AI Arms Race: Rapid7’s Craig Adams on the New Cybersecurity Threat
▼ Summary
– Craig Adams notes AI has dramatically increased cyberattack speed and scale, enabling broad “spray-based” attacks that affect many organizations simultaneously.
– He states organizations now recognize the biggest risk is not adopting AI for defense, shifting focus from preventing AI misuse to integrating it for protection.
– Adams emphasizes that most organizations lack full visibility of their attack surface, with only 17% able to identify 95% of their environment, leaving vulnerabilities exposed.
– He outlines a three-step defense strategy: achieving a unified view of assets, consolidating data across systems, and implementing AI telemetry for faster threat prioritization and response.
– Rapid7’s product roadmap focuses on deeper Microsoft integration, automation for prioritizing and addressing risks, and enhanced identity and cloud security to counter rising attack trends.
The escalating use of artificial intelligence by cybercriminals represents a profound shift in the threat landscape, creating an urgent need for businesses to adopt AI-driven defense mechanisms. According to Craig Adams, Chief Product Officer at Rapid7, failing to integrate AI into security strategies now poses a greater organizational risk than its potential misuse. Attackers, being less risk-averse, are leveraging AI to execute widespread campaigns at unprecedented speeds, forcing defenders to accelerate their own adoption of advanced technologies.
Adams observes that the cybersecurity field has transformed dramatically over the past two years. Previously, attacks were often highly targeted and required significant effort. Today, AI enables malicious actors to launch broad, indiscriminate assaults that impact numerous organizations simultaneously. The velocity of these attacks has multiplied, sometimes by factors of five or ten, substantially increasing both the volume of incidents and the scope of vulnerabilities that companies must address.
In response, security teams have shifted their focus. Initial concerns about preventing AI misuse have given way to a widespread recognition that avoiding AI altogether in defensive postures is the more dangerous path. Organizations are now actively embedding AI into their security operations, particularly for enhancing decision-making processes. There is growing interest in what Adams terms “agentic AI”, systems that operate transparently, allowing Chief Information Security Officers to understand not only the decisions made by the AI but the reasoning behind them.
Despite the AI frenzy, Adams points out a more basic challenge plaguing many companies: a lack of comprehensive visibility into their own attack surfaces. Industry analysis indicates that a mere 17% of organizations can accurately identify 95% of their exposed assets. This means the vast majority are unaware of approximately 10% of their environment, which often represents the most attractive targets for intruders.
Adams outlines a clear three-step strategy for building resilient defenses. First, organizations must establish a unified view of their entire digital footprint. You can’t protect what you don’t know exists, so understanding all assets, their exposures, and existing controls is foundational. Second, businesses need to consolidate their security data, which frequently resides fragmented across five or more disconnected systems. This fragmentation prevents analysts from connecting crucial dots during investigations.
Rapid7’s methodology involves integrating these disparate data sources to improve the efficiency of both threat detection and incident response. The third component involves implementing native AI telemetry. By allowing AI systems to continuously monitor operations, security teams can quickly filter out benign activities and concentrate their efforts on genuine threats, enabling faster and more focused remediation.
The historical proliferation of security tools has exacerbated these challenges. For years, vendors encouraged customers to continually expand their security stacks with new products, leading to significant data fragmentation and management overhead. Adams notes that maintaining proficiency across fifteen different tools is impractical for most teams. Reducing that number to four or five integrated platforms allows security personnel to operate more effectively and efficiently.
The cybersecurity industry is now entering a consolidation phase, where interoperability and unified functionality are becoming paramount. Executives want solutions that simply highlight their most critical risks and provide clear prioritization. This philosophy is embedded in Rapid7’s offerings, which provide a consolidated view of the attack surface, help prioritize critical exposures, and deliver managed detection and response services to accelerate and economize threat mitigation.
While high-profile cyber incidents and service outages generate significant interest in security solutions, Adams identifies the defensive use of AI as the primary driver of current demand. Adversaries will continue to adopt new technologies rapidly and without hesitation, attacking more swiftly and across broader fronts. Defenders are working to close this gap, but they demand transparency in how AI systems reach their conclusions. CISOs remain skeptical; they need to see the technology in action and understand the logic behind its outputs, which is a key strength of Rapid7’s approach.
Looking forward, Adams’ product development efforts concentrate on three key areas: deeper integration with Microsoft’s E5 security stack, enhanced automation capabilities, and strengthened identity and cloud security. The Microsoft partnership aims to provide a more seamless and powerful experience for customers using Rapid7’s detection and response services.
Automation focus involves not just identifying thousands of exposures or millions of vulnerabilities, but intelligently prioritizing remedial actions and integrating those workflows into the tools teams already use. Finally, the rise of identity-based and cloud-focused attacks demands sophisticated contextual analysis. Understanding whether a password change was initiated by a CEO or a cloud administrator is critical for distinguishing normal activity from a potential security incident. Rapid7 is investing heavily in technologies that separate true threats from background noise, enabling more accurate and efficient diagnosis of critical issues.
In Australia, Rapid7 maintains a growing presence with a local Security Operations Centre, engineering resources, and cybersecurity advisors. This local footprint ensures that customers receive timely support without being hindered by time zone differences or geographic barriers. Based in Boston, Adams coordinates efforts across multiple regions, guided by a central mission: enhancing customer defense capabilities. When teams consistently focus on helping clients defend more effectively, business success naturally follows.
(Source: ITWire Australia)
