Resilience: AI Accelerated Cyberattacks, Response Window for Defenders Narrowed to Minutes

AI hasn't created fundamentally new cybercrime schemes, but has drastically amplified old ones. According to reports from Resilience, IBM, and ReliaQuest, attackers now find it easier to launch mass phishing campaigns, automate reconnaissance, and accelerate infrastructure penetration, while defenders are left with only a few minutes to respond.

Why attacks have accelerated

The main effect of generative AI is not the emergence of "magical" attacks, but the reduction in cost and complexity of familiar operations. What once required a team, time, and decent skills can now be assembled faster: writing a convincing letter, adapting it to a specific company, translating it into the right language, mimicking business style, and launching it to hundreds of recipients at once. For attackers, this means a lower barrier to entry and better chances of scaling the attack with almost no increase in costs.

Reports from IBM, ReliaQuest, and Resilience agree on one thing: AI is particularly useful where speed and rapid plausibility increases are needed. Generative models help prepare social engineering scenarios, speed up analysis of open-source data about victims, and reduce the time between initial contact and access takeover attempts. If companies previously had hours to notice suspicious activity, attack chains now often unfold almost in real time.

Where defense breaks

The most frustrating part of these findings is that weak points in companies have long been known and have changed little. AI did not eliminate basic security hygiene and did not make it less important. On the contrary, old organizational and process gaps have become more dangerous because attackers now pass through them faster and more confidently. This is especially noticeable in scenarios where a person makes decisions under pressure, doesn't see the full picture, or relies on trust in a familiar process.

• weak help desk procedures
• poor device visibility across the network
• access management errors
• corporate email compromise
• fraudulent wire transfers

Each of these points looks familiar, but combined with AI, becomes a risk amplifier. A fake password reset request becomes more convincing, an email from a "colleague" is cleaner in style and tone, and preparation for an attack on the finance department takes less time. If a company doesn't understand what devices are connected to its infrastructure and who has which permissions, an attacker establishes a foothold faster. Email compromise and access errors continue to provide the shortest path to money and critical systems.

Why there's almost no time

A separate conclusion from the Cyber Risk Report 2025 is that security teams' response window has noticeably shrunk. We're no longer talking only about detection quality, but also about decision-making speed. When phishing campaigns, impersonation, and initial data collection are automated, an incident reaches critical points faster than standard escalation processes can handle. The old rhythm with manual verification, lengthy approvals, and incomplete asset inventories simply loses here.

For businesses, this means that defending yourself solely through employee training is no longer sufficient. You need stricter identity verification procedures in help desk, minimization of excessive privileges, constant device audits, and automation of response to events in mail and access systems. Otherwise, even not particularly sophisticated attacks, amplified by AI, turn into expensive incidents: with account takeovers, false payment orders, or lateral movement across the network before the team understands the scope of the problem.

What this means

The main conclusion is simple: AI has not replaced classical cybercriminal methods, but has made them faster, cheaper, and more massive. That's why the companies that will win are not those that formally implement AI, but those that have put their access, email, help desk, and infrastructure visibility in order—and learned to respond to attacks at the pace of minutes, not hours.