Artificial intelligence (AI) is accelerating cyberattacks at a pace many enterprises are structurally unprepared to match, widening a critical gap between threat detection and response.

As attackers automate intrusion techniques and compress timelines from weeks to hours, chief information officers (CIOs) and chief information security officers (CISOs) face a growing execution problem. Organizations understand the risks but cannot act fast enough to mitigate them.

“The way that attackers are leveraging AI today is to take the drudgery out of attacking organizations. They automate all of the different steps within the attack path, and they can operate 24/7 at scale,” Gavin Millard, Vice President of Intelligence at Tenable, told TechJournal.uk in an interview.

“If you’ve got something measured in minutes from an attacker perspective and the mitigation is measured in weeks or months, we’re going to have a big problem,” he said.

This imbalance reflects what security leaders describe as “active inertia,” where enterprises recognize cyber risk but remain constrained by legacy workflows, manual prioritization, and fragmented visibility.

Attackers are not changing their playbook. They are industrializing it. AI is used to automate reconnaissance, identify weak points, and execute attacks continuously without human intervention.

“These AI-powered attacks aren’t novel and they aren’t indefensible. They use the same methodologies attackers have used for years, but they’re automated and amplified,” Millard said.

The shift has significantly reduced the window for defenders. The average time from vulnerability disclosure to exploitation has collapsed from months to days, and in some cases to hours, leaving little margin for traditional remediation cycles.

Millard attended the Cloud and Cybersecurity Expo, part of Tech Show London, on March 4–5.

Shifting priorities

Tenable, founded in 2002 and headquartered in Columbia, Maryland, is best known for creating the widely used Nessus vulnerability assessment technology. The company has expanded into exposure management, extending visibility beyond traditional scanning to include identity, cloud, external attack surfaces, and operational technology (OT), with a focus on prioritizing the risks most likely to be exploited.

“Traditional vulnerability management really just looks at Windows boxes and network devices, whereas exposure management includes identity, external attack surface, cloud infrastructure, and even OT devices,” Millard said.

The challenge is not only visibility but prioritization. Security teams face an overwhelming number of vulnerabilities, yet only a small fraction are actively exploited.

“About 300,000 vulnerabilities have been disclosed over the years, and around 56% are critical or high. The reality is attackers are only using a very small number of those, and we prioritize about 1% as likely to be targeted,” he said.

This approach enables organizations to focus resources on the exposures that matter most, rather than attempting to remediate everything.

It also highlights a broader operational issue. Many enterprises still rely on ticketing systems and manual workflows that cannot keep pace with machine-driven attacks.

Hygiene gaps

Many high-profile cyber incidents originate from basic operational failures rather than sophisticated techniques.

Millard pointed to phishing as a common entry point and said its effectiveness often reflects gaps in foundational controls.

“Phishing is often just the entry point. If your controls are working properly, users shouldn’t even see those emails in the first place,” he said.

He said effective defense depends on consistent execution of core practices, including patching, filtering, and identity protection.

“To defend against phishing, you have to have a multi-layered approach. You need to make sure your endpoints are up to date, have good email filtering, and use multi-factor authentication so credentials are harder to take advantage of,” he said.

In practice, these measures remain unevenly implemented, particularly in large enterprises with complex environments, creating persistent entry points for attackers.

Ransomware is often less a result of advanced tactics than accumulated weaknesses across these basic controls.

Expanding attack surface

The rapid adoption of AI tools is introducing new forms of exposure, often without sufficient governance or visibility.

“People don’t know where AI is. They don’t know the browser plugins using AI or where someone has installed tools like Claude to generate content,” Millard said.

This lack of oversight creates risks ranging from data leakage to unauthorized automation of sensitive processes.

Prompt injection has emerged as a key concern, enabling attackers to manipulate AI systems to reveal information or perform unintended actions.

“Prompt injection is manipulating the prompt to get the AI to do something it’s not designed to do or to reveal information it shouldn’t,” he said. The issue is compounded by the use of experimental tools inside corporate environments.

“Some people install tools like OpenClaw on corporate systems, and it’s really important organizations know where that is and who’s running it,” he added.

Such deployments can bypass established controls and reinforce the need for continuous discovery and governance of AI usage across the enterprise.

OpenClaw, formerly Moltbot and Clawdbot, is an open-source, self-hosted agentic AI platform that acts as a personal assistant executing tasks autonomously. Unlike traditional chatbots, it can manage emails, browse the web, edit files, and control services through interfaces like Slack and WhatsApp. Its rapid adoption has raised security concerns, with experts warning its broad permissions, limited safeguards, and unvetted plugins could expose sensitive corporate data and systems.

Beyond compliance

Regulatory frameworks such as the EU AI Act are beginning to address AI risks, but they remain misaligned with the pace of threat evolution.

“Compliance is not security. It’s slow and doesn’t adapt to technology very effectively,” Millard said.

He said organizations should treat compliance as a baseline rather than a primary defense mechanism.

“If organizations are waiting for compliance to improve their AI security, they’re going to have a bad time. They need to be ahead of it,” he said. “Cybersecurity is now one of the top business risks, and organizations are willing to invest because the impact of an incident can be business-ending.”

Machine-speed defense

Enterprises face increasing pressure to move from reactive security models to automated, intelligence-driven operations.

Millard said the core issue is execution, as many organizations still depend on manual processes that cannot keep pace with automated attacks.

“If you’ve got something that’s measured in minutes from an attacker perspective, and defenders are using human-driven processes like prioritization and ticketing, that gap is where the real risk sits,” he said.

He said organizations must rethink remediation, shifting from lengthy workflows to faster, automated responses driven by contextual data.

“We don’t want to give teams a 300-page report of issues. You want to give them three things they need to fix today and the actions to take to fix them,” he said.

This requires tighter integration between security and IT operations so teams can move from identifying risks to resolving them in near real time.

Rather than attempting to fix everything, enterprises are focusing on exposures most likely to be exploited, supported by automation that reduces response times from weeks to hours.

On March 24, Tenable unveiled Tenable Hexa AI, an agentic AI engine within its Tenable One Exposure Management Platform designed to automate security workflows and convert exposure intelligence into coordinated action to reduce cyber risk.

The launch reflects a broader shift in the threat landscape. AI-driven attacks and faster vulnerability discovery are expanding the attack surface faster than teams can respond, while fragmented tools and a mix of human and automated workflows make coordinated action harder and keep many organizations in reactive cycles.