"Systems have become so complex that humans can no longer fully oversee them," says Ed Skoudis, President of SANS Technology Institute. "AI is now the tool that both attackers and defenders use to try to break through that boundary."
During RSAC 2026, SANS Institute identifies the following five most dangerous new attack techniques:
1. AI-generated zero-days
Developing zero-day exploits used to take months of research and millions of dollars. AI fundamentally changes that. Researchers have now shown that AI can discover new vulnerabilities in widely used software for just a few dozen to hundreds of euros in AI tokens. The result: large-scale and opportunistic exploitation campaigns suddenly become profitable, even for less sophisticated attackers. Many organizations take weeks or months to patch critical vulnerabilities. In a world where AI can continuously generate new exploits, that pace is unsustainable. Automation of patch management and AI-driven detection therefore become essential.
2. Supply chain attacks
Software supply chains pose an increasingly significant risk. According to recent figures, two-thirds of organizations faced a supply chain incident in the past year, while third-party involvement in data breaches is rising sharply. At the same time, AI makes it easier to produce and distribute malicious code on a large scale. Attacks are not limited to direct attacks but also target the chain of suppliers that companies work with. Skoudis: "Many companies check their direct suppliers but not the suppliers behind them or those behind those. And that ecosystem is exactly where attackers are now focusing."
3. The complexity of OT
In operational technology (OT), it is often difficult to determine what exactly happened after an incident. When monitoring is not set up in advance, crucial network and command data can disappear forever. This makes it nearly impossible to reconstruct a failure, sabotage, or cyber attack. Without visibility, you cannot investigate an incident, says Skoudis. "And without investigation, you cannot learn from it. The increasing deployment of autonomous AI systems in OT environments makes that complexity even greater."
4. AI's 'dark side' in digital forensics
AI is increasingly being used in Digital Forensics and Incident Response (DFIR). However, experts warn that thoughtless deployment can create new risks. Skoudis: "AI systems only recognize patterns they have been trained on and may miss important clues. Even more dangerously, they can confidently provide an incorrect answer. An AI tool that quickly draws a wrong conclusion can mislead an investigation. AI can be a powerful assistant, but human expertise must always remain the decisive factor."
5. The race for autonomous defense
Cyber attacks are becoming faster. Researchers estimate that AI-driven attack chains operate up to 47 times faster than traditional methods. An attack can now escalate from stolen login credentials to full control over a cloud environment by a hacker in just minutes. "AI should enhance analysts, not replace them," concludes Ed Skoudis. "Attackers can scale tools, but collaboration among defenders remains the greatest strength."
