Security leaders are rethinking the way they defend their networks. What used to be a system that was built solely on the defensive has evolved into a more proactive approach, with companies choosing to attack themselves first to expose weaknesses.
This “new idea” of securing networks was recently highlighted in a TechRadar Pro analysis that detailed a significant shift in how organizations think about cybersecurity. For decades, cybersecurity networks were built on a defensive approach: create walls, patch systems, and respond when intruders broke through.
Today, as attacks become faster and more sophisticated, many security teams are turning to controlled intrusions through staging their own red team exercises, automating penetration tests, and simulating exploits to determine weaknesses before criminals do.
And this approach is being driven by a new reality—AI.
Cyberattacks have not only grown in number in recent years but also in sophistication, with artificial intelligence powering everything from malware that adapts in real time to phishing emails that look indistinguishable from genuine communication.
While exact figures vary, the damage is rising. For example, average ransomware payments passed the million-dollar mark, more than twice the level of the previous quarter, according to ITPro. Investigators say the surge is less about one-off cases and more about a shift in tactics.
Criminal groups are leaning on AI tools to automate tasks that once slowed them down—writing convincing phishing messages, tailoring malware on the fly, and scaling campaigns that previously required large crews.
The speed and scale made possible by artificial intelligence are what alarm researchers most. They point out that the very tools helping criminals accelerate their operations could just as easily be placed in the hands of defenders. And that tension has led many in the field to call AI a double-edged sword. The same algorithms that allow attackers to scan entire networks for misconfigurations or generate new exploits in minutes can also be used by security teams to probe their own systems with equal intensity.
Academic studies have shown that AI can accelerate the discovery of weaknesses, but most experts caution against overstating precision metrics. What is clear, however, is that AI has collapsed timelines on both sides of the battle.
One instance is that the Cybersecurity and Infrastructure Security Agency has repeatedly encouraged critical infrastructure operators to adopt proactive security practices. In recent advisories, the agency pointed to red team assessments and the testing of AI models under stress as examples of methods that can strengthen resilience.
The Department of Homeland Security even went further in 2024 by publishing AI safety and security guidelines that urged operators to move beyond static defenses and treat cyber readiness as a continuous process.
For many security officers, the shift is not about abandoning traditional safeguards but about changing the timeline. Firewalls, detection systems, and antivirus software remain essential, but they are no longer seen as enough on their own.
The priority is to discover vulnerabilities during a drill, not in the middle of a crisis. The strategy, however, is not without complications. Misconfigured test environments can cause outages, and some organizations worry about blurring the line between a controlled simulation and a real-world breach.
Despite the risks, momentum is building. Analysts and industry experts believe that offensive testing, powered in part by AI, will move steadily into the mainstream. Within a few years, many expect it to be a standard part of security programs across both business and government.
What is emerging is a new kind of playbook. Security teams are no longer content to defend passively. Instead, they are trying to think like their adversaries, act first, and build systems that can withstand the next wave of attacks before it arrives.