time across all intrusions is 14 days. For cyber espionage incidents specifically, that median dwell time stretches to 122 days.
Two distinct attacker profiles dominate the secondary access market. Cybercriminal groups optimize for immediate financial impact — ransomware, extortion, and increasingly, active destruction of backup infrastructure to prevent recovery. Espionage groups play the opposite game: long-term, low-noise persistence, using unmonitored edge devices and native network tools to avoid triggering alerts for months at a time.
AI Is Already in the Attacker's Toolkit
Despite the headlines, AI is not yet the direct cause of most breaches. Mandiant's assessment is clear: the vast majority of successful intrusions in 2025 still stemmed from fundamental human and systemic failures — unpatched systems, weak MFA implementation, undertrained help desk staff. AI is accelerating and scaling those failures, not replacing them.
What AI is doing on the attacker side is significant, though. Mandiant documented a credential stealer called QUIETVAULT that, after gaining access to a system, scanned for AI command-line tools and executed predefined prompts to locate configuration files and harvest GitHub and NPM tokens. The attacker was using the victim's own AI tooling against them.
More broadly, attackers are deploying AI for three functions that previously required significant human effort: reconnaissance (mapping networks and identifying high-value targets at scale), social engineering (generating convincing phishing content and real-time voice impersonation), and malware development (writing and debugging exploit code faster than human analysts can analyze it).
About 16% of breaches in 2025 involved AI-powered attack components — phishing and deepfakes chief among them. That figure is up from near zero two years ago. The trajectory is clear.
Ransomware Is Now Targeting Recovery, Not Just Data
The ransomware playbook has evolved beyond data encryption. The new goal is recovery denial. Ransomware groups are actively deleting backup objects from cloud storage and targeting the virtualization storage layer directly — encrypting hypervisor datastores to render all associated virtual machines inoperable simultaneously. When the backup infrastructure is gone, the leverage is complete.
This shift changes the economics of incident response entirely. Paying the ransom was always a bad option. Now it may be the only option for organizations that have not invested in immutable, air-gapped backup strategies that ransomware cannot reach.
What recovery-denial ransomware means for your backup strategy
Cloud-connected backups that an attacker can reach from a compromised endpoint are not safe. Effective backup infrastructure in 2026 requires offline or immutable copies (e.g., object storage with object lock enabled), tested restoration procedures, and backup systems on isolated network segments that production credentials cannot reach.
The Good News: Internal Detection Is Improving
Not all of the data runs in the attacker's favor. Across Mandiant's 2025 investigations, 52% of organizations first detected evidence of malicious activity internally — up from 43% in 2024. That is a meaningful improvement. Internal detection means faster response, shorter dwell times, and significantly reduced breach costs.
The average cost of a data breach in 2025 was approximately $4.4 million. Organizations with mature internal detection capabilities consistently land well below that average. The investment in visibility pays off.
5 Ways to Harden Your Defenses Against the New Attack Speed
Mandiant's defensive recommendations center on structural changes — not just better tools, but different assumptions about how attacks arrive and how fast they move. Here is how to operationalize them.
1. Train Help Desks for Social Engineering at Scale
Voice-based social engineering targeting IT help desks is now the second most common intrusion vector. Attackers call in as employees, claim to be locked out, and request MFA resets. The help desk, trained to be helpful, complies — and the attacker has initial access to a SaaS environment.
This requires specific training, not general security awareness. Help desk staff need a rigid verification protocol for any MFA reset request: callback to a known number (not the number provided by the caller), manager escalation for resets on privileged accounts, and zero tolerance for urgency-pressure tactics that bypass the process.
2. Segment the Network — Including SaaS Integrations
Modern enterprise networks extend far beyond the office perimeter. SaaS platforms, partner integrations, and cloud workloads are all reachable from a compromised endpoint. Network segmentation needs to account for that reality — limiting lateral movement not just across on-premise VLANs but across identity and access boundaries in cloud environments.
The principle is least-privilege access applied consistently: a compromised sales team credential should not be able to reach developer tooling, backup systems, or financial data. Zero trust architecture enforces this at the identity layer rather than relying on network topology alone.
3. Compress Your Patch Window — Especially for Edge Devices
Mean time to exploit for zero-day vulnerabilities now averages seven days. That is your patch window. For internet-facing systems and edge devices — firewalls, VPN concentrators, load balancers — a seven-day patch cycle is the bare minimum. Many organizations are running 30-day or quarterly cycles for these systems. That is not a patch cycle; it is an open invitation.
Unmonitored edge devices are the preferred persistence mechanism for espionage groups precisely because they are rarely patched and rarely monitored. Treat them as high-priority attack surface.
4. Deploy Behavior-Based Detection, Not Just Signature Matching
Signature-based detection tools catch known malware. They do not catch attackers using living-off-the-land techniques — native system tools like PowerShell, WMI, and scheduled tasks that look identical to legitimate admin activity until you analyze the behavioral pattern.
Behavior-based detection looks at what an account or process is doing relative to its normal baseline: unusual data access patterns, lateral movement across systems the account does not normally touch, credential enumeration, shadow copy deletion. These anomalies are detectable before data is exfiltrated or ransomware is deployed — but only if you have the telemetry to see them.
5. Build and Practice an Incident Response Playbook
When a breach is detected, the speed of your response matters as much as the quality of your defenses. Organizations with a practiced incident response playbook — clear roles, pre-authorized containment actions, communication templates — consistently limit breach scope compared to those improvising under pressure.
The playbook should cover at minimum: initial containment triggers, escalation paths, external communication (customers, regulators, law enforcement), and evidence preservation for forensic investigation. Run a tabletop exercise against it at least annually.
The defender's asymmetry: Attackers only need to succeed once. Defenders need to succeed every time. The only way to close that gap is automation — AI-driven detection and response tools that can match the machine speed of modern attacks. Human-speed SOC operations are no longer sufficient as a primary defense layer.
The Bottom Line
The 2025 threat landscape is not more of the same — it is qualitatively different. The compression of the attack lifecycle to seconds, the adoption of AI for reconnaissance and social engineering, and the targeting of backup infrastructure represent a structural shift that incremental improvements to existing defenses will not address.
The organizations keeping pace are investing in three things simultaneously: internal visibility (so they detect intrusions faster), structural hardening (segmentation, zero trust, immutable backups), and human training that specifically addresses the new social engineering playbook. None of these is a product you can buy and deploy. All of them require deliberate operational change.
52% of organizations now detect breaches internally before external notification. That number needs to be 100%. The gap between 52% and 100% is where the work is.
Further Reading
Want to go deeper? These resources are worth bookmarking:
- ZDNet — 5 Ways to Harden Your Network Against the New Speed of AI Attacks — the original Mandiant-based reporting this post draws on.
- SecurityWeek — Cyber Insights 2026: Malware and Cyberattacks in the Age of AI — broader coverage of how agentic AI is reshaping the malware landscape.
- SentinelOne — How to Prevent AI-Powered Cyber Attacks — practical, tool-level guidance on AI-driven threat detection and response.
- Barracuda Networks — Agentic AI: The 2026 Threat Multiplier — covers how agentic AI is being weaponized and what network-level controls help contain it.
- CISA — Cyber Threats and Advisories — CISA's continuously updated advisory feed covering active exploits, zero-days, and attacker techniques. Bookmark this and check it weekly.
Want to Run a More Secure AI Setup?
The OpenClaw Field Guide covers security hardening, prompt injection defense, credential management, and network policy in detail — 14 chapters, 58 pages, built for practitioners.
Get the Field Guide — $10 →