Rational Security in the AI Era: How Attackers Are Evolving and How We Must Respond

Posted on by
Reply

The weaponization of artificial intelligence by cybercriminals and nation-state actors has crossed a critical inflection point. We no longer live in a world where we can rely solely on traditional perimeters; the threat landscape has fundamentally shifted into what we might call “Extremistan,” where the speed and scale of attacks demand a completely new level of resilience.

SadKitty

At MicroSolved, our mission is to provide rational cybersecurity for an irrational world. To do that effectively, we must look unflinchingly at the data.

The Problem and the Metrics

The numbers tell a stark story of industrialization at machine speed. According to recent threat reports, AI-enabled adversaries increased their attack volume by 89% year-over-year. More concerning is the velocity: the average eCrime breakout time has collapsed to just 29 minutes, with the fastest recorded intrusion moving from initial access to lateral movement in a staggering 27 seconds.

The financial impact is equally severe. The FBI IC3 recorded over 22,000 AI-related complaints with adjusted losses exceeding $893 million in 2025 alone, including tens of millions lost to AI-enabled Business Email Compromise (BEC). AI is accelerating attack speeds by 4x, making human-speed incident response no longer viable.

Outdated Thinking: Moving Past “Cosmetic AI”

For too long, the industry has held onto an outdated mental model of AI threats. Many still believe AI is simply a tool for writing better phishing emails with fewer typos—what we classify as “Cosmetic AI”. There is also a persistent myth that attackers are abandoning their existing infrastructure to build standalone, “magic” AI malware from scratch.

This thinking optimizes for failure. The reality is that AI is becoming a criminal workflow-compression layer designed to attack organizational trust, identity, and decision processes. Criminals aren’t reinventing the wheel; they are embedding AI into repeatable fraud and intrusion workflows. As the saying goes in the underground market: they don’t build the gun—they sell the bullets.

Walkthrough: Attacker Mental Models

The mental model of the contemporary adversary has shifted from tool user to orchestrator. They act as conductors, managing an orchestra of specialist AI agents where the human sets objectives and the AI handles tactical execution. We are tracking several key mental models driving this shift:

  • Workflow Compression: Attackers use AI to shrink labor, coding, and target development from weeks down to minutes.
  • Trust-Boundary Arbitrage & Verification-Gap Exploitation: Adversaries target the weakest points in business processes—exploiting places where humans still implicitly trust a voice, a video call, an invoice, or an HR interview.
  • Agentic Delegation: Moving beyond simple automation, attackers delegate entire phases of the attack lifecycle to semi-autonomous AI agents that plan, adapt, and persist across multiple days.
  • Synthetic Identity Supply Chains: AI turns fake personas into repeatable assets, generating fake applicants, vendors, and executives at scale.

Walkthrough: Attacker Systems

These mental models manifest in highly effective, real-world attack systems that target critical business workflows:

  • Multi-Modal BEC and Deepfake Fraud: Attackers have evolved from text-based deception to deepfake video and voice cloning. In one defining incident, a finance worker transferred $25.6 million after joining a video conference populated entirely by AI-generated likenesses of their colleagues.
  • Synthetic Remote Worker Infiltration: North Korean IT operatives submit hundreds of applications daily using AI-generated resumes, portfolios, and face-swapping technology during live interviews to infiltrate Fortune 500 companies and establish long-dwell access.
  • Autonomous Exploit Development: Threat actors are building structured laboratory environments where AI agents autonomously read security research, write exploits, and test them against live EDR products to develop evasion techniques.
  • AI-Surface Abuse (The A5 Frontier): Attackers are actively targeting the AI systems your organization deploys. Through prompt injection and agent goal hijacking, adversaries manipulate internal enterprise copilots and RAG pipelines to exfiltrate data and establish persistence.

Walkthrough: Attacker Tools

Avoid getting distracted by the marketing hype of the dark web. The most consequential tools in the attacker arsenal are often the exact same tools your enterprise uses:

  • Jailbroken Commercial LLMs: The dominant attacker tooling is not purpose-built criminal AI, but jailbroken access to legitimate commercial models via prompt injection and API abuse.
  • Agentic Attack Frameworks (MCP Abuse): Attackers abuse the Model Context Protocol (MCP) to connect AI agents to traditional penetration testing tools like Cobalt Strike and Metasploit, creating highly adaptive attack orchestration.
  • Voice and Video Cloners: Tools that can clone a convincing executive voice from just a few seconds of public audio and deploy it in real-time.
  • Uncensored and Criminal LLMs: While tools like WormGPT and FraudGPT exist to bypass ethical guardrails, actors are increasingly moving toward locally hosted, open-source unaligned models to avoid API kill switches and monitoring.

Strategic Milestones: What Organizations Should Do

You are not safe just because nothing has happened recently. A network with zero incidents might just be the Thanksgiving turkey—fed and happy right up until the butcher arrives. To survive in this environment, organizations must adopt a rational, holistic immune system approach.

Here are the strategic milestones organizations must target:

  1. Transition to Identity-First, Zero-Trust Architecture: Identity is the primary battlefield, accounting for 65% of initial access. Passwords are no longer sufficient. Organizations must mandate phishing-resistant MFA, rigorous Identity and Access Management (IAM), and continuous monitoring to limit the blast radius of any single compromised credential.
  2. Re-engineer Business Verification Workflows: Process must supersede human vigilance. Only 0.1% of people can consistently identify a deepfake. Therefore, wire transfers, vendor bank changes, and remote hiring cannot rely on visual or audio trust alone. Implement strict, out-of-band verification processes tied to known, historical contact information.
  3. Deploy Agentic IAM and AI Governance: As you deploy internal AI copilots and agents, you are expanding your attack surface. Treat enterprise AI agents like high-risk employees. Implement strict privilege limits (Agentic IAM), establish robust logging for AI tool invocations, and aggressively test these systems for prompt injection vulnerabilities.
  4. Automate Containment: With breakout times under 30 minutes, human-speed incident response is obsolete. Organizations must invest in continuous monitoring and automated containment solutions that can isolate threats at machine speed.

How MicroSolved, Inc. Can Help

For nearly 30 years, the team at MicroSolved has made security our life’s work. We don’t exaggerate risks or rely on fearmongering; we rely on experience, ethics, and a commitment to excellence. We understand that adapting to these AI-driven threats can feel overwhelming, but the best strategy isn’t to avoid failure—it’s to become antifragile and get stronger through rational preparation.

We can help you navigate this transition. Whether you need a rational risk assessment to identify vulnerabilities in your business workflows, tabletop exercises to test your team’s response to deepfake BEC scenarios, or the deployment of our proprietary HoneyPoint™ Security Server to silently detect intruders inside your network, our engineers offer deep technical knowledge and world-class analysis.

Relax. We’re on watch.

If you are ready to build a more resilient infrastructure that stands up to the most irrational threats, we invite you to start a conversation with us.

Contact Us Today: Reach out to the MicroSolved team to discuss how we can help you stay safe in the AI era. Give us a call or visit our website to set up a consultation—we are here to listen, build trust, and help you protect what matters most.

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

Stop Patching Solely by Severity. Start Patching by Exploitation.

Posted on by

If your patch SLAs are still solely driven by CVSS base score, i.e., Critical in 7 days, High in 30, Medium “when we get to it”; you are optimizing for the wrong variable. The math stopped working a while ago, 2025 made it obvious, and 2026 is making it painful.

Roughly 48,000 CVEs were published in 2025, up about 20% from ~40,000 in 2024. So far in 2026, there are over 15,000 (as of mid-May), and we may well see well over the number from 2025 by the end of the year. Around 39% of those were rated Critical or High in 2025, and about 45% of 2026 CVEs are.

Worse, severity is a poor predictor of what is actually attacked. Only ~2% of published CVEs are ever exploited in the wild (768 of ~40k in 2024). CISA’s KEV catalog covers ~0.5% of all CVEs. So a severity-only program spends most of its effort on vulnerabilities no attacker will ever touch, while the handful that matter sit somewhere in the queue ranked by a number that doesn’t correlate with exploitation.

Continue reading

The Evidence Supply Chain: How CISOs Build a Cyber Materiality Data Plane Before the Incident

Posted on by
Reply

A ransomware incident does not wait for the organization chart to catch up.

At 8:17 a.m., the SOC sees encryption activity on a file server. At 8:31, operations says the plant is still running. At 8:44, finance says revenue recognition may be affected if order processing stays down past noon. At 9:02, legal asks whether customer data was accessed. At 9:18, the forensic team says it is too early to tell. At 9:23, a vendor says the outage may have started in their environment. At 9:41, communications asks whether they should prepare a holding statement.

By hour two, everyone is working hard.

But they are not necessarily working from the same reality.

That is the problem.

Cyber materiality is often discussed as a decision problem. When does a cyber event become a board-level business event? When does it become reportable? When does it become material to investors, customers, regulators, lenders, or strategic partners?

Those are important questions. Public companies, for example, must disclose material cybersecurity incidents on Form 8-K within four business days after determining materiality, including the material aspects of the incident’s nature, scope, timing, and impact or reasonably likely impact.

But underneath that decision sits a deeper problem:

Continue reading

Cyber Materiality Engineering: How CISOs Pre-Decide When Risk Becomes a Board Event

Posted on by
Reply

A ransomware incident does not stay technical for very long.

For about the first fifteen minutes, it may look like a security operations problem. A strange alert. A locked server. A suspicious authentication chain. A vendor portal behaving badly. A handful of systems no longer responding the way they should.

Then the blast radius starts to widen.

Operations wants to know whether they can keep running. Finance wants to know whether revenue recognition, cash movement, reserves, or forecasts are exposed. Legal wants to know whether notification clocks have started. The CEO wants to know what can be said, to whom, and when. The board wants to know whether this is “material.” Investors may eventually ask the same thing, only with less patience and more lawyers.

This is where many organizations discover that their cyber incident response plan is not really an enterprise decision plan. It tells people who to call. It tells the SOC how to preserve evidence. It may even have a communications tree and a sample press statement.

But it often does not answer the question that matters most in the first few hours:

Continue reading

AI Agents Are Already Working for You. Who’s Managing Them?

Posted on by
Reply

AI Agents Are Not Applications. They Are Digital Workers.

Most organizations are adopting AI agents faster than they are learning how to govern them.

That is the problem.

A chatbot that answers questions is one thing. An AI agent that can access business data, use tools, trigger workflows, generate artifacts, make recommendations, or alter enterprise state is something else entirely.

At that point, the organization is no longer just deploying software.

It is introducing a new kind of operational actor.

That actor needs identity.

It needs boundaries.

It needs oversight.

It needs evidence.

It needs a human owner.

It needs a kill switch.

In other words, AI agents must be managed more like digital workers than ordinary applications.

AIAgentBanner

Continue reading

Why My AI Agents Needed CaneCorso as a Security Control Plane

Posted on by
Reply

AI agents are powerful because they can read, reason, summarize, decide, and act across a wide range of information sources.

That is also what makes them dangerous.

The more useful an agent becomes, the more likely it is to consume data I do not fully trust. Emails. Newsletters. RSS feeds. API responses. Documents sent as attachments. Social media. YouTube transcripts. Scraped search results. Web pages. Translated content. Random bits of text pulled from places where I do not control the author, the formatting, the intent, or the payload.

That is a very different security model than the one most of us are used to.

In traditional applications, we spend a lot of time separating code from data, users from administrators, trusted networks from untrusted networks, and internal systems from the internet. With LLMs and agents, all of those boundaries start to blur. Instructions, context, content, and intent all arrive in the same stream. The model has to reason over that stream, and the agent has to decide what to do with the result.

That is exactly why I wanted a security control plane in front of my own AI agents.

For me, that control plane became CaneCorso™.

CaneCorsoAI

Continue reading

Cyber Risk Is Enterprise Value Risk : A Practical Portfolio Approach for VC and PE Firms

Posted on by
Reply

For venture capital and private equity executives, cyber security is no longer just an IT issue. It is a valuation issue, a governance issue, a revenue issue, and a portfolio resilience issue.

GenSec

There was a time when cyber security could be treated as a technical matter.

It lived with the IT team. It showed up in diligence as a paragraph buried deep in a report. It became important only when a customer asked a hard question, a regulator came knocking, or something on the network caught fire.

That time is over.

For venture capital and private equity firms, cyber risk has become enterprise value risk. It affects valuation. It affects revenue quality. It affects debt, insurance, customer trust, regulatory posture, exit readiness, and the ability of management teams to execute without being pulled into avoidable chaos.

More importantly, cyber risk is no longer limited to the portfolio company.

The investment firm itself is a high-value target.

Deal flow, confidential financials, legal strategy, investment committee material, banking relationships, limited partner communications, M&A plans, board materials, and executive correspondence all create a concentration of sensitive information. Attackers understand this. So do regulators, insurers, strategic buyers, enterprise customers, and increasingly, boards.

The uncomfortable truth is this:

Many investment firms still manage cyber risk as a fragmented collection of one-off assessments, inconsistent vendor reports, annual questionnaires, and “we’ll fix it after close” assumptions.

That approach does not scale. It does not give partners a clear view of exposure. It does not give operating teams a consistent way to prioritize improvement. And it certainly does not create the kind of defensible evidence that boards, buyers, customers, and limited partners expect when the questions get serious.

MicroSolved’s value proposition for VC and PE firms is simple:

Help reduce cyber risk, protect enterprise value, and improve portfolio resilience through practical, expert-led security assurance that scales from the fund to the portfolio.

That sounds like a mouthful, so let’s unpack it.

Continue reading

CaneCorso™ and the Real Problems AI Is Creating for the Business

Posted on by
Reply

AI didn’t sneak into the enterprise.

It walked in through productivity.

Email triage. Document handling. Support workflows. Internal copilots. Retrieval systems. Early agentic use cases. All of it made sense at the time. All of it still does.

But something changed along the way.

We didn’t just adopt AI—we embedded it into workflows that can influence decisions, expose data, and take action.

That’s where the problem starts.

And it’s exactly where CaneCorso™ is designed to operate.

CaneCorsoAI

AI Risk Isn’t a Model Problem — It’s a Workflow Problem

There’s a persistent misunderstanding in the market right now.

Most conversations about AI security still center on the model—what it knows, how it behaves, whether it can be tricked.

That’s not where the real risk lives.

The real risk shows up when:

  • Untrusted content enters a workflow
  • That workflow uses AI to interpret or transform it
  • And the output influences business operations

That content might come from:

  • Email
  • Documents
  • OCR pipelines
  • Retrieved knowledge (RAG)
  • Support tickets
  • External data sources

Once it’s in the workflow, it’s no longer just data.

It’s influence.

CaneCorso™ exists to control that influence—before it becomes an operational problem.

Continue reading

Introducing CaneCorso: An AI Application Firewall Built for Real Workflows

Posted on by
Reply

AI has officially crossed the line from experiment to infrastructure.

Email flows into copilots. Documents feed RAG pipelines. Support tickets trigger agents that can take action. The convenience is real—and so is the risk.

What hasn’t caught up is security.

Most security models were built for a world where inputs were predictable and trust boundaries were well-defined. That world doesn’t exist anymore. Today, untrusted content flows directly into systems that can reason, decide, and act.

That’s exactly where things get interesting—and dangerous.

When Good Data Carries Bad Instructions

One of the biggest misconceptions about AI security is that it’s a model problem. It’s not. It’s a workflow problem.

Attackers don’t need to break in anymore. They ride along with legitimate data—emails, PDFs, tickets, knowledge base entries—and inject instructions that your AI system may interpret as truth.

Think about what that means in practice:

  • A support ticket that contains hidden instructions
  • A PDF with embedded prompt injection
  • A knowledge base entry that poisons RAG outputs
  • An approval workflow manipulated through summarization

Layer in human behavior—blind trust, over-privileged access, weak validation—and you’ve got a system primed to fail in ways that traditional controls simply won’t catch.

CaneCorsoAI

A More Rational Approach to AI Security

CaneCorso™ takes a different path.

Instead of trying to block everything suspicious (and breaking workflows in the process), it follows what’s described in the Rational AI Security model —security that behaves more like an immune system than a wall.

That means:

  • Detecting and isolating threats without stopping the system
  • Treating all inbound content as untrusted by default
  • Preserving business continuity while reducing risk
  • Producing measurable, auditable outcomes

This isn’t theoretical. It’s a direct response to how AI systems actually behave in production.

One Control Plane for AI Workflows

At its core, CaneCorso gives you a shared AI Application Firewall—a single control plane that sits between your workflows and your models.

Instead of every team building its own brittle filters, you get consistent, reusable protection across:

  • Email triage and analysis
  • RAG pipelines and knowledge systems
  • Document AI and OCR ingestion
  • Support and ticketing workflows
  • Agent-driven automation

The platform delivers:

  • Runtime decisions: allow, sanitize, tokenize, or block
  • Privacy controls: redact or tokenize sensitive data before model exposure
  • Audit-ready logs: reasons, scores, and evidence you can actually use
  • Adversarial validation: Injection Scanner proves controls before and after deployment

This isn’t just about stopping attacks—it’s about making security operationally usable.

Continue reading

Rethinking Account Lockouts: Why 15 Minutes Isn’t a Strategy

Posted on by
Reply

There’s a moment in almost every security program where someone asks a deceptively simple question:

“Is 15 minutes a standard account lockout duration?”

The short answer? No.
The more honest answer? It’s common—but often wrong for the environment it’s deployed in.

And I’ve seen more than a few organizations learn that the hard way.

3Errors

The Myth of the “Standard” Lockout

If you go looking for authoritative guidance—from Center for Internet SecurityFFIEC, or CISA—you’ll notice something interesting:

They don’t tell you what number to use.

Instead, they consistently emphasize:

  • Risk-based decision making
  • Balancing usability and security
  • Detecting and responding to threats—not just blocking them

That’s not an accident. It’s an acknowledgment that static controls like lockouts are blunt instruments in a very dynamic threat landscape.

What We Actually See in the Real World

Across environments—financial services, healthcare, SaaS, manufacturing—the patterns are pretty consistent:

Setting Typical Range
Failed attempts before lockout 3–10
Lockout duration 5–30 minutes
Most common default 10–15 minutes

So yes, 15 minutes sits comfortably in the middle.

But “common” and “effective” are not the same thing.

Where 15 Minutes Breaks Down

1. It Punishes Users More Than Attackers

A 15-minute lockout sounds reasonable—until you multiply it.

  • A clinician locked out mid-shift
  • A call center agent missing SLAs
  • A trader unable to access systems during market hours

Now multiply that by repeated lockouts from cached credentials, mobile devices, or service accounts.

You don’t just have a security control—you have an operational problem.

2. It Doesn’t Stop Modern Attacks

Attackers have evolved. Most environments haven’t.

Today’s common attack patterns:

  • Password spraying (low-and-slow, avoids thresholds)
  • Credential stuffing (valid credentials, no lockout triggered)

A longer lockout duration doesn’t meaningfully impact either.

If anything, it gives a false sense of security while the real attack path goes untouched.

What Actually Works: A Layered Approach

This is where the conversation needs to shift—from “what’s the right number?” to “what’s the right strategy?”

1. Lockouts Are Supporting Controls—Not Primary Defenses

If you’re relying on lockouts as your main protection, you’re already behind.

At a minimum, you should be pairing with:

  • MFA everywhere it’s technically feasible
  • Conditional access (device, location, behavior)
  • Authentication throttling and smart detection

2. Tune for Risk, Not Defaults

A more balanced configuration tends to look like:

  • 5–10 failed attempts
  • 5–10 minute lockout
  • Reset counter after a defined cooldown window

This reduces user friction while still slowing down brute-force attempts.

More importantly—it acknowledges that lockouts are a speed bump, not a wall.

3. Progressive Delays Beat Hard Lockouts

One of the most underutilized strategies is progressive delay:

  • Attempts 1–2 → no delay
  • Attempts 3–5 → 30–60 second delay
  • Continued attempts → increasing delay

This approach:

  • Degrades attacker efficiency
  • Preserves user productivity
  • Avoids helpdesk spikes

It’s a far more surgical control than a blanket 15-minute lockout.

4. Detection Over Punishment

Modern security programs don’t just block—they observe.

You should be:

  • Logging all failed authentication attempts
  • Alerting on patterns (spraying, geographic anomalies)
  • Correlating identity signals across systems

Lockouts should be one signal among many—not the primary response.

Implementing This in Active Directory

Let’s get practical.

In on-prem Active Directory, you’re working primarily with Group Policy.

Recommended Baseline

In your domain or fine-grained password policy:

  • Account lockout threshold: 5–10 attempts
  • Account lockout duration: 5–10 minutes
  • Reset account lockout counter after: 10–15 minutes

Where to Configure

  • Group Policy Management Console (GPMC)
    • Computer Configuration → Policies → Windows Settings → Security Settings → Account Policies → Account Lockout Policy

Advanced Considerations

  • Use Fine-Grained Password Policies (FGPP) for high-risk accounts (admins, service accounts)
  • Monitor Event IDs:
    • 4625 (failed logon)
    • 4740 (account locked out)
  • Feed logs into your SIEM for correlation and alerting

Implementing This in Microsoft 365

In Microsoft 365, the model shifts significantly.

You don’t directly control “lockout duration” in the same way—because the platform is already applying smart lockout behavior.

Smart Lockout (Azure AD / Entra ID)

  • Automatically tracks failed attempts
  • Uses adaptive thresholds
  • Differentiates between familiar and unfamiliar locations

What You Should Do Instead

1. Enable and Enforce MFA

  • Conditional Access → Require MFA for all users (with staged rollout if needed)

2. Configure Conditional Access Policies

  • Block legacy authentication
  • Require compliant devices
  • Apply geographic restrictions where appropriate

3. Monitor Identity Signals

  • Azure AD Sign-in logs
  • Risky sign-ins and users
  • Integration with Defender for Identity / Sentinel

4. Tune Smart Lockout (if needed)

  • Default threshold is typically sufficient
  • Adjust only if you have a strong operational reason

The Bottom Line

A 15-minute lockout isn’t wrong.

It’s just incomplete.

  • ✔️ It’s common
  • ❌ It’s not a standard
  • ⚠️ It can create more operational pain than security value

The real shift is this:

Stop treating account lockouts as a primary control. Start treating them as part of a layered identity defense strategy.

Because in today’s environment, the goal isn’t just to block access.

It’s to understand it.

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.