The CEO of iCOUNTER, John Watters, shares his views on how AI is changing attack tactics, increasing risk in third-party ecosystems, and conversely undermining the very defenses that businesses use to defend themselves.
Recent Trends and Statistics in AI‑Enabled Enterprise Risk
- AI accelerating adversary innovation: Attackers are now using AI to automate reconnaissance, phishing, and deepfake campaigns at exponential speed.
- Third‑party ecosystem vulnerabilities: Breaches tied to third‑party integrations have doubled in the past year, highlighting the fragility of connected networks.
- Global AI‑driven risk projection: The “Global Cyber Tax” — combined losses and security spending — is expected to hit $4.33 trillion (3.2% of global GDP) by 2030. Accelerated AI innovation could bring this forward to 2027 or 2028, with sharp growth beginning in 2026.
- Defense paradox: AI‑enabled security tools improve detection speed but also accelerate obsolescence, forcing adversaries to innovate faster.
AI Authority Trend: Arbe Integrates Radar with NVIDIA AI for Advanced AI Driving Platform
When AI Adversaries Outpace Cyber Defenders
Watters warns that AI adversaries are transforming every phase of attack methodology — from reconnaissance to execution — at a pace defenders cannot match.
“Defenders have always found themselves in reactionary positions, adjusting defense strategies based on the latest attacks. This has been an iterative approach, as the pace of innovation in cyberattack methods and strategies has been constant and fairly linear. However, AI-driven adversaries are transforming every phase of attack methods from the reconnaissance phase through all components of an attack like phishing, deepfakes, etc. and we’re shifting towards an exponential rate of innovation that defenders will not be able to match in 2026. In fact, at the current rate of growth the Global Cyber Tax (Global cybercrime losses added to the amount of global cybersecurity spending,) will also rise to $4.33 trillion (3.2% of global GDP) by 2030. If this rate of growth accelerates, we could see these levels of losses shift forward to ’27 or ’28, with a sharp growth acceleration of losses in ’26.
The current security programs of both large enterprises and government organizations cannot match the agility of sophisticated cybercriminals that increasingly leverage AI to automate the entire attack framework. Through automated reconnaissance capabilities, adversaries can rapidly assess a target’s increasingly connected digital systems and networks – creating a near infinite attack surface to exploit. Cybercriminals can now target numerous potential weaknesses of a customers’ connected ecosystem including IoT, Third Parties, SaaS, Cloud, Identity, and AI applications to identify where an organization is most vulnerable. These third-party integrations are difficult to secure due to their level of independence. The best organizations have been able to do is require a certain level of security posture of third parties, but posture does not translate to secure. The ‘front door’ will become the least likely option for an attacker as optional routes to compromise are increasingly easy to find and exploit.
We already see this taking place as the number of breaches leveraging third parties has doubled in the past year. Organizations will begin to leverage targeted risk intelligence that identifies where threats intersect with the organization’s extended ecosystem, where their defenses are essentially only as good as their weakest link. In this scenario, threat detection and response need to extend beyond a company’s control zone and crossover to their extended ecosystem of third parties. Third Party Posture management/measurement is essentially all defenders could deploy thus far as threat detection and response for an extended ecosystem of perhaps thousands of third parties has not been available at scale.
Ironically, many of the AI-enabled security tools that customers will deploy only serve to accelerate the obsolescence rate of those same approaches.
Cyber defenders will increasingly leverage AI to automate intelligence-led security programs. For example, threat intelligence will enable AI driven threat-hunting capabilities to proactively hunt for known threats in their environment, build and deploy detection rules, and automate alert triage to shift to partially autonomous security operations centers (SOCs). These autonomous SOCs, with a human in the loop, can identify threats at line speed and counter those threats before they can be executed by attackers. However, by accelerating their ability to detect and defeat known threats, companies are accelerating the obsolescence rate of their intelligence-led security program.
As defenders successfully learn to leverage intelligence of prior attack tools and tradecraft to automate many of their security practices, this will force adversaries to increasingly shift their focus to leveraging AI to spin up new and novel attack strategies that have never been seen before. In essence, as defenders automate their defensive measures against known threats, adversaries will increasingly shift away from leveraging prior methods, and all victims become Patient Zero,” he notes.
Watters predicts a Patient Zero era, where every organization faces novel, AI‑generated attack strategies unseen before.
Emerging AI Tech Trends
- Targeted risk intelligence: Enterprises will adopt AI‑driven intelligence that maps threats across extended ecosystems, moving beyond posture management to proactive detection.
- Autonomous AI operations: AI‑powered SOCs, with human oversight, will become standard, enabling line‑speed detection but also accelerating adversary innovation.
- Novel adversarial AI strategies: As defenders automate against known threats, attackers will pivot to AI‑spun methods that bypass traditional defenses.
- Third‑party ecosystem risk: With thousands of independent integrations, securing extended networks will remain the most pressing challenge for AI‑enabled enterprises.
AI Authority Trend: Zephr Launches Positioning SDK with Sub-Meter Precision for Android
Conclusion
Watters’ insights highlight a critical paradox: AI is both the most powerful defense tool and the greatest enabler of adversarial innovation. For enterprises in 2026 and beyond, success will depend on embracing AI not just as a defensive mechanism but as a strategic lens for managing risk across entire ecosystems. The future of AI tech will hinge on intelligence‑led, ecosystem‑wide strategies that anticipate novel threats rather than react to them.
FAQs
1. How is AI changing the speed and scale of cyberattacks?
AI enables adversaries to automate reconnaissance, phishing, and deepfake campaigns, accelerating attack innovation at exponential speed.
2. Why are third‑party ecosystems considered the weakest link in AI‑driven risk?
Third‑party integrations are independent and hard to secure; breaches tied to them have doubled in the past year.
3. What is the projected economic impact of AI‑driven cybercrime by 2030?
Global cybercrime losses plus cybersecurity spending — the “Global Cyber Tax” — could reach $4.33 trillion, or 3.2% of global GDP.
4. Can AI‑enabled defense tools backfire on organizations?
Yes. By automating the detection of known threats, AI tools accelerate obsolescence, forcing adversaries to innovate faster.
5. What strategies should decision‑makers adopt to mitigate AI‑driven risks?
Enterprises must extend intelligence‑led detection beyond their control zones, adopt autonomous SOCs with human oversight, and focus on ecosystem‑wide risk intelligence.
