Attackers have fully adopted AI across the kill chain, from reconnaissance to exploitation, and defenders need to move at the same pace or risk falling further behind.
This was the central message from day one of Infosecurity Europe 2026 in London, where keynote speakers from Mandiant, SentinelOne, and cybersecurity professionals on the front lines of cyber defense laid out the current state of play.
Stuart McKenzie, Managing Director EMEA of Mandiant Consulting at Google Cloud, gave a clear timeline for how attackers have adopted AI. In late 2025, threat actors began integrating LLMs directly into malware. By early 2026, attackers had collaborated to discover a zero-day vulnerability in a content collaboration platform using AI, which Google worked with the vendor to patch.
“We’ve seen attackers exploiting vulnerabilities way before there’s a patch and more often than not, before anyone is aware of it,” McKenzie said. “The speed is massive. And the scale, the ability for criminal threat actors to be able to identify vulnerabilities is now greater than it’s ever been with the help LLMs are providing them.”
McKenzie highlighted two techniques that are proving consistently successful for attackers: living off the land, where attackers use an organization’s own internal systems to move through the environment, and living off the edge, where they exploit zero-day vulnerabilities in edge devices that typically lack endpoint detection and response coverage.
Voice phishing is also rising sharply, with help desks a particular target. Telephone-based social engineering remains the most reported threat across sectors, with attackers calling help desks, impersonating employees, and obtaining MFA resets to gain initial access.
“Being helpful isn’t helpful in a security context,” McKenzie said. “We want a help desk to be really secure and not allow attackers to get in.”
A cross-industry threat intelligence panel featuring cybersecurity practitioners from McDonald’s, IHG, Live Nation, RPC LLP, and the RH-ISAC echoed the concern around voice phishing. In particular, they warned of the growing threat of North Korean government-linked operatives using fake identities to gain employment at Western organizations.
“You need three seconds to clone somebody’s voice,” said Ellie Hallam, Senior Analyst for Cyber Defence at McDonald’s. Organizations that are reliant on remote workers are more likely to fall victim, she added.
McKenzie offered several practical steps for defenders. First, treat low-impact alerts as critical, since threat actors frequently hand off access to other groups. Second, accept that not everything can be protected and ensure backups and control planes are in immutable storage. Finally, shift to continuous identity verification, aggressively monitor the external attack surface; and lock down developer environments and toolchains.
Agentic AI will be key, he argues. “You can throw logs at an AI and look for patterns. That’s something we should be pushing for.”
A Once-In-A-Lifetime Opportunity?
Juan Andres Guerrero-Saade, VP of Intelligence and Security Research at SentinelOne, was bullish, arguing that AI represents “a once in a lifetime opportunity to redefine the security space.”
But he warned that if the security community does not articulate what it needs from AI, “the frontier labs are going to insist on what’s convenient for them to sell. And we’re going to repeat the same failure pattern, just at a faster pace.”
Drawing on his own experience using frontier AI models for reverse engineering, Guerrero-Saade said AI is a force multiplier for skilled practitioners, not a replacement for expertise. A task that previously took the best reverse engineer he knew weeks to complete can now be done in hours with the right AI tooling and expert supervision.
He called on security leaders to invest in technical expertise and give practitioners dedicated AI budgets, rather than waiting for vendors to attach AI features to existing products.
On AI in security operations, the panel of cybersecurity professionals conclusion was clear: trust, but verify. AI is a tool to cut through noise and speed up analysis, but the actual judgment must still come from humans.
The defenders who get ahead will be the ones who adopt AI as a tool while keeping skilled practitioners in charge of the decisions that matter.
