By Nitaant Singh, Chief Product Intelligence Officer, Cross Identity
There are moments in modern life when the world feels slightly out of joint, as if something vast has shifted beneath our feet. You sense it not through headlines or alarms, but through a change in the air, the way it tightens before an incoming monsoon.
Artificial Intelligence (AI) has created that shift. For the first time in decades, cybersecurity is no longer a technical concern, it is a geopolitical one.
We are standing at the edge of an international crisis unfolding faster than most institutions can perceive. The danger is not loud or dramatic. It is quiet acceleration, and quiet speeds are often the most lethal. Last year, investigators revealed that Chinese-linked hackers had deployed a malware strain called Brickstorm across government and IT systems in the United States and Canada, maintaining silent access since April 2024. This slow, deliberate infiltration is believed to be preparation for sabotage rather than theft.
The new velocity of attack
For years, cyberattacks were the work of individuals or small teams: skilled, determined, but bound by human pace. You could trace their movements across a network the way you might follow a burglar’s footprints in fresh snow.
AI has erased those footprints. Today, a single malicious actor can unleash millions of intelligent probes within seconds, each learning, adapting, and refining itself in real time. What once resembled a stream of attacks now moves like a tide, and tides do not negotiate, nor do they sleep.
According to KuppingerCole’s 2025 ITDR Leadership Compass, more than 80% of recent data breaches involve compromised identities, highlighting how both human and machine identities have become the primary attack surface in the AI era.
This shift is not linear. It is exponential. And exponential shifts are the ones societies rarely see coming until they are already inside them.
The rise of the hostile insider who is not human
The most unnerving change is not in the volume of attacks, but in their nature. A hijacked AI agent is not an intruder in the old sense. It is a trusted worker gone silent and strange. It already has keys. It already has clearance. It already knows the internal rhythms of the organization.
It is the difference between an outsider rattling the door and a familiar hand unlocking it from within. Once compromised, these agents can dismantle security controls, exfiltrate data, or corrupt transactions with the same unhurried efficiency they once used to complete business workflows. And they leave behind logs that mimic normalcy with unnerving precision.
This is the new battlefield: the enemy wearing your badge, speaking your system’s dialect, performing sabotage that looks exactly like routine operations.
Malware that learns like a living thing
Traditional malware belonged to a more innocent world. Once discovered, it could be catalogued, studied, neutralized. Its weaknesses remained constant.
AI-powered malicious code behaves more like a biological organism. Each failed attempt becomes a lesson. Each defensive response becomes new training material. It mutates, discards its errors, refines its strengths. To defend against it is to fight a shadow that changes shape every time you grasp it.
The civic fragility beneath the surface
The risk is no longer contained to corporate losses. The civic fabric of nations is now quietly entangled in this fight.
A breached identity system can halt public services. A compromised infrastructure network can interrupt power, water, or communication across entire regions. A manipulated financial system can spark panic, withdrawals, or collapse. These are not hypothetical. Recent breaches, from telecom infiltrations to state agency shutdowns, reveal the same pattern: the early tremors of a larger event.
In many ways, these incidents resemble minor quakes that precede a volcanic eruption, small, unsettling, and often ignored until the true scale is visible too late.
The industry’s long sleep
For two decades, the cybersecurity industry has behaved like merchants in a marketplace, quibbling over features and prices while the threat outside the gates grew sharper. Reactive tools. Fragmented point solutions. Endless product cycles.
Somewhere along the way, we forgot a simple truth: we are not selling convenience, we are safeguarding civilization’s digital scaffolding. Governments were little different, treating cybersecurity as an IT line item rather than a matter of national resilience. It was a luxury budgeted in good times and deferred in bad.
Now the world is discovering the cost of that complacency.
Security must become native to the system
We can no longer patch our way to safety. We can no longer retrofit protection into systems built on older assumptions.
Security must now be born into the environment itself, a structural instinct rather than a late-stage improvement.
Businesses must treat cybersecurity as critical infrastructure, not procurement. As civic responsibility, not departmental expense. It is the difference between adding locks to a fragile house and rebuilding the house so that intrusion is no longer structurally possible.
What every business should do now
There are several practical steps organizations can take immediately to strengthen their defenses in the AI era:
Consider asking your security vendors what responsibility they take for your outcomes
Request to see their roadmap for AI-era attacks, not just responses to yesterday’s threats
Move beyond two-factor authentication, three factors are becoming the new minimum
Begin planning for security-born architecture, rather than relying on continuous patches
Above all, recognize that the storm has already formed.
It does not roar. It whispers, but it is moving closer