Security practitioners have a habit of predicting the apocalypse every time a new technology emerges, while simultaneously ignoring the very real decay of their foundations. We are currently witnessing this exact duality with artificial intelligence. The prevailing narrative suggests AI is spawning fundamentally novel technical attack vectors that require entirely new layers of magic vendor-provided abstraction. The reality is far more mundane, and arguably much more dangerous. The primary offensive capability of AI is not invention—it is acceleration.
The industry is rapidly approaching The Zero-Luck Horizon. I coin this term to describe the impending operational state where AI-driven structural acceleration eliminates all friction from the attack lifecycle. Once we cross this threshold, relying on attacker bandwidth constraints, obscurity, or sheer probabilistic luck becomes mathematically impossible. When vulnerability discovery and exploitation are entirely automated, "luck-based security" dies.
The Myth of Instant Novelty vs The Reality of Instant Software
The threat of AI is consistently mischaracterized. To see the true shape of the problem, we must look at how AI alters software creation itself. We are entering an era of "instant software"—bespoke, ephemeral applications generated on the fly, used momentarily, and discarded. If code generation becomes frictionless, Bruce Schneier warns us that vulnerability discovery and patch deployment will follow the exact same automated trajectory.
Defenders hold an optimistic view that self-healing networks will emerge, where AI agents autonomously scan our networks, write patches, and deploy them. Yet, this assumes an operational maturity that most enterprises simply do not possess. The gap between an autonomously identified fix and an enterprise-approved deployment is massive. Attackers do not have a change advisory board. They can vulnerability hunt cross-platform, generate new exploits, and weaponise them at scale. When the cost of writing an exploit drops to near-zero, every theoretical misconfiguration you have ignored becomes a guaranteed breach.
Tribal Knowledge as the Last Moat
Despite the impending acceleration on the offensive side, the legacy security vendors—the old guard who have seemingly survived decades of predicted obsolescence—are proving remarkably resilient. Why isn't generative AI obliterating the market share of established security incumbents?
The answer lies in contextual asymmetry. As Anton Chuvakin observed at RSA 2026, legacy vendors possess an accumulated, highly integrated mass of customer data and specific environmental understanding. We can call this "tribal knowledge." A fresh, hyper-intelligent LLM dropped into a complex enterprise environment lacks the historical context of why a certain firewall rule exists, or why a specific active directory trust remains unbroken.
AI alone cannot reverse-engineer ten years of technical debt and undocumented business logic. Consequently, the defense cannot simply buy an AI overlay to solve underlying architectural rot. The survival of legacy vendors is a stark reminder that intimate knowledge of an environment—the messy, unglamorous reality of enterprise IT—is the actual perimeter.
Frictionless Exploitation
The danger of The Zero-Luck Horizon is not the "Bad Guy with AI." It is the acceleration of the inevitable.
An AI threat model does not change the fact that an exposed S3 bucket or an unpatched VPN appliance is an open door. What changes is the time window between exposure and exploitation. Previously, scanning the internet, triaging targets, and detonating payloads required manual human effort and prioritization. Automation removes the triage bottleneck. If an attacker can fully automate the chain from discovery to lateral movement, your time-to-exploit drops from weeks or days to mere minutes.
If your posture is poor before AI integration, the addition of AI offensive capabilities will simply mean you fail faster. There will be no grace periods.
The Red Team Perspective: Poisoning the Defenders
We must acknowledge that acceleration applies equally to defensive AI tooling, and that creates a distinct failure mode. If we automate our defensive triaging and automated response based on AI insights, we introduce novel systemic vulnerabilities.
The attacker will not just automate their exploits against our legacy infrastructure; they will attack the AI-driven defensive agents we deploy. By exploiting prompt injection techniques or data supply chain pipelines, red teams (and adversaries) will poison the output of our defensive models. If your SOC fully delegates anomaly classification to an agentic system, an attacker only needs to subtly drift the model's baseline of "normal" to ensure their data exfiltration happens completely unchallenged. We are building the very tools that will be turned into blind spots.
Recommendations for the Horizon
To survive when friction disappears, security leaders must stop focusing on AI hype and aggressively master their environment.
- Eradicate Luck-Based Defenses: Identify any control that relies on obscurity, attacker disinterest, or slow enumeration. If a control only works because you haven't been specifically targeted yet, consider it compromised.
- Compress Your Time-to-Patch: You cannot combat automated exploitation with a 30-day patch cycle. Build automated deployment pipelines for critical security updates and aggressively test to drop your mean-time-to-remediate (MTTR) into the single-digit hours.
- Map and Document Your Tribal Knowledge: Your legacy context is your strongest defensive moat. Digitise and structure this knowledge so that future defensive automation can actually interpret your environment's intent.
- Deploy Redundant Analytical Paths: Never allow a single AI agent or LLM the sole authority to classify an event or deploy a mitigation. Use traditional deterministic rules engines alongside probabilistic AI models to prevent cascading failures from prompt injection or model drift.