Dominic Jainy brings a wealth of knowledge in artificial intelligence and blockchain to the table, offering a unique perspective on the modern threat landscape. As cybercriminals harness machine learning to automate exploitation, the gap between a vulnerability being discovered and a breach occurring is shrinking at an alarming rate. We sit down with him to discuss the shift toward identity-based attacks, the weaponization of SaaS integrations, and how organizations must rethink their defensive posture in an era where data can be stolen in little more than an hour.
With attackers now moving four times faster than last year and exfiltrating data in as little as 72 minutes, how must incident response protocols change? What specific technical hurdles do teams face when trying to compress their detection-to-remediation timeline to under an hour?
The traditional multi-day “dwell time” is officially dead; we are now looking at a narrow 72-minute window where data is sucked out before the first alert might even be triaged. To counter this, response protocols must shift from manual human verification to automated containment that triggers the very second a suspicious pattern emerges. Teams are currently struggling with the sheer technical weight of legacy systems that require human sign-off for isolating a host, which is a luxury that no longer exists in a high-speed environment. It is a gut-wrenching race where every second lost to a slow-loading dashboard or an unread email notification means another gigabyte of sensitive data hitting the dark web.
Since threat actors are targeting vulnerabilities within 15 minutes of a CVE disclosure, how can organizations realistically win the race between patching and exploitation? What automation tools or prioritization strategies are essential for defending against these immediate, AI-driven reconnaissance sweeps?
When hackers start scanning for a software bug within 15 minutes of its public announcement, the old “patch Tuesday” mentality becomes a recipe for total disaster. Organizations cannot realistically patch every server in a quarter-hour, so the focus has to shift toward virtual patching and automated shield deployment through intelligent firewalls. You need AI-driven tools that can ingest a CVE feed and immediately update defensive rulesets across the entire infrastructure without waiting for a scheduled maintenance window. It feels like standing in a storm where the raindrops are actually specialized probes, and only a truly automated, intelligent umbrella can keep you dry.
If 90% of incidents now involve stolen identities or tokens that allow attackers to simply log in rather than break in, how does the definition of a “perimeter” change? What behavioral analytics or authentication layers are most effective at spotting an adversary who looks like a legitimate user?
The perimeter hasn’t just moved; it has effectively dissolved into the individual identity of every single employee and service account. Since 90% of incidents now involve someone simply “logging in” with stolen tokens, we have to stop looking at where a user is coming from and start focusing on how they are behaving once they arrive. This requires behavioral analytics that can spot a “legitimate” user suddenly accessing hundreds of records they never touched before or logging in from two different continents simultaneously. It is an eerie feeling for security teams to realize the enemy is already inside, wearing a trusted colleague’s digital mask and walking through the front door without making a sound.
Attackers are increasingly abusing trusted SaaS integrations to bypass traditional security warnings. How can companies audit these privileged connections without disrupting productivity, and what are the specific red flags that indicate a third-party integration has been weaponized?
We have seen a massive shift toward abusing trusted SaaS links, with nearly 25% of incidents now stemming from these supposedly “safe” third-party connections. Companies need to conduct rigorous, automated audits of these permissions, looking specifically for “permission creep” where a simple app suddenly requests full administrative access to a sensitive database. Red flags often include unusual spikes in API traffic or data transfers happening at odd hours to unfamiliar endpoints that have no business being involved in that specific integration. This represents a structural betrayal of the digital supply chain, turning a productivity tool into a silent bridge for an attacker to bypass every firewall you have built.
AI is now being used to run simultaneous attacks against hundreds of targets at scale. How does this shift from targeted to “shotgun” style AI-driven campaigns change the way small-to-midsized businesses must allocate their security budgets compared to large enterprises?
The move toward these “shotgun” style AI campaigns means that small-to-midsized businesses are no longer “too small to notice” for professional hacking groups. Attackers are now using scripts to hit hundreds of targets at the exact same time, making the cost of the attack negligible for them while the impact on a small business can be terminal. For these smaller players, the security budget must prioritize managed detection and response services rather than trying to build an expensive, custom in-house security operations center. Larger enterprises can afford the heavy lifting of custom AI-driven defense, but smaller firms must focus on the absolute basics, like locking down identities, to ensure they aren’t the low-hanging fruit in a mass-scale automated sweep.
What is your forecast for the evolution of AI-driven cyberattacks over the next year?
My forecast for AI-driven cyberattacks is that we will see the total automation of the “exploit-to-ransom” lifecycle, where a human attacker does not even enter the loop until it is time to negotiate the payout. We are moving toward a reality where polymorphic malware changes its code every few seconds to evade detection, making static signatures and traditional antivirus completely obsolete. This will force a radical shift toward “Zero Trust” architectures where no connection is ever fully trusted, even after a successful login with the right credentials. It is going to be a high-stakes game of machine against machine, and those who continue to rely on human-speed defenses will find themselves perpetually behind the curve.