On this page · 10 sections
Summary. Palo Alto Networks Unit 42 analysed more than 750 high-stakes incidents for its 2026 Global Incident Response Report, published February 17, 2026, and the pattern is clear: attackers now use AI across the whole attack lifecycle, cutting intrusion speed 4x in a year. The fastest 25 percent of intrusions reached data exfiltration in 72 minutes, down from 285 minutes. Identity weaknesses featured in nearly 90 percent of investigations, and separate 2026 reporting found 84 percent of high-severity attacks abused legitimate tools already inside the organisation. With the global average breach at $4.44 million, the defensive question is no longer whether AI changes the threat but which controls still work when the attacker moves at machine speed.
This is a briefing for CTOs and security leaders: what the 2026 data shows, why the old playbook underperforms, and the controls that hold up.
The new pattern: living off your own tools
The signature of 2026 intrusions is that they look like normal administration. Vendor tools built for privileged action at scale, especially remote monitoring and management (RMM) and mobile device management (MDM) platforms, are now prime targets, because once an attacker holds a vendor's management infrastructure they can push malware, run commands or change configurations that blend into routine traffic. Unit 42 tied 39 percent of command-and-control techniques to remote access tools. Broader 2026 reporting put the figure starkly: 84 percent of high-severity attacks abused legitimate tools already present, so signature-based detection that hunts for foreign malware misses the event entirely.
Speed changes the maths
When the fastest quarter of intrusions reaches data in 72 minutes, a response process measured in hours has already lost. AI compresses reconnaissance, initial access, scripting and extortion, which is how attack speed rose 4x in a single year. The practical consequence: detection and containment have to be automated at the identity and endpoint layers, because a human-paced runbook cannot keep up with a 72-minute kill chain.
Extortion over encryption
Ransomware has not disappeared, but its mechanics shifted. Encryption appeared in 78 percent of extortion cases in 2025, down sharply from above 90 percent in prior years, as attackers lean on data theft and the threat of exposure instead. The economics have moved too: Verizon's 2026 Data Breach Investigations Report puts ransomware in 48 percent of breaches with a median ransom of $139,875, while 69 percent of victims paid nothing. Backups alone no longer neutralise the threat when the use is exposure, not lockout.
| Dimension | The old normal | 2026 |
|---|---|---|
| Time to exfiltration (fastest 25%) | 285 minutes | 72 minutes |
| Primary entry point | Malware | Identity (nearly 90%) |
| Ransomware method | Encryption (over 90%) | Data theft; encryption 78% |
| Tooling | Custom malware | Legitimate tools (84%) |
| Role of AI | Limited | Accelerates lifecycle 4x |
The blind spot nobody budgeted for: AI agents
The enterprise added a new, poorly-watched identity class in 2026: its own AI agents. Adoption ran ahead of control. Gravitee's State of AI Agent Security 2026 found only 24.4 percent of organisations have full visibility into which agents talk to each other, and more than half of agents run with no security oversight or logging. The Cloud Security Alliance reported that more than two-thirds of organisations cannot clearly distinguish AI agent activity from human activity. Surveys of security teams put comprehensive agent controls at roughly 29 percent even as most run agents in production, and a large share confirmed an agent-related incident in the past year. An identity you cannot see is an identity you cannot defend. Our enterprise AI agent governance guide covers the control layers in depth.
The defense playbook that holds up
The through-line across 2026 guidance from Cisco, Microsoft and others is the same: identity is the control boundary, and AI agents are identities. Treat every agent as untrusted. Authenticate per request, authorise least privilege per tool call, and log every action.
| Control | What to do | Why it works |
|---|---|---|
| Agents as identities | Give each agent a distinct IAM identity linked to a human owner | Closes the agent-versus-human visibility gap |
| Least privilege | Constrain each agent to the tools and data it needs; issue short-lived, just-in-time tokens | Limits blast radius after compromise |
| Zero trust per call | Verify identity and context on every request, not once at login | Stops lateral movement at machine speed |
| Tamper-evident logging | Log every agent and admin action immutably | Makes actions provable and speeds response |
| Vendor-tool hardening | Restrict and monitor RMM/MDM and remote access | Counters the legitimate-tool abuse pattern |
Put a policy enforcement point, such as a Model Context Protocol gateway, between agents and the tools they call, so least-privilege rules are enforced consistently rather than per integration. Our note on AI agent security and prompt-injection guardrails covers the tool-layer defenses.
India-specific considerations
For Indian enterprises, the Digital Personal Data Protection Act, 2023 raises the cost of the extortion-only shift, because a data-theft breach is a reportable personal-data breach even when nothing was encrypted. That makes detection and tamper-evident logging a compliance need, not just a security one. Budget for identity-first monitoring and agent inventory now, and treat agent governance as part of the same programme described in our DPDP readiness guide.
What to do this quarter
Inventory every machine and AI-agent identity and link each to a human owner. Move detection and containment to the identity and endpoint layers so they run without waiting on a human, given the 72-minute kill chain. Tighten access to RMM, MDM and remote tools, and turn on immutable logging for agent and admin actions. Assume encryption is optional for the attacker and rehearse a data-exposure incident, not just a lockout.
FAQ
How eCorpIT can help
eCorpIT is a Gurugram-based, CMMI Level 5 technology consultancy and a Kaspersky partner. Our senior engineers build identity-first security into applications and AI systems: agent inventories, least-privilege access, just-in-time tokens, policy gateways and tamper-evident logging aligned with DPDP requirements. We design systems aligned with these frameworks rather than claiming certification. To harden your AI and application stack, talk to our team.
References
- 2026 Unit 42 Global Incident Response Report - Palo Alto Networks.
- Unit 42 report: AI and attack surface complexity fuel majority of breaches - Palo Alto Networks.
- 2026 Unit 42 Global Incident Response Report: attacks now 4x faster - Palo Alto Networks.
- Identity loopholes drive nearly 90% of Unit 42's 2026 investigations - Industrial Cyber.
- AI-driven threats, global breaches, and compliance shifts define the week in cybersecurity for July 2026 - eSecurity Planet.
- More than two-thirds of organizations cannot clearly distinguish AI agent from human actions - Cloud Security Alliance.
- The state of AI agent security 2026: what 160 CISOs reveal - NeuralTrust.
- Cost of a data breach 2026: $4.44M global, $10.22M US - IBM benchmarks.
- New tools and guidance: announcing Zero Trust for AI - Microsoft Security.
_Last updated: July 10, 2026._