Same Script, Faster Attacks: The Shift from Manual to Agentic Threats

Forget the sci-fi disaster scenarios. Agentic AI isn’t a new threat — it’s the same one you know, now moving at supersonic speed. The playbook hasn’t changed. The pace has. Attacks now move faster, hit harder, and scale further than ever.

Security Operations Centers (SOCs) weren’t built for this level of speed and scale, a reality reflected in how attack timelines — from reconnaissance to lateral movement and malware development — are accelerating beyond the capacity of most teams.

AI Threats Have Outscaled Traditional Defenses

Over the past year, AI-enabled threats have outscaled traditional defenses — adversaries are executing attacks with exponentially greater speed and sophistication.

In late 2025, researchers at Anthropic documented the GTG-1002 campaign, the first verified intrusion in which an adversary deployed an AI agent to manage operations at scale, automating roughly 80-90 percent of tactical activity.

This incident reflects a broader pattern; one in which AI-enabled capabilities are being productized and distributed at scale. Groups like AiLock, a ransomware operation that openly markets itself as AI-assisted,offers industrialized attack delivery, putting automated attack capacity within reach of any criminal operator. Automated capabilities are showing up across the threat landscape in several distinct ways:

• AI-generated threats, i.e., polymorphic malware — Generative models produce self-modifying malware that evades traditional detection.
• Accelerated attack lifecycles — AI orchestrates reconnaissance, lateral movement, and exploitation in sequence, executing in minutes what once took a coordinated team days.

The result: AI accelerated threats have massively expanded SOC workloads, increasing alert volume and compressing time for detection and response, rendering legacy security models insufficient. 

Faster Attacks Translate Into Analyst Overload

Accelerated threats put constant pressure on SOC teams, producing more alerts to triage, more data to correlate, and more noise obscuring genuine threats. AI-generated polymorphic malware, for example, alters its indicators during execution, requiring repeated validation cycles that slow confirmation and response. Analysts must manually collect, correlate, and validate data across tools, extending response cycles, inadvertently letting adversaries progress unimpeded.

Beyond polymorphic malware, accelerated attack lifecycles create their own form of overload. They can trigger cascading alerts across multiple systems simultaneously, overwhelming analysts before any single stage can be confirmed and contained.

Analysts have a finite capacity. At machine speed, attackers exceed it, leaving SOC teams in a state of constant stress — forced to juggle missed alerts, limited time for investigation, and constrained resources.

Closing the Gap Between Attackers and Defenders

Keeping pace requires technologies specifically designed to interpret activity at machine speed. This shift is driving interest in agentic SOC technologies that can analyze activity continuously, correlate signals automatically, and surface validated threats without manual triage.

However, automation alone is insufficient. For security systems to operate at machine speed, they need rich, contextual data that extends beyond isolated logs or endpoint samples. Teams need a complete view of interactions across identities, systems, and the network because attacker behavior rarely manifests in a single telemetry source.

Full-fidelity network telemetry provides a critical foundation by capturing communications and behavioral relationships across traffic so automated analysis can separate real threats from noise. This visibility reveals intent, not just events.

Once defenders can observe how entities interact over time, automated systems can distinguish routine anomalies from coordinated attack sequences. The result is faster, smarter investigations that enable teams to contain threats before they escalate and before business operations are affected.

Security Must Now Operate at Machine Speed

Agentic AI is outpacing the operational limits that most traditional SOCs were built around — and that gap will only continue to widen without a deliberate response. Organizations closing the gap are grounding their defenses in complete network visibility, enabling efficient SOC operations at-scale.

A complete understanding of network activity depends on integrating data from endpoints, identities, and network systems into a continuous view. That integration is what produces the telemetry, correlation, and analytical capacity SOCs need in order to act. SOCs that leverage full-fidelity telemetry, real-time correlation, and agentic analysis can detect attacks sooner, determine their scope, and respond decisively to prevent business impact.

As adversaries continue to automate and amplify existing tactics, security operations must evolve from manual, sequential processes to continuous, automated workflows that keep pace with modern attack activity.

Learn more about how organizations are evolving to keep pace with modern threats.