When Attacks Take Minutes, Not Days: The AI Speed Problem Defenders Now Face
Criminals using AI models can now write phishing bait, pick targets and hop between machines faster than most security teams can read the first alert.

Key points
- Attackers using AI tools like the Mythos model can now complete intrusions in minutes that once took days, according to reporting from The Hacker News.
- The speed gap comes from AI writing tailored phishing messages, choosing targets and testing what works, all without waiting on a human.
- Most company security playbooks were written for attackers who worked at human pace, leaving a widening response gap.
- Defenders are being pushed to adopt AI-assisted detection and faster automated responses to keep up.
Criminals are moving faster. A lot faster.
Work that used to take an attacker several days, picking a target, writing a convincing fake email, testing which trick lands, then jumping to the next computer inside the network, can now be done in minutes. The change is being driven by artificial intelligence models built or repurposed for offensive work, including one known in criminal circles as Mythos.
Think of it like this. A burglar who once had to case the neighbourhood, pick the lock, and try each door one by one now has a machine that does all of that at once, and moves to the next house before the alarm has finished ringing.
Why can't security teams keep up?
Because the playbooks they use were built for attackers who worked at human speed. Most incident response runbooks, the step by step guides that tell a security team what to do when something looks wrong, assume there is time to investigate, escalate and decide. AI-driven attacks collapse that timeline.
Here is what changes when AI joins the attacker's side.
Phishing emails, the fake messages that try to trick staff into clicking a link or handing over a password, used to be written by hand. A criminal would draft one lure, send it to a batch of victims, and hope. AI writes hundreds of variations, each tuned to the recipient's job, employer and recent activity. It also learns which version gets clicked and rewrites the losers.
Target selection speeds up too. Instead of a human sifting through a stolen contact list, an AI ranks victims by likely payoff and picks the softest entry point. If one target does not bite, the tool moves on within seconds.
Once inside a network, the same automation applies. The attacker's software looks around, finds shared drives, hunts for passwords stored in files, and hops to the next machine. By the time a human analyst opens the first alert, the intruder may already be three systems deep.
What does this mean for ordinary staff?
The frontline has not changed. Phishing is still the way most attacks start. But the emails are getting harder to spot because AI removes the tells: the odd phrasing, the wrong logo, the generic greeting.
Staff should slow down on any message that pushes urgency, whether it claims to be from the boss, a supplier, or IT. If a link asks for a password, do not enter it. Go to the site directly through a browser instead.
What can companies actually do?
The honest answer is that human speed alone will not catch machine speed attacks. Defenders are turning to their own automation: tools that watch for unusual logins, isolate a suspicious machine without waiting for a human to approve it, and flag patterns across a network in seconds rather than hours.
That does not remove the human. It shifts the human's job from spotting each attack to designing the rules the machine follows, and reviewing what it caught.
The gap between attacker speed and defender speed is the story of the next year in cybersecurity. Companies that treat it as an IT problem will lose ground. Companies that treat it as a training, process and tooling problem stand a better chance.



