Why velocity is now the critical edge in AI-accelerated cyber threat defense

Cyberattacks have always relied on deception, but the game has entered an entirely new league. Voice clones have been used in vishing attacks on major firms like Google and Cisco, and at DEF CON, social engineering is dissected like a sport, with experts competing to breach mock corporate walls. While the tactics themselves haven't drastically changed, the speed certainly has. The new era of cybersecurity will not be defined by the type of attack, but by the velocity at which it is waged.

We spoke with Albert Evans, Chief of Information Security at ISO New England. After leading cyber defense programs for the Department of Defense and securing Fortune 100 critical infrastructure at Exelon, Evans has developed a philosophy of "people-centered cybersecurity" that challenges the industry’s historically reactive posture. For him, the entire conflict has been reframed.

"AI doesn't change what attackers are going to do; they're going to have the same risk and response. What it changes is the speed. They're going to be faster on their end, so now you need to be faster on yours," says Evans. "A lot of AI-enabled defenses are about closing the speed gap to take away the threat actor's advantage."

The central conflict in modern cybersecurity is this "speed gap." AI is simultaneously the greatest threat and defense available today. But while defenders are upgrading their toolsets, attackers are weaponizing speed to render those tools moot.

• Fast and furious: "The trend is fast and furious because, even though many companies now have strong security tooling, attackers can still win by moving faster than defenders can react," Evans explains. "If your team isn’t well-trained or working together, the tools might detect the threat—but by the time they do, the attacker has already reached their objective."

Evans argues that closing the speed gap begins with moving beyond the "compliance checkbox" mentality that plagues many security programs. The solution lies in strategically layering operational frameworks like MITRE ATLAS, the OWASP Testing Framework, and the CSA MAESTRO framework to build a proactive defense.

• The operational unifier: "The framework I'm kind of excited about now is SAIL," Evans said. "SAIL is kind of the framework to rule them all because it's an operational framework that uses SDLC, that covers the full spectrum and incorporates the other frameworks. So now, you only need to use SAIL."

But frameworks and tools are useless without skilled operators to wield them. With static defenses now obsolete against polymorphic, AI-driven attacks, Evans argues that team transformation is a non-negotiable. This requires a new baseline of skills, a focus on low-risk technological adoption, and a renewed emphasis on a classic security discipline.

• The new skill baseline: "For your teams, they need at least some basic AI training—understanding what GenAI is, the risks," Evans says. "If they're going to use AI defensively, they need prompt engineering skills."

• A low-risk first step: "The AI assistant apps for the SOC are a no-brainer," he notes. "They're low-risk because they're just training off your data, so you're not getting model drift. They're quick to implement, and it's like getting a couple of extra SOC analysts on board overnight."

• The human countermeasure: "The best way to counter offensive threats is still old-school threat hunting," he says. "That means having skilled threat hunters working 24/7. Most companies struggle to hire and keep that talent, but you can augment your SOC by contracting with providers that offer it as a service."

In such a high-velocity environment, the goal is not to simply build walls, but to create a system designed to ensnare and neutralize threats as they move. "I don't describe what we do as defense in depth; I describe it more as a spiderweb because we want to make it very difficult for the threat actor to move through to achieve their objective," he states. "We create those different layers by mapping to frameworks like MITRE ATT&CK and MITRE ATLAS."