fortune.com web signal

Coinbase warns AI attacks now outrun enterprise defenses

cybersecurity enterprise ai ai-security enterprise-ai

Key insights

  • AI has compressed cyberattack timelines from days to hours, invalidating enterprise incident-response playbooks still calibrated for human-speed threats.
  • AI-assisted zero-days and autonomous post-exploitation agents were confirmed active in live production attacks for the first time this week.
  • Coinbase's security chief argues rebuilding detection architecture around machine-speed compromise assumptions is the only viable defensive posture.

Why this matters

The confirmation of autonomous post-exploitation agents in live production attacks this week moves AI-driven threats from theoretical to empirical, forcing security architects to validate or discard their current detection assumptions against real attacker behavior. Enterprise security stacks built on SIEM rules and human-reviewed alert queues are now provably slower than the attack surface they cover, meaning every CISO whose team still relies on these systems is operating with a known architectural debt. For AI practitioners and founders building in this space, the same capability advances being deployed defensively are simultaneously compressing the attack lifecycle, creating a symmetric escalation dynamic with no natural equilibrium.

Summary

Coinbase's security leadership argues most enterprise defenses are built for the wrong threat model. AI has compressed attacker timelines from days to hours, and the first confirmed cases of AI-assisted zero-days and autonomous post-exploitation agents running in live production attacks arrived the same week as this piece. The core claim isn't about tool selection. Coinbase's security chief says the entire incident-response architecture needs rebuilding around the assumption of machine-speed compromise. Detection systems calibrated for analysts reviewing alerts over hours simply cannot close the gap against attackers operating in minutes. Essentially: (Coinbase) is arguing that continuous adaptation faster than the threat evolves is the only viable posture, not better point tools. - AI-assisted zero-days and autonomous post-exploitation agents were confirmed active in live attacks for the first time this week. - Most enterprise playbooks still assume human-speed threat actors, leaving detection windows that AI-driven attacks can exploit in minutes. - The required posture shift is architectural, not a product upgrade. Security budgets allocated for traditional SOC operations may already be structurally misaligned with the threat environment currently in place.

Potential risks and opportunities

Risks

  • Enterprises that deployed AI-assisted detection as point solutions rather than rebuilding core architecture may face coordinated machine-speed breaches before gaps are identified, particularly in financial services and critical infrastructure over the next 60 to 90 days
  • Security vendors selling AI-enhanced SIEM and alert triage products face reputational and contractual exposure if customers suffer machine-speed compromises that the tools were marketed to prevent
  • Confirmation of autonomous post-exploitation agents in live attacks could accelerate capability disclosure in underground markets, compressing the timeline for broader adversarial availability and widening the pool of actors able to launch machine-speed campaigns

Opportunities

  • AI-native security platforms architected for machine-speed detection (Vectra AI, Darktrace, SentinelOne) are positioned for accelerated enterprise budget capture as point-tool shortcomings become demonstrable through actual breach disclosures
  • Coinbase's public architectural framing gives security consultancies (Mandiant, CrowdStrike Services) a vendor-neutral justification to sell incident-response architecture audits to financial services and Fortune 500 security teams
  • Cyber insurers (Coalition, At-Bay) can reprice policies for enterprises still running human-speed SOC operations, creating a financial pressure mechanism that accelerates the architectural transition faster than vendor sales cycles alone

What we don't know yet

  • Whether the autonomous post-exploitation agents confirmed in live attacks were commercially available tools or custom-built by specific threat actors, which determines how broadly accessible this capability already is
  • What specific detection latency thresholds Coinbase has identified as the boundary between viable and non-viable response at machine speed
  • Which enterprise sectors beyond financial services have begun rebuilding incident-response architecture around machine-speed assumptions as of May 2026

Originally reported by fortune.com

Read the original article →

Original headline: Fortune: AI Cybersecurity Arms Race Has Already Started — Most Enterprise Defenses Are Still Calibrated for Human-Speed Threats