As we approach the halfway mark of 2026, the pace of cybersecurity has not slowed down. It’s actually evolving faster than ever. When I look at some of the trends and new tools making the biggest impacts on our jobs in security, several things come to mind. First is the evolution of Frontier AI models.
The Frontier AI models are capable of scanning software code at a scale and speed that dwarfs anything we’ve seen, identifying hundreds of undetected flaws in systems that government agencies around the world have spent years trying to secure.
Put those capabilities in the right hands, and it’s a force multiplier for defenders. Put them in the wrong ones, and now it’s a problem the industry has never faced before at this velocity. For security teams, a new threat vector is pretty common. A new threat vector with active exploits within hours of disclosure is existential. Cybersecurity is no longer just an IT concern; it’s risen to the board level. Customer trust, regulatory exposure, financial impact: it’s all on the table now. The reactive postures organisations have used in the past just aren’t keeping pace with the speed at which business and attackers operate today.
Minutes and seconds, not weeks and days
When I started in this industry, tabletop exercises were built around ‘assume you have days to respond.’ Today, when I run those exercises, we start from a different premise: assume the breach already happened. Assume the data is already compromised.
Generative AI allowed bad actors to scale up attacks, run multiple probing instances simultaneously, and automate what used to require skilled human effort. Frontier AI models compress those timelines even further. The industry used to talk in terms of days and weeks. Now we measure in minutes, sometimes even seconds. I’ve learned that if you can’t react at machine speed, you need to redesign your controls to be more proactive because waiting for a human to review an alert queue is not sufficient.
This is where the concept of antifragility becomes more than an academic talking point. Antifragility means systems don’t just survive disruption, but genuinely improve because of it. It requires boards and security teams to be genuinely aligned, not just checking in four times a year at the quarterly briefing. Security improvements have to be continuous and structural, not reactive patches bolted on after an incident.
Use AI, there’s no other option
Most organisations are now familiar with AI agents, the tools that go beyond surfacing insights from data and actually take action. In security, that distinction matters enormously. Security teams are inundated with alerts. An AI agent with the right context (your organisation’s logs, your alert history, your playbooks) can parse all of that, triage what matters, and run a response workflow without waiting for a human even to open their laptop.
As we integrate AI, we’re evolving our relationship with how we engage with it, and we’re moving toward ‘human on the loop’ versus ‘human in the loop’. We’re moving away from a human overseeing it all out of necessity, which is faster than most security leaders are comfortable with. In the near term, automation will handle the bulk of time-sensitive incident response. The human role shifts to architecture, oversight, and managing the downstream effects of those defence systems. That’s not a loss; it’s a forcing function for security professionals to develop the skills that actually move the needle strategically.
Frontier AI models also give organisations something we’ve never had at scale before: a genuine bird’s-eye view of security posture. Feed these systems data from logs, assets, and configurations across the organisation, and you can identify weak spots in real time as your infrastructure evolves — not six months later in a penetration testing report.
Context engineering is foundational
This gets glossed over in vendor pitches: AI is only as useful as the information it can access. For an AI agent to act autonomously and reliably in a security context, it needs the right data at the right time. That’s context engineering, and it’s not glamorous work, but it’s what separates a useful agent from an expensive hallucination engine.
The challenge is that most organisations’ data is fragmented. It’s in different formats, stored in different places and siloed across business units. That’s the environment AI has to work in. Getting relevant information out of that mess, at speed, requires a search capability that covers the entire breadth of your private data estate.
At Elastic, we’ve built towards exactly this: giving security teams the data retrieval, orchestration, and guardrails they need to deploy AI agents that don’t just sound impressive in a demo, but actually execute reliable actions under pressure. With the right security log data and a well-designed playbook, these agents can deliver insights and take actions that would otherwise require a team of analysts working around the clock.
The asymmetry of attackers versus defenders
One thing I always come back to: attackers get unlimited attempts. They probe, they fail, they adjust, they try again. Defenders get one mistake before something valuable is compromised. That asymmetry has always been the defining challenge of this field, and no amount of technological change can fundamentally change it.
But what AI does change is our ability to be genuinely proactive. Not just reactive at speed, but ahead of the curve. Organisations are sitting on a wealth of context: years of security logs, incident histories, threat intelligence. The question now isn’t whether we have the data. It’s whether boards understand that acting on that data is a strategic imperative, not a line item to be trimmed in the next budget cycle.
The organisations that will come out ahead are the ones that stop treating cybersecurity as an IT cost centre and start treating it as the strategic asset it is. The tools exist. The data exists. What’s needed now is the leadership to flip the script toward a proactive posture of defence.
Mandy Andress is the chief information security officer at Elastic
