Artificial intelligence is rapidly changing the balance of power in cybersecurity, giving both attackers and defenders unprecedented speed and sophistication.
Dell President and Chief Security Officer John Scimone explains that defenders currently have an important advantage: they possess more data about their products, infrastructure, and networks than outside attackers do.
But that advantage will disappear unless companies move quickly to modernize their infrastructure, prepare their data, redesign security operations around AI, and develop autonomous defenses to respond to a coming wave of AI-powered attacks.
Core Takeaways
Autonomous Attacks Will Transform Cybersecurity: AI agents will allow threat actors to conduct attacks with far greater speed and scale, forcing nearly every traditional cybersecurity tool and practice to evolve.
Security Must Become AI-Native: Organizations cannot simply add AI to existing workflows. They must rethink security operations from the ground up, using AI and autonomous systems to improve detection, response, patching, resilience, and recovery.
Modern Infrastructure and Data Are Essential: Companies that maintain modern technology and clean, accessible, well-organized data will be best positioned to adopt advanced AI models and respond to rapidly changing threats.
Key Quotes
Defenders Have the High Ground
“AI models are fueled by data, context, and the insight that comes from data. From a product security perspective, any technology company inherently has more data about its products and more insight into its technology than an attacker. That includes everything from the initial concept and design to the architecture, threat models, and source code. In most cases, an attacker may only have a compiled binary or a copy of the product to work with.”
“The attacker is typically looking at the organization from the internet and examining the perimeter. The organization has the high ground. It controls the hill and has the opportunity to reshape its network and make changes at any time.”
Autonomous Attacks Will Challenge Every Security Practice
“When I talk about what has changed, it is speed, scale, and sophistication. The scale will come from autonomous operation—the inherent scale that comes from having agents doing the work.”
“As these models and capabilities are adopted by threat actors, the scale created by autonomous offensive operations will challenge almost every historical precedent in cyber defense. Almost every tool and practice traditionally considered a cybersecurity best practice will have to evolve to keep pace with the scale and sophistication of autonomous attacks that are just around the corner.”
Cybersecurity Organizations Must Reinvent Themselves
“A security organization that is not operating in an AI-native way is not going to be an effective security organization tomorrow. Organizations need to reinvent how they operate. It is not simply a matter of adding AI to existing practices. They need to ask what outcomes they are trying to achieve and whether they are detecting, responding, and recovering more quickly.”
“If you were starting from scratch today, knowing everything you know about the power of this technology, how would you operate differently? We expect autonomous hacking agents to be hitting every part of an organization’s network at all times with an extremely high level of sophistication. You simply cannot contend with that using legacy practices.”
Human Expertise Becomes More Important, Not Less
“There is a narrative suggesting that expertise and humans are no longer important in an AI world. I would argue that the opposite is true. We need deep expertise, and deep cybersecurity expertise in particular, not only to design agentic workflows and systems, but also to guide, orchestrate, and oversee them.”
“Humans must ultimately step in and remain accountable for the daily operation of the cybersecurity program. It is not too late for organizations to prepare, because the threat environment has not yet reached the peak we expect as AI is more fully adopted for malicious purposes. But organizations need to be racing to get ready.”
Dell Is Embedding AI Across Product Security
“There is not an area of our secure development lifecycle—or our development lifecycle more broadly—that has not benefited from AI. As our product design and engineering practices have modernized, we have been able to infuse our security rules, standards, and best practices directly into the AI engines at the point where code is being suggested.”
“That includes developing new code that is secure from the start, examining existing legacy code, and finding and fixing vulnerabilities at an unprecedented pace. The supporting workstreams—including deduplication, prioritization, and risk assessment—are also being fueled and supported by AI. It enables us to move not only more quickly, but with a level of sophistication and scale that was not previously possible.”