How do you defend against AI-powered attacks?

By Expel team

Last updated: July 7, 2026

Defending against AI-powered attacks takes a layered defense, not one fix. Security teams need AI-powered detection that matches attacker speed, tighter identity and email fundamentals—the surfaces AI-powered attacks exploit most—and 24×7 coverage, since automated attacks don’t wait for business hours.

The average eCrime breakout time—how long it takes an attacker to move from initial access to lateral movement—fell to 29 minutes in 2025, down from 48 minutes the year before. The fastest observed breakout took 27 seconds. (Source: CrowdStrike’s 2026 Global Threat Report)

By comparison, Expel’s own mean time to remediate on fully automated, high/critical incidents runs a 14-minute MTTR—faster than the average attacker’s entire breakout window. (Source: Expel)

 

Key takeaways

  • AI-powered attacks are personalized, adaptive, and fast enough that signature-based defenses and standard MFA don’t reliably catch them anymore.
  • A layered defense—AI-powered email security, behavioral analytics, identity security, 24×7 MDR coverage, and employee awareness—closes the gaps those traditional tools miss.
  • Speed matters most: The average attacker now moves from initial access to lateral movement in under 30 minutes, so coverage that only runs during business hours isn’t enough.
  • Organizations running their own AI systems and agents need a separate set of controls—access limits, approval gates, monitoring, and audit logs—so those systems don’t become the next attack surface.
  • Staying current on what AI-powered attacks actually look like, through ongoing threat intelligence, is what keeps every other layer working over time.

 

This page is the defensive companion to what are AI-powered cyber threats? If you want the full picture of what you’re defending against first, start there. Here, we’re covering what to actually put in place. None of this requires exotic new technology. Most of it is AI in cybersecurity applied to the fundamentals security teams already know matter—email, identity, and always-on monitoring—plus a few new considerations for the AI systems you’re now running yourself.

Diagram showing five layers of defense against AI-powered attacks: email security, behavioral analytics, identity security, 24x7 coverage, and employee awareness.

 

Why aren’t traditional defenses enough against AI-powered attacks?

Most traditional defenses assume an attack will look like a previous attack: a known malware signature, a phishing email with the usual red flags, a login attempt from a known-bad IP address. AI-powered attacks break that assumption on purpose. Each phishing email can be uniquely written for its target. Malware can rewrite its own code between attempts. A login attempt can come from infrastructure nobody’s flagged yet.

Standard multifactor authentication (MFA) has the same problem. Proofpoint’s own threat data found that of the organizations that experienced a successful account takeover in 2025, 59% of the compromised accounts had MFA enabled. Attackers are increasingly using AI-run phishing kits that intercept the session after MFA clears, not before. The defenses that hold up are the ones that don’t depend on recognizing a specific attack signature in advance.

 

What are the five layers of defense against AI-powered attacks? 

No single layer stops everything. Together, they cover the ground AI-powered attacks are built to exploit:

  1. AI-powered email security: Catches AI-generated phishing that slips past keyword-based filters.
  2. Behavioral analytics: Flags anomalous activity regardless of which specific technique an attacker used.
  3. Identity security: Closes the account-takeover path AI-powered attacks exploit most often.
  4. 24×7 MDR coverage: Matches automated attack speed with continuous, human-reviewed response.
  5. Employee security awareness: Trains people to catch what technology alone won’t.

AI-powered email security

Email is still the most common way an AI-powered attack reaches a person. AI-powered email security looks past the words in a message, into things like sender behavior, domain age, relationship history, so it can catch a phishing attempt even when the text itself is well-written and personalized. DMARC, SPF, and DKIM email authentication close off a related path by making it harder for an attacker to spoof a trusted domain in the first place. Expel’s email threat detection service is built around this exact gap—catching what AI-generated phishing is specifically designed to get past.

Behavioral analytics

Behavioral analytics doesn’t try to match an attack to something seen before. It flags what’s unusual for a specific user, account, or system, like a login from a new location at an odd hour, a service account suddenly reading data it’s never touched. That approach works whether the attack behind it is AI-generated or not, which matters when the attack technique itself is designed to look new every time.

Identity security

Identity is the attack surface AI-powered intrusions target hardest, because a stolen credential is faster to use than a stolen credential is to notice. Strong identity security means multifactor authentication—specifically phishing-resistant MFA like FIDO2 or WebAuthn, not SMS or push codes—plus privileged access management that limits what any single compromised account can reach. CISA and Microsoft’s own research puts phishing-resistant MFA at blocking more than 99% of identity-based attacks, even when an attacker already has a valid username and password. Standard push-based MFA doesn’t hold up nearly as well against the AI-run phishing kits mentioned above.

An attack that moves in minutes needs a defender watching in minutes, not one who reviews alerts the next business day. That’s the core argument for MDR services that combine AI-powered detection with 24×7 analyst coverage: matching the automation advantage attackers have gained while keeping a person accountable for what happens next.

Employee security awareness

Technology catches most of this, but not all of it. Training should specifically cover AI-enhanced tactics, not just generic phishing awareness: recognizing highly personalized messages instead of only generic mass emails, understanding that AI can convincingly mimic a colleague’s writing style, verifying unusual requests through a second channel even when they appear to come from someone known, and building basic awareness of deepfake audio and video. A clear, low-friction way to report anything suspicious matters as much as the training itself, because every report becomes threat intelligence for the next attempt.

 

How do you protect the AI systems in your own environment? 

Defending against AI-powered attacks isn’t only about attacks arriving from outside. Organizations running their own AI systems and agents now have a new asset to protect, with its own failure modes. The baseline controls: input validation and sanitization so a system can’t be manipulated through the prompts it receives, least-privilege access that limits what any AI agent can actually do or touch, human approval gates for high-impact actions rather than full autonomy by default, monitoring of AI system outputs for anomalous behavior, regular red-team testing of AI deployments, and audit logs covering every action an AI system takes.

 

What role does threat intelligence play in defending against AI-powered attacks? 

Every defense layer above works better when it’s built on a current picture of what AI-powered attacks actually look like right now, not what they looked like a year ago—this is a fast-moving area. Expel’s 2026 Annual Threat Report and ongoing threat intelligence research track these patterns across a large customer base, which is part of why cross-customer visibility is a real advantage in an MDR service: a technique flagged in one environment can inform detection everywhere else before it shows up in yours. 

 

Expel’s take

It’s tempting to chase every new AI attack headline with a new point solution. In practice, the fundamentals above—email, identity, and always-on coverage—stop the overwhelming majority of AI-powered attacks we see, because most of them are still faster, cheaper versions of phishing and credential theft, not exotic new techniques. Get those layers right first. Worry about prompt injection and agentic AI governance once you’re actually running AI systems that need it.

 

Frequently asked questions

What are the most important defenses against AI-powered cyber threats? 

The most important defenses are AI-powered email and phishing detection (the primary AI attack vector), behavioral analytics to detect anomalous activity regardless of attack method, strong identity security with MFA and privileged access management, 24×7 monitoring coverage to match automated attack speed, and MDR services that apply AI defensively at scale.

How can organizations defend against AI-generated phishing? 

Defend against AI-generated phishing with AI-powered email security that analyzes behavioral patterns beyond text content, DMARC/SPF/DKIM email authentication, employee training specifically covering AI-enhanced social engineering tactics, and suspicious email reporting workflows that feed threat intelligence.

How do you protect AI systems from adversarial attacks? 

Protect AI systems with input validation and sanitization, least-privilege access controls limiting AI agent capabilities, human approval gates for high-impact AI actions, monitoring of AI system outputs for anomalous behavior, regular red-team testing of AI deployments, and audit logs of all AI actions.

What role does MDR play in defending against AI-powered threats? 

MDR providers apply AI defensively to detect threats at the speed and scale AI-powered attacks operate at. By combining AI-powered detection across all environments with 24×7 expert analyst coverage, MDR matches the automation advantage attackers have gained while maintaining human judgment for complex incident response.

How should organizations train employees to recognize AI-enhanced social engineering? 

Training should cover recognizing highly personalized phishing (not just generic mass emails), understanding that AI can convincingly mimic colleagues’ writing styles, verification procedures for unusual requests even from known contacts, deepfake audio and video awareness, and clear reporting processes for suspicious communications.