When AI changes the rules, attackers adapt

The dominant narrative around AI in security is one of emboldened defenders suppressing attackers. Yet, not everyone is convinced the future will be so rosy.

In a recent Defender Fridays episode, Josh Neil, Co-founder and CTO of Alpha Level, made an argument that cuts against the celebratory mood: as AI makes known attack vectors harder to use, adversaries don't disappear. They adapt.

For MSSPs and SOC teams, an adversary that looks like a user is a harder problem than one that looks like malware.

The squeeze thesis

Josh's central argument is that AI improvements in detection engineering, vulnerability identification, and malware defense collectively narrow the channels through which attackers can operate. 

The result, in his framing, is that adversaries get squeezed into noisier, more behavioral attack patterns that look more like regular user activity.  Conversely, they look less like anything a static detection rule will catch.

His analogy has historical origins: at Los Alamos in the early 2000s, the security team debated whether to block all outbound traffic except port 80. The reasoning was that forcing attackers into web traffic would limit their options. 

It did, in a sense. 

Yet, attackers found that web traffic was a large enough channel for them to operate without meaningful loss of capability. As a result, the detection problem became harder because their malicious behavior now looked increasingly legitimate.

Josh's prediction is that the same dynamic plays out with AI-assisted defense at scale. CrowdStrike data cited in the conversation supports the directional trend: 79% of the detections they generated in a recent reporting period came from non-malware-based attacks, up from the low 40s the year prior.

Accelerating vulnerability discovery does not immediately produce reliable exploits, given the complexity of memory-hardened environments. 

So while the channel-squeeze argument is structurally sound, the displacement may happen unevenly and over a longer horizon.

The conversation surfaced two additional positions that deserve attention from practitioners. 

Josh argued that tuning detection rules is a bad practice in general, because every exception introduced into a rule represents a gap an adversary can exploit. The smarter path is building better detections with the right context from the start, rather than patching ones that were underspecified when defined.

On the AI cost question, Josh was equally direct: routing all alerts through an LLM for triage is expensive and largely unnecessary. For the majority of alerts, cheaper classical methods do the job. LLMs belong at the end of a well-designed pipeline, processing only the most ambiguous and context-dependent cases after everything else has been filtered out.

Keep the conversation going

Josh Neil brought statistical rigor and intellectual honesty to a conversation that usually generates more heat than light. Defender Fridays runs weekly and consistently features practitioners who are willing to take meaningful positions and defend them. Subscribe to catch future episodes.

LimaCharlie gives teams the API coverage to build the kind of tiered, context-aware detection pipelines Josh describes. Sign up free or talk to the team.