One Attacker, a Thousand Agents: The Asymmetric Threat CISOs Can’t Ignore

AI isn’t changing how attacks work. It’s changing how fast and how far they scale. In this episode of CISO Unscripted, Mitch Mayne sits down with Mike Spisak, Head of Cybersecurity R&D at Unit 42, to break down what’s actually happening on the front lines. Attackers aren’t reinventing tradecraft. They’re accelerating it. AI is acting as a force multiplier, allowing a single operator to scan, test, and iterate at a pace that used to require a team. What used to take coordination and time can now happen continuously and at scale, often inside environments that already carry implicit trust. The result is asymmetric pressure. Defenders are still operating at human speed. Attackers are not. This conversation focuses on what matters for security leaders. Why scale, not novelty, is the real shift; where exposure is increasing, often in places that already felt trusted; and what has to change in your security model to keep up. 00:00 AI-powered malware that builds itself in real time 00:26 Why AI is dominating the 2026 Unit 42 Global Incident Response Report 01:13 Where AI is showing up most clearly in attacks today 02:22 Beyond phishing: vulnerability research at scale and "old chaos" 03:06 The 25-minute exfiltration window 03:37 One attacker, a horde of agents: the asymmetric campaign 04:52 Efficiency vs. actual shift – how AI is changing attack models 06:42 Vibe coding and the "it looks right" trap 08:39 Shadow infrastructure, the AI insider, and self-generating malware 11:33 Why we must fight AI with AI 12:52 The importance of data, sensors, and context 14:12 Platform consolidation as a survival strategy ✅Subscribe to our channel to stay up-to-date with the latest in cybersecurity and threat intelligence: @PaloAltoNetworksUnit42 ✅Subscribe to the Threat Bulletin https://unit42.paloaltonetworks.com/#... Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Research Center: https://unit42.paloaltonetworks.com/ Facebook: / lifeatpaloaltonetworks LinkedIn: / unit42 YouTube: / @paloaltonetworksunit42 X: / unit42_intel Thank you for watching. If you found this clip insightful, please give it a thumbs up and subscribe to our Channel for more valuable content. To stay updated with the latest web application and API security, check out our website at https://www.paloaltonetworks.com/unit42. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com