Jul 3, 2026

What 27 seconds means for your AI security posture

AI vs AI
| Part
2

Reading time:

5 minutes

AI-enabled attacks up 89%. Fastest breakout: 27 seconds. They're not hacking companies. They're hacking infrastructure. The dark hoodie hacker lost their job to AI too.

Read the full AI Security Series

1. The gap nobody's watching
93% confident. 29% prepared. One person jailbroke a chatbot and emptied ten government agencies. The distance between the story the boardroom hears and the one the incident report tells.

2. 27 seconds to breakout
27-second breakout times. AI-generated phishing that knows your team by name. The dark hoodie hacker lost their job to AI too. What replaced them doesn't sleep.

3. The threat wearing your own badge
76% of organizations have shadow AI. The threat isn't at the gate. It has a badge you issued. Vendor-embedded models, compromised plugins, and the tools your team invited in.

4. Sovereignty is an architecture decision
Everyone's saying sovereign. This article is about what happens when your customer asks and your answer needs caveats. Interchangeability, vendor independence, and what the CLOUD Act means for Canadian data.

5. The people gap
The AI security job posting asks for four careers in one person. That person doesn't exist. The work does. Hour banks, returnable context, and a PMO that holds it all together.

6. What to ask your vendor
Seven questions. Print them out. Bring them to the meeting. Look for straight answers, not carefully worded topic changes. Use them on everyone. Including us.

7. What it looks like when AI security works
Tuesday morning. The phone didn't ring. The customer didn't leave. The Reddit thread didn't get written. That's what good looks like.

Author

Dimitri Phalen is the marketing lead at ISM who prefers plain language over big claims. For years, he’s worked behind the scenes, translating messy, complex IT problems into something teams can actually use. If something sounds like it was written by someone with not enough coffee, who’s been sitting too close to the delivery team for too long, that’s probably his fault.

Twenty-seven seconds.

That’s all it takes, when the trendy LLM your nephew uses to give his golden retriever a tophat, treats your infrastructure like a vulnerability research project. To the model, you’re not a company. You’re a task. A puzzle to pick apart, because somebody on the other end of a chatbot subscription asked the right question in the right order.

CrowdStrike clocked that twenty-seven-second breakout in their 2026 Global Threat Report. First system accessed to lateral movement into the next. Before you could unlock your laptop, whatever got in was already somewhere else inside your network. The average was twenty-nine minutes, which still sounds manageable until you walk through what your team actually does when an alert fires. Someone checks if it’s a false positive. It usually is. They escalate. The IR lead is in a meeting. Then on a call about the last incident. Forty-five minutes if things go well. By the time the call starts, whatever got in has had sixteen uninterrupted minutes at machine speed. Credentials scraped. Permissions mapped. Exfiltration staged. Your team is still deciding who’s sharing their screen.

The dark hoodie hacker lost their job to AI too

The hooded figure from the stock photos? Rendered obsolete by the same tools your EA uses to spiffy up your memos. The difference between a thank-you email and an exploit script is about four sentences of creative prompting. Same interface. Same monthly subscription. Wildly different output.

In December 2025, a solo operator talked an AI chatbot into breaching ten Mexican government agencies. One person. One thousand prompts. 195 million taxpayer records. The human’s contribution was patience and twelve dollars a month.

That was one person with one chatbot. Now scale it.

Russian operators used commercial AI to compromise more than 600 FortiGate firewalls across 55 countries in 5 weeks, according to Amazon Threat Intelligence. Not "zero-days". Not sophisticated exploits. Exposed interfaces and default credentials, found at a pace that turned the patching cycle into a spectator sport. A firewall in Saskatchewan and a firewall in Portugal share the same factory settings. The AI didn’t target companies. It went after users of the same common infrastructure.

Meanwhile, IBM’s 2026 X-Force index flagged North Korean operatives generating synthetic employees with AI. Fake headshots. Fake credentials. Fake work histories good enough to pass interviews. They apply for remote jobs. They get hired. They sit inside your environment with a legitimate badge and a direct deposit form until they find what they came for. You didn’t get hacked. You onboarded the hack and gave it benefits.

The AI already knows every Gary in your building

The phishing emails aren't all the same anymore. That’s the old playbook. Spray and pray. Your email filter catches 90% of it before breakfast.

This is different. Every Gary got a different email, written specifically for them, at the same time. Gary in project management got a follow-up from the cloud vendor his team actually uses, referencing the migration he mentioned on LinkedIn three weeks ago. Gary in finance got a login reset from the payroll system, timed to the real reset window. Gary in procurement got a contract amendment from a real supplier, formatted from a publicly filed document. Three seconds of compute per Gary. A hundred Garys hit before someone finished pouring coffee. Each email custom-built. Each one assembled from public profiles, cached pages, and breached credential databases.

Then there’s the credential angle that IBM’s X-Force data quantified: infostealer malware exposed over 300,000 ChatGPT credentials in 2025 alone. Not just passwords. Transcripts. Every question Gary asked the chatbot: draft this confidential email, summarize this internal document, analyze this dataset. A stolen chatbot login isn’t a password reset. It’s an intelligence file. And the AI that wrote the phishing campaign can cross-reference those transcripts with Gary’s reused password from the breach that hit his hockey league’s registration site last year, and the org chart from your company’s “about” page.

This isn’t a pinprick. It’s swiss cheese. Every hole a different size, a different shape, a different Gary. You can’t block this like spam because it doesn’t look like spam. It looks like Tuesday.

You can’t match this with more people

Not on their own. Not at this speed.

Your best analyst can triage forty alerts before the coffee gets cold. The AI that generated those alerts tested four thousand attack paths before the kettle boiled. Your quarterly security training teaches people to hover over links and check for suspicious senders. The AI that wrote the phishing campaign already accounted for every lesson in that module and built around it. You’re fielding a musket line against a drone swarm. The muskets still work. Your people are trained. But the engagement moved to a speed and scale that muskets can’t cover.

The only thing that matches machine speed is machine speed. AI on your side of the wall. Policy enforcement that kills the unauthorized action at the threshold, not after the alert queue. Monitoring that correlates signals across your network, endpoints, identity layer, and AI pipelines in real time. Drift detection that catches something going off-script before downstream systems feel the ripple. Humans set the rules. AI enforces them. Humans audit the outcomes. AI doesn’t sleep between audits.

That’s the model. Not replacing people. Giving people tools that operate at the same speed as the threat, to test attacks on your own terms before someone lse does. ISM delivers that in Canada, with cleared personnel and Canadian infrastructure. Kyndryl provides the global depth behind it. The architecture and the how is what the rest of this series is about.

Read next

Most AI security conversations are about the attacker’s tools. The next article is about yours. Shadow AI, vendor-embedded models, compromised plugins that behave normally for months. 76% of organizations already know they have the problem. The threat isn’t at the gate. It has a badge you issued. Your AI is their way in.

Cites

CrowdStrike 2026 Global Threat Report: 89% increase in AI-enabled adversary operations, 29-minute average breakout, 27-second fastest observed, 82% malware-free detections

IBM 2026 X-Force Threat Intelligence Index: 44% increase in attacks exploiting public-facing applications, 300,000+ ChatGPT credentials exposed by infostealers, North Korean synthetic identity schemes

Gambit Security: Mexico breach, 150GB exfiltrated from 10 agencies via jailbroken AI chatbots, December 2025

Amazon Threat Intelligence: 600+ FortiGate firewalls compromised across 55 countries

Kyndryl Security and Networks Readiness Report 2025-2026: $4.5M average incident cost

Want to understand how we work?

Every conversation starts with your environment. Not our product list.

Get in touch
ArrowArrow

It's not about the technology, or the processes. It's about your clients, your users, and the hard won trust you've built. Every team here keeps that at heart.

Mobile CTA