Fortune: AI is supercharging cyberattacks

Posted on June 13, 2026 by michelleclarke2015

ISecurity

AI is supercharging cyberattacks—and most companies aren’t ready

By 

Beatrice Nolan

Tech Reporter

June 9, 2026, 9:45 AM ET

Add us on

Artistic rendering of a hacker trying to gain access to a worker's computer

From automated hacking to AI‑powered scams, the new threats are forcing companies to rethink their broader approach to security.Illustration by Simon Landrein for Fortune

As companies rush to adopt AI across their operations, attackers are exploiting the same technology against them.

Recommended Video

From automated hacking to AI‑powered scams, the new threats are forcing companies to rethink their broader approach to security. Beyond hardening technical defenses, companies operating in the AI age need to examine a wide range of practices, say industry experts, updating the way software patches are deployed and rebuilding the human layer of security.

“Everybody needs to be on a war footing right now,” Mayank Upadhyay, chief security and trust officer at Snowflake, told Fortune. The attack surface across a typical enterprise—network, laptops, cloud infrastructure, logins—is now generating so much data that human teams can’t hope to triage without help from AI, he said. 

For years, most organizations managed cyber risk on a predictable schedule. Security teams would discover flaws in their software, vendors would bundle fixes into periodic updates, and companies would decide when to install those patches—often weekly, monthly, or even quarterly. That slower, batch‑style approach existed, in part, because updating critical systems can mean taking them offline, and there is always a risk that a new patch breaks something important.

Now, widely accessible AI systems can scan codebases at scale, automatically generate exploits for the vulnerabilities they find, and in some cases deploy those exploits to infiltrate networks and steal data or take control of systems. This AI‑accelerated vulnerability discovery allows threats to be identified and weaponized in hours rather than days or weeks, outpacing the traditional patching cycle.

Experts and industry leaders say the answer is to fight AI with AI.

“You have to use AI. It’s not even a choice, because there’s just so much data,” said Upadhyay. “If you’re being attacked by AI, there’s not enough security specialists you can put in place to fight that.”

Anthropic’s new Mythos model, although currently available only to select companies, is a prime example of the critical role AI can play as a defensive tool. Steve Schmidt, Amazon’s chief security officer, told Fortune that Mythos not only helps to patch individual bugs but also helps to permanently close whole classes of weaknesses that have been lurking in their systems. 

“Everything we’ve seen has shown that we are far more effective using AI as defenders than adversaries are using it for attacks,” he said. “The experience we have with…the Mythos model is that it is a significant advantage to the defender.”

However, he said, the model only really performs when it’s paired with experienced engineers, adding that left to run on its own, even the most advanced systems throw off so many false alarms that developers eventually stop trusting what they see.

Paid Content

How Lenovo made AI the backbone of its customer experience

From ServiceNow

A new era of workforce risk

The economics of attacks are shifting too. Sophisticated, tailored intrusions used to be reserved for high-value targets; small and midsize companies could rely on relative obscurity. AI changes that calculus, lowering the cost and skill required to launch a customized attack against almost any organization, said Hugh Thompson, executive chairman of the RSA Conference.

“The fact that these tools can go after so many potential victims at once is a game changer in mindset,” he said. 

And while a lot of attention has been given to AI models’ ability to exploit technical vulnerabilities, there’s been less conversation about the risks around social engineering—using psychology to manipulate people into giving attackers data or access.

Social engineering attacks utilize things like phishing emails crafted to mimic a colleague’s writing style; vishing—voice calls impersonating IT support or a vendor; business email compromise, in which an attacker poses as a senior executive to authorize a fraudulent wire transfer; and increasingly, deepfake audio or video calls designed to convincingly replicate a real person. In one high‑profile case, criminals used an AI‑generated video and voice clone of a company’s finance chief on a live video call to trick an employee into wiring roughly $25 million to fraudulent accounts.

Preparing workers for these AI risks requires more than prerecorded training videos or the occasional phishing email test. And instead of thinking about the risk of one or two employees being targeted by a sophisticated phishing attack, companies need to be prepared for all employees to be regularly targeted.

According to research from Charlemagne Labs, an AI-security startup, AI models already widely available can now sustain believable, multi-turn deception—conversations that span many back-and-forth exchanges rather than a single message—which is the hardest part of real-world scams. AI models, the research found, may enable convincing, automated end-to-end scams within 12 to 24 months.

“Because most AI researchers are more familiar with technical hacking and exploits, we believe social engineering—still the attack genesis for the vast majority of attacks—has gotten too little attention,” says Jeremy Philip Galen, a former Meta product manager and CEO of Charlemagne Labs.

One way that Galen’s startup is trying to address this is with a system named Charley that uses AI to monitor incoming messages and warn users about likely scams, acting as a kind of always‑on scam filter in the background.

“You can’t really train people, and that’s scary. You can’t teach people to identify threats, which means we’re entering a new era of workforce risk,” he said. 

Snowflake’s Upadhyay says his team is already running daily “war room” exercises that bring together application security, cloud infrastructure, IT, and security operations teams. The aim is to remove silos so they’re prepared to react at “AI speed,” using the same AI‑powered tools as they test their defenses and find gaps before attackers do.

Upadhyay says teams should be establishing what is a four-step cycle powered by AI: Set up defenses, monitor them for breaches, contain and clean up any attacks or vulnerabilities that break through, and then build new controls so the same weakness can’t be exploited again.

“Just automating that entire life cycle—it’s using AI to fight AI. This is the thing that everybody should be rushing to do at this moment,” he said. 

Subscribe to Fortune Gulf Brief. Every Tuesday, this new newsletter delivers clear-eyed, authoritative intelligence on the deals, decisions, policies, and power shifts shaping one of the world’s most consequential regions, written for the people who need to act on it. Sign up here.

About the Author

By Beatrice NolanTech Reporter

Beatrice Nolan is a tech reporter on Fortune’s AI team, covering artificial intelligence and emerging technologies and their impact on work, industry, and culture. She’s based in Fortune‘s London office and holds a bachelor’s degree in English from the University of York. You can reach her securely via Signal at beatricenolan.08

Unknown's avatar

About michelleclarke2015

Life event that changes all: Horse riding accident in Zimbabwe in 1993, a fractured skull et al including bipolar anxiety, chronic fatigue …. co-morbidities (Nietzche 'He who has the reason why can deal with any how' details my health history from 1993 to date). 17th 2017 August operation for breast cancer (no indications just an appointment came from BreastCheck through the Post). Trinity College Dublin Business Economics and Social Studies (but no degree) 1997-2003; UCD 1997/1998 night classes) essays, projects, writings. Trinity Horizon Programme 1997/98 (Centre for Women Studies Trinity College Dublin/St. Patrick's Foundation (Professor McKeon) EU Horizon funded: research study of 15 women (I was one of this group and it became the cornerstone of my journey to now 2017) over 9 mth period diagnosed with depression and their reintegration into society, with special emphasis on work, arts, further education; Notes from time at Trinity Horizon Project 1997/98; Articles written for Irishhealth.com 2003/2004; St Patricks Foundation monthly lecture notes for a specific period in time; Selection of Poetry including poems written by people I know; Quotations 1998-2017; other writings mainly with theme of social justice under the heading Citizen Journalism Ireland. Letters written to friends about life in Zimbabwe; Family history including Michael Comyn KC, my grandfather, my grandmother's family, the O'Donnellan ffrench Blake-Forsters; Moral wrong: An acrimonious divorce but the real injustice was the Catholic Church granting an annulment – you can read it and make your own judgment, I have mine. Topics I have written about include annual Brain Awareness week, Mashonaland Irish Associataion in Zimbabwe, Suicide (a life sentence to those left behind); Nostalgia: Tara Hill, Co. Meath.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a comment