Rethinking Security: Moving from Human Speed to Machine Speed

Anthropic recently disclosed their experience with GTG-1002, an AI-orchestrated cyber espionage campaign. The details were a wake-up call to those who have downplayed the role AI agents will have in the field of cybersecurity. As I said in my recent podcast appearance and blog post earlier this week, agents enable a single person to act with the capabilities of a large team. More importantly, an organization using AI agents needs to understand that they are opening an attack surface for an insider threat, except this digital employee can move with speed and skill no human can match. 

The Anthropic attack was strange in that it used publicly available tools connected to a cloud service. It’s important to commend their transparency. By sharing detailed findings publicly, they’ve given the industry invaluable insights into what AI-scale attacks actually look like in practice. The campaign showed AI enabling traditional attack patterns over multiple days with minimal human oversight. This kind of transparent disclosure is rare and benefits everyone.

How should security teams and CISOs be thinking about confronting this new type of threat? I’m sure many strategies and tools will emerge. Below, I’ll share the approach and mindset we’re taking at WRITER in the hopes that some of this may prove useful to others working in this space. 

The fundamental challenge isn’t just defending against AI-orchestrated attacks. It’s that traditional security programs operate at the speed of human interaction, while attacks now operate at machine speed. Security controls can run fast, but human bottlenecks in implementation, triage, and response create the vulnerability. We’re building a security program designed to close that gap.

To do this, we must implement security controls at the same speed that threats discover vulnerabilities. This requires rethinking how prevention, detection, and response work together, with AI handling the analytical and operational work while humans focus on strategic decisions.

Understanding AI-Orchestrated Attacks

The GTG-1002 disclosure provided operational details about how AI can execute traditional penetration testing frameworks at machine speed. These attacks follow established patterns but operate continuously with minimal human oversight.

The challenge is clear— attacks that once took teams of humans weeks to execute can now happen in hours with minimal oversight. Security programs must match this speed.

The Vision: Security at Machine Speed

The Bottleneck Problem

Security controls themselves can operate at machine speed. Rate limiters fire in milliseconds. Encryption happens instantly. Network policies apply automatically. The bottleneck is human interaction — implementing controls, triaging alerts, prioritizing fixes, validating findings, and coordinating responses.

Traditional security programs operate at the speed of human meetings, manual reviews, and coordination across teams. A vulnerability discovered on Monday might get triaged on Tuesday, prioritized on Wednesday, assigned on Thursday, and fixed next sprint. Meanwhile, an AI-orchestrated attack can discover and exploit that same vulnerability in hours.

The gap isn’t in security controls. It’s in how quickly we can implement them and respond to threats. That’s the problem we’re solving.

Our Multi-Pronged Approach

We’re building a security program around three integrated capabilities that work together to eliminate human bottlenecks while maintaining strategic human oversight.

Prevention: Automated Code Security

AI-powered code analysis that finds vulnerabilities before deployment. Instead of security teams manually reviewing code or waiting for scanner results to get triaged, AI agents analyze every commit for security issues, understand context that traditional tools miss, and provide developers with actionable guidance immediately. The goal is to prevent vulnerabilities from reaching production, not catch them later.

Detection: Behavioral Threat Intelligence

Unified observability that correlates activity across infrastructure, applications, and services to detect attack patterns in real time. Instead of security teams manually analyzing logs and correlating events across systems, AI-powered analysis identifies anomalies like sustained high-volume requests, multi-day sessions, systematic enumeration, and cross-service credential usage. Security teams can query the system in natural language and get immediate answers.

Response: Automated Governance and Remediation

Automated remediation that fixes vulnerabilities and builds institutional knowledge. Instead of security findings creating tickets that sit in developer backlogs, automated systems generate fixes, create pull requests, validate changes, and learn from each vulnerability to prevent similar issues across all codebases. The system gets smarter over time, turning individual fixes into organization-wide security improvements.

Continuous Validation

Instead of annual penetration tests that provide snapshots in time, we’re building continuous security validation into our development pipeline. This tests defenses at the same frequency and scale that adversaries can attack.

How These Capabilities Work Together

The power comes from integration. When the detection system identifies a new attack pattern in production, the prevention system immediately learns to recognize similar vulnerabilities in code. When the prevention system finds a new vulnerability class, the response system adds it to the knowledge base and generates preventive controls across all repositories. When validation discovers a weakness, all systems adapt their strategies.

This creates a learning defense that operates at machine speed. Security testing that previously required weeks happens in seconds. Vulnerability remediation that took months happens automatically. Threat detection that requires teams of analysts happens through natural language queries. Most importantly, the system improves continuously without requiring proportional increases in security headcount.

The Impact: We implement security controls at the same speed that threats discover vulnerabilities. This is defense at the scale and speed that AI-orchestrated attacks demand.

Take Action: What Security Leaders Should Do Now

AI-orchestrated attacks are happening today. Waiting for the perfect solution means leaving your organization exposed. Here are concrete steps you can take immediately to reduce human bottlenecks in your security program.

AI Agent and Generative AI Security

• Implement rate limiting per AI agent, preventing a single agent from executing thousands of operations without human oversight
• Control tool access for agents that restricts which APIs, databases, and systems each agent can interact with
• Monitor for prompt injection and jailbreak attempts to detect when users try to manipulate agents into unauthorized actions
• Implement guardrails on AI agent operations to prevent agents from writing to production databases, modifying code or configuration, or accessing sensitive data without explicit authorization
• Audit all AI agent actions by logging all activity and metadata of the agent
• Set session timeouts for AI agents by limiting indefinite execution that could enable multi-day attack campaigns
• Sandbox environments that agents execute in through isolating agents from internal and production environments

Access Control and Identity

• Organize teams around business units and projects to create natural security boundaries
• Apply least privilege consistently, giving users, whether human or AI agent, only the access they need for their role
• Enable multi-factor authentication for all administrators and sensitive operations
• Review permissions quarterly and remove access for departed employees immediately
• Consider custom roles for fine-grained control over specific operations

Third-Party Integration Security

• Use scoped API keys with minimal permissions, not organization-wide admin keys
• Rotate integration credentials regularly, ideally every 30 to 90 days
• Test integrations in non-production environments before deploying widely
• Disable unused integrations immediately rather than leaving them dormant
• Set rate limits per integration to prevent bulk automated operations

Detection and Monitoring

• Configure alerts for high-volume API usage that deviates from normal patterns
• Watch for repeated access failures that might indicate credential testing
• Monitor bulk file access or data operations that seem unusual for specific users
• Pay attention to after-hours activity from users who normally work standard business hours
• Flag administrative access from new locations or devices

Development and Code Security

• Integrate security scanning into CI/CD pipelines, not as an afterthought
• Use multiple scanning approaches to catch different vulnerability classes
• Prioritize vulnerabilities by exploitability, not just severity scores
• Build knowledge bases that capture secure coding patterns for your organization
• Automate remediation where possible to reduce time from discovery to fix

Data Governance

• Classify data by sensitivity and apply appropriate retention policies
• Consider zero-day retention for highly sensitive workloads
• Set share link expiration for temporary access grants
• Review shared access regularly and revoke expired permissions
• Disable public sharing for teams handling confidential information

Start Today: These controls don’t require massive investment or complete infrastructure overhauls. Most can be implemented with existing tools and processes. The key is starting now rather than waiting for a perfect plan. Every control you implement reduces your attack surface and makes adversaries work harder.

Organizations that take action today will be significantly better positioned than those that wait for the next disclosure to force their hand. The attacks are happening now. Your defenses should be active now, too.

Moving Forward Together

The security landscape is shifting. AI enables both attackers and defenders to operate at unprecedented speed and scale. Organizations that continue to rely solely on manual processes and traditional tools will find themselves increasingly outmatched.

The path forward requires rethinking how security programs operate. It requires moving from human-speed coordination to machine-speed implementation. It requires building systems that learn and improve continuously without proportional increases in headcount.

We’re committed to building these capabilities and sharing what we learn. Transparent disclosures from industry leaders raise the bar for everyone. By understanding how to use AI in sophisticated campaigns, we can better prepare our defenses and help our customers do the same.

WRITER is building security that operates at machine speed while maintaining strategic human oversight. This is how security must evolve to match the threats organizations face today and will face tomorrow.

This post was written by Eric Freeman with contributions from the WRITER security team.