- Agentic AI attacks now move faster than human security teams can respond.
- IBM’s answer is autonomous AI defence, but it raises questions nobody is answering.
There is a number worth sitting with before discussing IBM’s latest cybersecurity move: 27 seconds. That is the fastest incident breakout time recorded in 2025, according to CrowdStrike’s 2026 Global Threat Report – the window between an attacker’s initial access and full lateral movement in a network. The average is 29 minutes, a 65% speed improvement over 2024.
AI-enabled adversaries drove an 89% year-over-year surge in attack volume in the same period. Against that backdrop, IBM’s announcement of IBM Autonomous Security on April 15 is an acknowledgement of the threat’s arrival. The service is composed of coordinated AI agents and designed to analyse software exposures, enforce security policies, detect anomalies, and contain threats with minimal human intervention – operating, as IBM puts it, at machine speed.
The logic is that if attackers are moving at a pace no human SOC team can match, defenders need systems that don’t have to wait for a human to respond. IBM’s 2026 X-Force Threat Intelligence Index , published in February, found a 44% increase in attacks beginning with the exploitation of public-facing applications, driven largely by AI-enabled vulnerability discovery.
According to IBM, vulnerability exploitation became the leading cause of attacks overall, accounting for 40% of all incidents X-Force observed in 2025. “Frontier models are creating a new category of enterprise threat that is fast-moving, systemic and increasingly autonomous,” said Mark Hughes, global managing partner of cybersecurity services at IBM Consulting. “Meeting that threat requires a systemic defence. AI-powered offence demands AI-powered defence.”
The agentic AI threat
The same frontier AI models used by enterprises are being actively weaponised. IBM X-Force has documented attackers injecting malicious prompts into GenAI tools, with Infostealer malware alone exposing over 300,000 ChatGPT credentials in 2025.
The attack surface is the AI systems enterprises deploy. IBM Autonomous Security is designed to operate here, using what IBM describes as interoperable, vendor-agnostic digital workers that function in an organisation’s security stack, connecting identity and governance functions with IT and operational technologies environments. The aim is to coordinate security programs, something which enterprise environments have tried to orchestrate.
Alongside the service, IBM Consulting is also offering an Enterprise Cybersecurity Assessment for Frontier Model Threats, designed to help organisations understand where AI-specific exposures exist before an attack exploits them.
IBM’s research states enterprises often have no clear picture of their AI attack surface, but big blue is not alone in operating in this space. TrendAI launched its Agentic Governance Gateway in March, and Cisco unveiled a Zero Trust architecture for autonomous AI agents at the RSA Conference in April. The defensive AI market is projected to reach US$44.24 billion in 2026. Every major security vendor is making the argument that the only way to defend against AI-speed attacks is with AI-speed defence.
This means enterprises are now managing AI systems on both sides of the risk equation, deploying AI for productivity, defending against AI-powered attacks, and running AI to orchestrate security. Each layer adds complexity, and complexity has historically been where attackers find their best opportunities.
The accountability question remains. When an autonomous security system makes a wrong call, blocks a legitimate process, misidentifies a threat, or is itself compromised, who owns that failure? Enterprises adopting autonomous security tools would do well to define, before deployment, exactly where human oversight sits in the loop and what happens when machine-speed decisions turn out to be wrong.
Want to experience the full spectrum of enterprise technology innovation? Join TechEx in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click here for more information.
TechHQ is powered by TechForge Media . Explore other upcoming enterprise technology events and webinars here .
