The AI Arms Race in Cybersecurity
Artificial intelligence is changing cybersecurity by changing the economics of both attack and defense. The issue is no longer only that cyber threats are becoming more sophisticated. The deeper leadership challenge is that AI compresses the time between vulnerability, discovery, exploitation, response, and adaptation. Speed becomes strategic. Visibility becomes essential. Trust becomes harder to verify. Access becomes one of the most important control points in the enterprise.
At 1ArtificialIntelligence, Leo Taddeo, CEO and President of AppGate, addresses this shift in his keynote, “The AI Arms Race in Cyber: How Attackers Scale and How Defenders Are Adapting.” Taddeo brings a rare combination of public sector cyber leadership and commercial cybersecurity experience to the conversation. Before leading AppGate, he served as the company’s CISO and President of its Federal Division. He also previously led the FBI’s Special Ops and Cyber Division in New York, overseeing more than 400 personnel across cyber investigations and crisis response. That background gives his presentation a practical foundation. The session is not a theoretical look at AI risk. It is a leadership briefing on how attackers are using AI to scale and how defenders must adapt their operating model.
AI does not simply make cyberattacks more advanced. It makes them faster, cheaper, more personalized, and more continuous. That is the new reality defenders must be prepared to meet.
Leo Taddeo, CEO and President, AppGateAI Compresses the Cybersecurity Cycle
The central premise of Taddeo’s keynote is that AI compresses the offense and defense cycle. Attackers can now generate content at scale, including phishing, spoofing, impersonation, and other forms of social engineering. AI also accelerates vulnerability discovery, allowing malicious actors to move at machine speed. Agents can continuously discover weaknesses, exploit vulnerabilities, and run workflows without the same human limitations that historically constrained cyber operations.
This matters because cybersecurity has always depended on timing. Organizations need time to detect vulnerabilities, prioritize remediation, patch systems, educate users, verify suspicious activity, and contain incidents before they spread. AI reduces that margin. When attackers can personalize lures, generate multilingual campaigns, test variations, and automate discovery, the defender’s challenge shifts from responding to isolated incidents to managing a continuous, AI-accelerated threat environment.
For business leaders, this creates a new standard for cyber readiness. Legacy processes that depend on slow review cycles, manual investigation, or perimeter-based trust are increasingly mismatched to the pace of AI-enabled attacks. The relevant question becomes whether the organization can reduce exposure, automate response, validate access continuously, and disrupt threats earlier in the kill chain.
Attackers Are Scaling Through Trust Manipulation
One of the most important themes in the session is the industrialization of trust manipulation. AI makes social engineering better, faster, cheaper, and more adaptable. Attackers can personalize messages, imitate tone, translate across languages, and iterate quickly based on what works. Social platforms become attack surfaces, not only because they host communication, but because they enable fake profiles, bot-driven relationship building, and staged credibility.
The emergence of deepfakes, QR-code abuse, and AI-enhanced impersonation adds further complexity. Fraud and cyber risk increasingly begin outside the organization’s traditional technical perimeter. A fake executive profile, a spoofed brand domain, a fraudulent login prompt, or a convincing impersonation campaign can create real operational and reputational damage before a transaction ever occurs.
Taddeo’s framing is important for executive teams because it expands the definition of cyber defense. Security cannot only protect internal systems. It must also monitor and disrupt the external infrastructure attackers use to manufacture trust. Brand protection, identity protection, fraud prevention, and cybersecurity are becoming more connected. Organizations need the ability to detect domains, profiles, lures, and impersonation infrastructure before they mature into financial loss or reputational harm.
Vulnerability Discovery Moves to Machine Speed
Taddeo also focuses on a second attacker advantage. AI accelerates vulnerability discovery and pushes the cost of discovery toward zero. AI agents can increase the volume of discovery and reporting, making the question of who finds it first increasingly critical. The practical consequence is that remediation and prioritization become the bottleneck.
The presentation describes a world in which the window between a bug being introduced and a bug being exploited continues to shrink. That is a major governance issue. Many organizations already struggle to prioritize vulnerabilities across sprawling technology environments. AI intensifies that challenge by increasing the pace at which weaknesses can be identified, chained, and weaponized.
Taddeo’s reference to AI-driven vulnerability discovery highlights why this shift lowers the barrier for attackers. Automated discovery can identify weaknesses across large codebases and infrastructure. Multi-step reasoning can help analyze dependencies, execution paths, and exploit chains that once required elite expertise. Continuous scanning collapses the time between vulnerability creation and exploitation. Lower-skill actors can now use AI assistance to approximate capabilities that previously required advanced technical experience.
When discovery becomes machine-speed, defense must become more disciplined. The organizations that win will be the ones that know what matters most, protect it first, and reduce what attackers can ever reach.
Leo Taddeo, CEO and President, AppGateThe strategic implication is direct. Cybersecurity programs must become more disciplined about exposure management. Organizations cannot treat all vulnerabilities equally, and they cannot rely on a backlog-driven patching model alone. Prioritization must connect technical severity with business criticality, asset exposure, attacker visibility, and potential blast radius.
Defenders Must Disrupt Earlier
The first major defender adaptation in Taddeo’s presentation is proactive disruption. Defenders need to stop fraud earlier in the kill chain, before transactions occur and before reputational damage spreads. That means detecting external impersonation infrastructure, reducing fraud operations overhead through automated takedown and response, and using machine-learning decisioning together with adaptive authentication to reduce customer friction.
This approach reflects a more modern view of cyber and fraud operations. The goal is not simply to challenge every user or lock down every interaction. Excessive friction can damage the customer experience and disrupt legitimate business. Effective defense needs precision. It must identify risk earlier, escalate controls intelligently, and allow legitimate activity to proceed smoothly.
For executives, this is where cybersecurity becomes a business performance issue. The best cyber programs protect trust without slowing growth. They reduce fraud without punishing legitimate customers. They automate response without losing governance. They align security, risk, legal, brand protection, fraud teams, and customer experience around a common operating model.
Shrinking the Attack Surface Becomes a Leadership Priority
The second major defender adaptation is attack surface reduction. Taddeo’s message is straightforward. If discovery is cheap, organizations must reduce what can be seen and exploited. That means shrinking the externally visible surface, segmenting access so compromise does not automatically become lateral movement, and placing the organization’s most sensitive systems and data behind explicit, policy-based access.
This is where AppGate’s position in Zero Trust Network Access becomes especially relevant. The presentation describes AppGate’s ZTNA offering as a direct-routed approach that replaces VPNs and cloud proxies with cloaked, encrypted access across hybrid and multi-cloud environments. The emphasis is on enterprises and government agencies where performance, resiliency, and compliance are critical.
The leadership lesson is broader than any single product category. Zero Trust is not simply a technical architecture. It is a management discipline. It assumes that trust must be earned continuously, access must be specific, and movement across systems must be controlled. In an AI-accelerated threat environment, broad network visibility and over-permissive access create unnecessary risk. Reducing what attackers can discover, reach, and exploit becomes one of the most practical forms of defense.
AI Agents Create a New Control Challenge
Taddeo’s keynote also addresses a newer risk surface: AI agents. These systems introduce autonomous, non-human actors that may operate with memory, decision-making authority, tools, and system access. When over-privileged, agents can move at machine speed across broad environments. The risks include rapid lateral movement, cascading failures, tool abuse, unintended actions, unauthorized API calls, data exposure, and destructive activity triggered by misinterpreted instructions or malicious inputs.
This is one of the most important enterprise AI governance issues now emerging. Many organizations are focused on model quality, productivity, and user adoption. Those issues matter, but agentic AI introduces a deeper security question. What can an agent reach? What can it do? How is its access limited? How is its behavior monitored? What happens when prompts, tools, permissions, and APIs interact in unexpected ways?
Taddeo argues that network-layer access control becomes essential because it restricts which systems an agent can reach, independent of application logic or prompts. Microsegmentation and Zero Trust can prevent agents from moving freely across environments. Continuous verification replaces one-time trust. Network controls remain effective even when agent behavior is non-deterministic or tools are abused.
The future of AI security will depend on one leadership principle above all others. Never give any user, system, or agent more reach than it needs to create value.
Leo Taddeo, CEO and President, AppGateThis point deserves board-level attention. AI agent governance cannot depend only on policy documents or user training. It requires technical enforcement. Enterprises need to define access boundaries for non-human actors with the same seriousness they apply to human users, and in some cases with greater caution because agents can operate continuously, rapidly, and at scale.
A Business Leadership Issue, Not Only a Technical Issue
Taddeo’s keynote makes clear that cyber readiness in the age of AI must connect security architecture, fraud prevention, brand protection, governance, customer trust, and operational resilience. The organizations best prepared for this environment will be those that treat access, verification, exposure management, and rapid disruption as enterprise leadership priorities.
How This Keynote Fits the Enterprise AI Agenda
Leo Taddeo’s keynote at 1ArtificialIntelligence connects artificial intelligence, cybersecurity, fraud prevention, Zero Trust Network Access, enterprise governance, and operational resilience into one executive framework. The session is directly relevant to business leaders evaluating how AI changes attacker economics, how defenders must reduce exposure, and how organizations can protect trust while continuing to innovate.
Primary session theme. AI compresses the cyber offense and defense cycle by helping attackers generate persuasive content, discover vulnerabilities, automate workflows, and scale operations continuously.
Defender response model. Cyber leaders must disrupt impersonation earlier, shrink the attack surface, segment access, protect crown-jewel systems, and continuously verify both human and non-human activity.
Enterprise AI governance. AI agents create a new control challenge because autonomous systems may act with memory, tools, decision authority, and broad access across enterprise environments.
Strategic business relevance. The keynote positions cybersecurity as a board-level issue connected to customer trust, brand protection, fraud prevention, compliance, resilience, and responsible AI adoption.
Cyber Leadership in the AI Era
The broader message of Taddeo’s 1ArtificialIntelligence keynote is that cybersecurity strategy must evolve from reactive defense to adaptive control. Attackers are using AI to scale persuasion, discovery, exploitation, and workflow automation. Defenders must respond by shrinking exposure, disrupting impersonation earlier, segmenting access, protecting crown-jewel systems, and continuously verifying both human and non-human activity.
This is a leadership challenge as much as a technical one. Cybersecurity now touches brand trust, customer experience, operational continuity, AI adoption, fraud prevention, compliance, and enterprise resilience. Organizations that treat AI security as a narrow IT issue will struggle to keep pace. Organizations that integrate cyber strategy into business strategy will be better positioned to innovate safely.
Taddeo’s keynote presents a clear operating principle for the AI era. Defenders cannot assume that attackers will move slowly, lack sophistication, or remain constrained by traditional costs. AI changes those assumptions. The most resilient organizations will be those that reduce what attackers can see, control what users and agents can reach, detect manipulation earlier, and adapt continuously as the threat environment changes.
Cybersecurity in the age of AI is not simply an arms race of tools. It is a race to redesign trust, access, and response for a world where both attackers and defenders operate at machine speed.
