The Purple Paper
Getting left of boom has never been more challenging.
The time between business risk exposure and impact is collapsing. Attackers are moving faster, and exposure itself is forming faster as business accelerates. What once required years or months now takes days or minutes. Exposure windows are now referred to as execution windows. AI-enabled attackers can now identify and act on exposure almost immediately when conditions converge.
This compression of time is not driven by new exploits, zero-days, or a sudden shift in the way business risk exposure forms. It is the speed of information assembly, correlation, and action. Exposures in people, processes, and technologies that may have been silently unnoticed for years are now identified and tested in minutes. The more valuable the target, the higher priority the exposure.
Once this is understood, it fundamentally shifts how we calculate and address our risk posture. Exposure can no longer wait for quarterly reviews and the monthly status meetings. It must be addressed with urgency by teams enabled with the same capabilities as their adversaries. Moving smarter, and at machine speed.
The nature of business risk exposure has not changed. The rate at which it forms has accelerated, and the time to exploitation diminished.
Kill Chain Compression and Consolidation
The stages of the kill chain are still 100% valid and offer an excellent approach to understanding attacks. The stages still exist in our new world, but they have evolved with available tooling. What has changed is both how the work within each stage is executed and how the stages are traversed.
Many of the tasks that required manual effort, specialized skills, and process handoffs are now partially or even fully automated. Reconnaissance runs continuously with AI data correlation. Target profiles can be quickly created, curated, and prioritized based on ease of attack and value of return. Conversation and email pretexts can be generated on demand. Content, scripts, and supporting cloud infrastructure can be prepared in advance and spun up automatically when conditions are right.
The movement between the stages of the kill chain no longer requires human interaction. AI can oversee workflows based on rules created by the attackers. In this model, the dwell time between stages is not a viable defensive control. Nor is self-perceived anonymity or obscurity. “We’re not a target” has not been a believable defense since 2013.
As the speed of the attacker increases, the opportunity to disrupt the kill chain between phases begins to diminish. This is probably best illustrated by the recently disclosed AI-orchestrated espionage campaign leveraging the Anthropic platform, in which the attackers were able to use AI to perform an estimated 80-90% of the campaign autonomously, with human involvement at only critical decision points.[1]
When reconnaissance, planning, and execution are handled autonomously, the time between stages shrinks to where human response cannot reliably alter the outcome. This must be handled immediately with automated enforcement, and ideally, AI-enabled workflows.
This is not theoretical. Security programs built around staged detection and response have implicit delays, whereas compressed kill chains do not.
The Age of the AI-Enabled Attacker is Here
As attackers embed AI in their workflows, it removes friction and drives kill-chain compression just as it does legitimate business workflows. This not only makes the attacks faster, but they also become more sophisticated in speed. You’re literally playing chess manually against an AI-enabled opponent.
In the past, attackers used steps and tools in sequence. Reconnaissance outputs were reviewed, plans refined, content was written, and infrastructure was prepared for an attack. Every step along the way introduced a delay and limited the information that could actually be leveraged before execution.
The space between these steps has become minimal, with information beginning to flow bidirectionally at machine speed. Information is continuously collected, piped through reasoning, synthesized, and in some cases executed upon without human intervention. Phishing campaigns are an excellent example where the entire kill chain can be automated with AI providing process oversight. The human attacker sets intent and objectives while the AI-enabled stack governs execution. The diagram below from the Anthropic attack illustrates this evolution.
The lifecycle of the cyberattack, showing the move from human-led targeting to largely AI-driven attacks using various tools (often via the Model Context Protocol; MCP). At various points during the attack, the AI returns to its human operator for review
These capabilities change how work is executed within each stage and how the work moves through the stages.
Reconnaissance runs continuously. Public data sources, organizations’ metadata, exposed services, leaked credentials, and identity signals are gathered by data brokers and other services. Signals are correlated with tools such as Maltego. The targets are prioritized based on expected return, organizational authority, and ease of manipulation.
The workflow advances automatically for a target when a sufficient signal exists.
The context is assembled into an actionable pretext. With target language patterns, tone, the reporting structure, and behavior profiles inferred, conversation scripts and emails are generated and prepared for use. Now the attackers aren’t constructing the attacks step by step. They are fine-tuning and approving execution.
With the reduced barrier to entry, the attackers can use synthetic identity in addition to low and slow phishing techniques.
Voice can be cloned with services such as ElevenLabs. Platforms like D-id are used to create a visual presence. All that is required to produce a convincing executive presence is a short piece of audio and a picture, or even better, a video of the subject. These attacks have become so prevalent that awareness training leaders like Adaptive Security have added the experience to their training.
The first touch interaction may be a brief video call or a recorded message to test the response. The request is time sensitive and plausible and does not deliver malware. It may reduce defensive control or obtain information. There is no discernible incident, and trust is established. If resistance appears, the workflow can adapt.
The campaign continues across channels. Phone calls, emails, and text messages include similar requests, further establishing trust and removing friction. The caller identity is controlled using various services such as SpoofCard. An AI caller can adjust tone, urgency, and justification in real time based on the response from the target. Attacks don’t reset with friction; they evolve.
Execution is often achieved through existing business workflows.
A wire transfer gets approved with a single authorization. User credentials get reset. OAuth permissions get accepted for nefarious extensions. Confidential or sensitive documents get shared, or access is obtained. The actions are valid with the system based on existing controls, but the trust has been misplaced.
If an attacker’s attempt fails, they iterate immediately using a different executive or third-party partner identity and shift channels. Failure informs the next action. Success moves the workflow forward and likely scales the activity.
The net result is that attacks are faster, better informed, more adaptive, and more convincing. Speed and sophistication are no longer trade-offs. They have it fast, cheap, and good enough.
For the blue teams, this matters. Using AI (artificial intelligence) to gain insight while attackers use AI to execute is a mismatch that teams must address.
Rebalance the Fight with Preemptive Cyber Defense
The attackers aren’t succeeding because defenders lack capability. They succeed because deception influences outcomes that were exposed by insufficient control practices. If the objective of the deception is to move money, the most effective defenses are foundational. Multi-step authorization, multi-person approval, and enforced separation of duties matter more than determining whether a voice or video is real. If a single individual can approve a high-dollar value transaction based on a conversation, then the weakness is the workflow.
In this situation, preemptive cyber defense removes discretion from the equation. Money does not move based on urgency or a single authority. It only moves when preset conditions are met. The deception cannot override enforcement without having had significant scrutiny.
If the deepfake attack results in a permissions change, an OAuth grant, or an adjustment that creates a separation-of-duties violation, the user or administrator handling the request likely has no idea of the risk in the moment. The request may seem routine, yet the exposure it creates could cut across systems and business processes beyond their visibility.
Humans cannot possibly reason out transitive trust across systems, accumulated privilege, or exposure blast radius. Here, AI-enabled reasoning provides insight and exposure awareness, and risk mitigation by continuously evaluating identity, access, and business impact before a change is made. Changes that create an unacceptable level of exposure are not permitted without escalation.
This same principle and workflow apply when deceptive practices lead a user to install or accept extensions that introduce malicious artifacts. While valuable, it is unrealistic to expect awareness training alone to stop this from happening. Preemptive cyber defense requires automated and immediate orchestrated containment to prevent execution before damage can be done.
The practical takeaway is not AI replacing fundamentals. It is implementing and enforcing fundamentals continuously, and applying Artificial Intelligence (AI) in data gathering, synthesis, and reasoning, where humans lack visibility and speed.
Using deterministic controls where sufficient, and adaptive reasoning where required, preemptive cyber defense does not try to out-detect deception. It works to ensure deception doesn’t easily translate into irreversibly deep impact. This is how the kill-chain workflows described earlier are disrupted in practice. Not by winning every interaction, but by constraining the outcome.
Left of Boom is About Choosing an Operating Model
Attackers have leaned into the new model, understanding that exposure opportunities form quickly and are more easily identified and acted upon with AI embedded in their workflows. They assume speed and automation. They assume resistance will be met, and their workflows are designed to be adaptive to it.
Defenders still seem to be satisfied waiting a week or two for a report of vulnerabilities to add to their backlog. Programs based on periodic review, human intervention, and post-execution response will continue to experience the same challenges even as visibility improves.
The preemptive cyber defense model isn’t predicting every attack or detecting every deception. It constrains negative outcomes and continuously shapes exposure so trust can’t be abused at scale.
Left of boom doesn’t have to be aspirational. It’s an operating model choice.
Organizations choosing this model will disrupt attacker workflows and minimize the impact of successful attacks.
Here are three practical steps security teams can take to combat kill-chain compression.
1. Re-engineer Controls That Assume Time Exists to Respond
For example, implement solutions like Conditional Access Enforcement as discussed in our previous piece on Session Token Theft, and supplement with AI-enabled identity and entitlement discovery for better visibility.
The assumption that alerts will be reviewed and actions taken before impact occurs is no longer valid in the world of compressed kill-chains.
2. Convert from Vulnerability Management to Exposure Awareness
Instead of focusing on periodic discovery and backlog-driven remediation, identify material business exposure and triage the contributing factors across identity, access, configuration, vulnerability, and lifecycle. See our previous work for a deeper dive into Continuous Exposure Awareness.
3. Apply AI-Enabled Automation Where Humans No Longer Add Leverage
While human judgment is essential, it cannot operate at machine speed. Relying on it to correlate context in real time across interconnected identities, data, networks, and business environments is a fundamental weakness.
Apply AI-enabled reasoning and automation where speed and scale are beyond human capabilities. Identities and entitlements are a great place to start. Leverage the information to shape and reduce the attack surface, and these benefits will flow into the SOC.
These three preemptive cyber defense steps are essential to overcoming kill-chain compression and are aligned with the Zero Trust Architecture model most organizations are already adopting.
SOURCES:
[1] Disrupting the first reported AI-orchestrated cyber espionage campaign
Review Your Risk and Security Posture
