Elodie Collins 
The use of artificial intelligence has compressed the time needed for cyberattackers to gain access and move across a system from days to mere minutes, with the average breakout time dropping to under 30 minutes in 2025, according to a new report by Booz Allen Hamilton. However, the company added, cyber defense continues to run on human timelines, with security teams taking days to remediate incidents and weeks to roll out patches.
The report warned that, in 2026, AI-enabled threats outpace cyber defenders, posing risks to national security and economic stability. AI is scaling deception, expanding the attack surface and making it easier for attackers to exploit trusted identities, requiring a cyber teams to adopt a different approach to detection and mitigation.
“The challenge shifts from spotting malicious files to spotting malicious behavior carried out through trusted accounts,” Brad Medairy, executive vice president at Booz Allen, warned.
Booz Allen provided three decisions that organizations must make to strengthen their cybersecurity in the age of AI.
Hear cyber experts from across government and industry discuss how AI can aid cyber operations during the AI in Cyber Defense: From Intelligent Detection to Autonomous Resilience panel at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Do not miss your chance to gain insights from top cyber leaders from the Department of War, Office of Management and Budget, Air Force Research Laboratory and other agencies and engage with industry innovators. Sign up now to secure your seat at this critical event.
How Can Organizations Close the Cybersecurity Speed Gap?
Booz Allen said organizations must first move cyber defense to AI speed by enabling automated containment and remediation actions during an active intrusion. The report noted that waiting for manual approvals delays response, allowing attackers to move laterally across networks. Preapproved actions, such as isolating compromised systems, blocking malicious traffic and revoking suspicious access, should be executed automatically within defined thresholds.
Second, the company emphasized the need to secure AI platforms as critical infrastructure. As these systems increasingly connect to sensitive data, workflows and enterprise tools, they present new entry points for attackers. Booz Allen said organizations should establish enforceable security baselines, including strong authentication, continuous monitoring, strict access controls and secure configurations to mitigate risks.
Third, the report calls for adopting a human-AI teaming model to scale cyber defense operations. AI systems can handle tasks such as alert triage, detection and initial response in seconds, while human analysts focus on complex investigations and strategic decisions. Booz Allen added that leadership must define clear authority for automated actions and align on acceptable operational risks to ensure rapid and effective responses.
Why Do Modern Cyber Defenses Require Machine-Speed Operations?
Booz Allen executives previously addressed the threat of AI to cybersecurity in a series of forward-looking assessments the company posted on LinkedIn in January. According to Medairy, adversaries use AI to automate and scale cyberattacks.
“Defensive cyber operations must keep pace—unifying IT operations and cyber defense to detect, respond and remediate at machine speed,” he stated.
