SANS Institute highlighted the top five emerging cyberattack techniques during its keynote at RSA Conference 2026, offering early insights into threats expected to shape the cybersecurity landscape.
This year’s session, moderated by SANS Technology Institute President Ed Skoudis, delivers an unprecedented signal: for the first time in the history of this keynote, every one of the five most dangerous new attack techniques carries an AI dimension.
“We would be lying to you if we pointed out a trend in attacks that did not involve AI. That is just where we are in this industry.”
Skoudis frames the unifying theme as a collision of two forces: the complexity of modern infrastructure defies the limit of human understanding, and AI is what both attackers and defenders are now deploying to operate beyond that limit. Speed and comprehension are the twin crises every organization must confront, and the five techniques presented at this year’s session show exactly where those crises are breaking through.
Attack Technique #1: AI-Generated Zero Days, From Scarcity to Surplus
Joshua Wright, Faculty Fellow and Senior Technical Director, SANS Institute | Counter Hack Innovations
Zero-day exploit development once required months of specialized research and cost millions from brokers, making these tools the exclusive domain of well-funded nation-state actors who deployed them sparingly. AI has collapsed that barrier entirely. Independent researchers have already demonstrated AI-discovered zero-days in widely deployed production software for as little as $116 in AI token costs, and when a zero-day costs $50 in tokens rather than millions from a broker, the strategic logic of how attackers use them changes. Broad, opportunistic exploitation campaigns become economically viable for the first time, and capabilities once reserved for nation-states are now accessible to far less sophisticated threat actors.
“Attackers were already faster than us. AI has made the gap unbridgeable at our current pace.”
The defender side of this equation has not kept up. The Verizon 2024 DBIR found that half of all critical vulnerabilities remain unpatched 55 days after a fix becomes available, a window that was survivable when zero-days were rare and expensive. It is not survivable when AI can generate new exploits faster than vendors can produce patches. To keep up, organizations must accelerate every phase of the patching lifecycle, automate wherever possible, and adopt AI-powered detection tools to match the speed at which attackers are already operating.
Attack Technique #2: Supply Chain Risks, Your Vendor’s Vendor’s Vendor | Joshua Wright, Faculty Fellow and Senior Technical Director, SANS Institute | Counter Hack Innovations
Supply chain compromise is no longer a rare risk affecting a handful of high-profile targets. Two out of three organizations experienced a software supply chain attack in the past year, third-party involvement in breaches has doubled to 30%, and in 2025 alone more than 454,000 malicious packages were published to open-source registries, a 75% increase over the prior year. At the same time, AI-generated patches are enabling malicious actors to produce and distribute compromised code at scale. The attack surface now extends well beyond poisoned libraries to encompass build systems, update channels, and the developer tools teams use every day. The Shai-Hulud worm infected more than 1,000 open-source packages and exposed 14,000 credentials across 487 organizations. A China-affiliated group compromised the Notepad++ update infrastructure for six months, selectively delivering backdoors to targets in energy, finance, government, and manufacturing sectors.
“Your attack surface is not the software you chose. It is the entire ecosystem of suppliers behind it.”
Organizations must plan for supplier compromise before it occurs, demand verifiable proof of how software was built, and extend their definition of supply chain to every update channel and developer tool their teams depend on daily. Seventy-nine percent of organizations have cybersecurity programs covering less than half of their supplier ecosystem. That gap is where the next major compromise is already forming.
Attack Technique #3: OT Complexity and the Root Cause Crisis | Robert Lee, SANS Institute Fellow | CEO & Founder, Dragos, Inc.
When something fails inside critical infrastructure, the most urgent question is not how to restore operations as quickly as possible. It is what actually happened, and whether it was intentional. Recovering a plant without understanding what brought it down risks recovering it incorrectly, causing more damage in the process, or restoring operations directly into a compromised environment. Robert Lee has spent years conducting OT incident response, and what he is seeing is a widening accountability crisis: the network traffic and commands that represent the evidentiary record of what occurred in an industrial environment are only available if they were captured before the failure event. If they were not collected, they are simply gone.
Dragos was involved in the December 2025 attack on Poland’s distributed energy resources, where investigators could confirm disruption had occurred but could not determine what the adversary was doing inside the affected environments because the organizations had no OT monitoring in place. In a separate case, a state-level adversary with a documented intent to destroy equipment and kill people had been targeting a facility with no visibility infrastructure. A month later, the facility exploded. Whether it was an accident or a successful attack remains unknown.
“Governments are not going to be comfortable not knowing what happened in their critical infrastructure and why someone died. That scenario is unacceptable, and it is already happening.”
Agentic AI is now entering OT environments faster than most organizations realize, layering additional complexity onto systems that are already opaque. Outside regulated sectors, the vast majority of critical infrastructure globally still lacks the monitoring infrastructure required to enable attribution when something goes wrong. The SANS ICS Five Critical Controls and NERC CIP-015 provide a proven path forward. The investment decision cannot wait for the next incident to force it.
Attack Technique #4: The Dark Side of AI, Irresponsible Use in Digital Forensics and Incident Response | Heather Barnhart, Head of Faculty and Senior Forensic Expert, SANS Institute | Cellebrite
Every security team is being pushed to adopt AI, and in many contexts that pressure reflects genuine capability improvements. But Heather Barnhart, one of the world’s leading DFIR practitioners, argues that deploying AI without the training, validation frameworks, and investigative discipline to use it reliably is creating a dangerous new failure mode from within. AI cannot alert on evidence it does not know to look for, and it cannot interpret the significance of absent data the way a trained investigator can. In high-stakes investigations, an AI system that returns a confident wrong answer without signaling any uncertainty is not an efficiency gain. It is a liability that can shape case outcomes in ways that are extraordinarily difficult to detect or correct.
“Most breaches don’t fail because of tools. They fail at decision points. AI cannot be the decision point.”
The threat extends beyond investigative accuracy. AI is also being used against organizations through channels no one is monitoring: a third-party legal advisor uploading proprietary documents to a commercial AI service with no guardrails, or a therapist using an AI note-taking tool without patient consent or security controls, becoming the vector through which an attacker obtained sensitive personal information about a security executive’s family and leveraged it for extortion against the executive’s employer. The attack surface is not just the network. AI is a force multiplier, and that means it requires trained humans as the decision authority at every step, not the other way around.
Attack Technique #5: Find Evil: The Race to Autonomous Defense | Rob T. Lee, Chief AI Officer & Chief of Research, SANS Institute
The speed of cyberattacks has changed dramatically, and security researchers now estimate that AI-driven attack workflows operate up to 47 times faster than traditional, human-led approaches. The window to exploit a known vulnerability, which once averaged more than two years, can now shrink to a single day. In some cases, attackers can escalate from a stolen login credential to full administrative control of a cloud environment like AWS in as little as eight minutes. These are not theoretical scenarios; they are already happening today.
In November 2025, Anthropic documented a campaign known as “GTG 1002,” attributed to a Chinese state-sponsored group. The operation targeted more than 30 government and financial organizations and used AI tools to automate up to 90 percent of the attack process, including reconnaissance, exploitation, and lateral movement inside networks. Much of the activity was carried out without direct human intervention. This shift is forcing a fundamental rethink of how defenders respond.
“They have their artificial intelligence. Now we build ours.”
That idea underpins Protocol SIFT, an open-source initiative from SANS Institute designed to help defenders keep pace. The approach is intentionally constrained where AI is used to organize workflows, surface insights, and coordinate tools, but humans remain responsible for validating findings and making decisions. The goal is to accelerate analysts, not replace them, and early results suggest that the model can significantly compress response times. In one proof-of-concept exercise involving a complex, two-week attack scenario, a Protocol SIFT-assisted analyst completed a full investigation in just over 14 minutes. That included identifying malware, mapping attacker movement, aligning activity to known threat frameworks, and prioritizing next steps. The same work would typically take a human analyst several days. This is where defenders still have an edge. While attackers can scale tools, they cannot easily replicate the collective coordination of the global security community.
