For the first time, SANS Institute's five top attack techniques all have one thing in common — AI.
RSAC 2026 CONFERENCE – San Francisco – Each year SANS researchers head to the RSAC Conference to reveal the five top attack techniques. But 2026 marks a distinct shift: all are powered by artificial intelligence.
"We would be lying to you if we pointed out a trend in attacks that did not involve AI," SANS president and presentation moderator Ed Skoudis explained to the audience during a keynote session covering the Top 5. "That is just where we are in the industry."
"Attackers were already faster than us," Wright said. "AI has made the gap unbridgeable at our current pace."
It's up to organizations to get faster to keep up, and that can be achieved with accelerated patching, automation, and AI-powered defense tools, Wright advised.
He pointed out that the Shai-Hulud worm has infected more than a thousand open source packages and exposed 14,000 credentials across 487 organizations. Likewise, a China-affiliated group compromised the Notepad++ update infrastructure for six months, selectively delivering backdoors to targets in the energy, finance, government, and manufacturing sectors.
"Your attack surface is not the software you chose. It is the entire ecosystem of suppliers behind it," Wright said.
It's smart to plan for the next supply chain compromise before it happens, he advised.
To adapt, organizations should plan for supplier compromise before it occurs, by demanding not just a list of materials, but verifiable proof of how software was built, he said. Also, organizations should consider every update channel and developer tool their teams depend on daily as a potential supply chain risk.
A good example of this sort of logging risk was a December 2025 attack on Poland's distributed energy resources that Dragos worked on, Lee explained. Investigators were able to confirm disruption had occurred, but there was no visibility into what the threat actor was doing inside the systems following the breach because of a lack of OT monitoring in place.
In another instance, a state-level threat actor with intent to destroy equipment and "kill people" had been targeting a facility that had no visibility into their infrastructure, he said, without naming the victim. A month later, the facility exploded. Chillingly, investigators still don't know if the destruction came from an attack or was simply an accident, Lee said.
"Governments are not going to be comfortable not knowing what happened in their critical infrastructure and why someone died," Lee said. "That scenario is unacceptable, and it is already happening."
Making matters worse, agentic AI is already in OT environments, he added, and organizations need to catch up and gain more visibility into these systems. He warns that the investment in added visibility into OT systems cannot wait until the next catastrophe forces the issue.
AI doesn't know what to look for and can't interpret evidence in the same way a human can, she added. And AI rendering a confident incorrect verdict isn't helpful and certainly doesn't save any time or resources during a response, Barnhart said.
"Most breaches don't fail because of tools," Barnhard said. "They fail at decision points. AI cannot be the decision point."
She reminded organizations that AI is also being used against vectors no one is monitoring, like AI notetaking tools. The attack surface has ballooned well beyond the network, and trained humans need to be empowered with decision making authority every step of the way, Barnhart added.
Take a November Anthropic-documented campaign as an example. Known as "GTG 1002," and attributed to a Chinese state-sponsored group, the operation targeted more than 30 government and financial organizations and used AI tools to automate up to 90% of the attack process, including reconnaissance, exploitation, and lateral movement inside networks. Much of the damage was done without any human help. So how can defenders respond?
"They have their artificial intelligence," Lee said. "Now we build ours."
He pointed to Protocol SIFT, an open source initiative from SANS Institute designed to help defenders catch up with AI-wielding attackers. It uses AI to organize workflows, surface insights, and coordinate tools. Meanwhile, humans are responsible for validating results and making decisions.
"The goal is to accelerate analysts, not replace them, and early results suggest that the model can significantly compress response times," Lee said.
In one response exercise involving a sophisticated, two-week attack scenario, an analyst used Protocol SIFT to wrap up the entire investigation in a little less than 15 minutes, including identifying the malware, mapping the attacker's movements, and aligning the tactics, techniques, and procedures (TTP) activity to known frameworks, and determining next steps. It's the ability for defenders to move react quickly and coordinate across the global security community that will give defenders a true edge over attackers, Lee added.
RSAC 2026 CONFERENCE – San Francisco – Each year SANS researchers head to the RSAC Conference to reveal the five top attack techniques. But 2026 marks a distinct shift: all are powered by artificial intelligence.
"We would be lying to you if we pointed out a trend in attacks that did not involve AI," SANS president and presentation moderator Ed Skoudis explained to the audience during a keynote session covering the Top 5. "That is just where we are in the industry."
Attack Technique #1: AI-Generated Zero-Days, From Scarcity to Surplus
Zero-day exploits used to belong solely to well-funded nation-state actors stacked with sophisticated researchers. But that barrier to entry into the zero-day game has been shattered by AI, according to Joshua Wright, faculty fellow and senior technical director of the SANS Institute. In fact, Wright points out that independent researchers have discovered AI zero-days in widely deployed production software that run attackers as little as $116 in AI token costs; quite a savings of the millions of dollars more sophisticated actors had been previously investing in finding these zero-days."Attackers were already faster than us," Wright said. "AI has made the gap unbridgeable at our current pace."
It's up to organizations to get faster to keep up, and that can be achieved with accelerated patching, automation, and AI-powered defense tools, Wright advised.
Attack Technique #2: Supply Chain Risks, Your Vendor's Vendor's Vendor
Two out of three organizations were affected by a software supply chain attack over the past year, and there's also been a surge in third-party involvement in breaches, and the number of malicious packages published to open source registries, Wright said.He pointed out that the Shai-Hulud worm has infected more than a thousand open source packages and exposed 14,000 credentials across 487 organizations. Likewise, a China-affiliated group compromised the Notepad++ update infrastructure for six months, selectively delivering backdoors to targets in the energy, finance, government, and manufacturing sectors.
"Your attack surface is not the software you chose. It is the entire ecosystem of suppliers behind it," Wright said.
It's smart to plan for the next supply chain compromise before it happens, he advised.
To adapt, organizations should plan for supplier compromise before it occurs, by demanding not just a list of materials, but verifiable proof of how software was built, he said. Also, organizations should consider every update channel and developer tool their teams depend on daily as a potential supply chain risk.
Attack Technique #3: OT Complexity & Root Cause Crisis
Robert Lee, SANS Institute fellow and CEO/founder of Dragos, explained that his deep experience gained over years working on OT incident response has helped him recognize what he called a "growing accountability crisis." Network activity and other critical evidence following an OT compromise is often not available — the data simply evaporates, Lee warned.A good example of this sort of logging risk was a December 2025 attack on Poland's distributed energy resources that Dragos worked on, Lee explained. Investigators were able to confirm disruption had occurred, but there was no visibility into what the threat actor was doing inside the systems following the breach because of a lack of OT monitoring in place.
In another instance, a state-level threat actor with intent to destroy equipment and "kill people" had been targeting a facility that had no visibility into their infrastructure, he said, without naming the victim. A month later, the facility exploded. Chillingly, investigators still don't know if the destruction came from an attack or was simply an accident, Lee said.
"Governments are not going to be comfortable not knowing what happened in their critical infrastructure and why someone died," Lee said. "That scenario is unacceptable, and it is already happening."
Making matters worse, agentic AI is already in OT environments, he added, and organizations need to catch up and gain more visibility into these systems. He warns that the investment in added visibility into OT systems cannot wait until the next catastrophe forces the issue.
Attack Technique #4: The Dark Side of AI, Irresponsible Use in Digital Forensics & Incident Response
As one of the world's leading DFIR experts, Heather Barnhart, head of faculty and senior forensics expert at the SANS Institute, said that organizations that are deploying AI without training, validation frameworks, and investigative discipline, are setting themselves up for failure.AI doesn't know what to look for and can't interpret evidence in the same way a human can, she added. And AI rendering a confident incorrect verdict isn't helpful and certainly doesn't save any time or resources during a response, Barnhart said.
"Most breaches don't fail because of tools," Barnhard said. "They fail at decision points. AI cannot be the decision point."
She reminded organizations that AI is also being used against vectors no one is monitoring, like AI notetaking tools. The attack surface has ballooned well beyond the network, and trained humans need to be empowered with decision making authority every step of the way, Barnhart added.
Attack Technique #5: Find Evil: The Race to Autonomous Defense
Rob Lee also said security researchers estimate that AI-driven attacks move 47 times faster than old-school, human-powered approaches. That means threat actors can take a stolen login and spin it into full admin control in an environment like AWS in less than 10 minutes.Take a November Anthropic-documented campaign as an example. Known as "GTG 1002," and attributed to a Chinese state-sponsored group, the operation targeted more than 30 government and financial organizations and used AI tools to automate up to 90% of the attack process, including reconnaissance, exploitation, and lateral movement inside networks. Much of the damage was done without any human help. So how can defenders respond?
"They have their artificial intelligence," Lee said. "Now we build ours."
He pointed to Protocol SIFT, an open source initiative from SANS Institute designed to help defenders catch up with AI-wielding attackers. It uses AI to organize workflows, surface insights, and coordinate tools. Meanwhile, humans are responsible for validating results and making decisions.
"The goal is to accelerate analysts, not replace them, and early results suggest that the model can significantly compress response times," Lee said.
In one response exercise involving a sophisticated, two-week attack scenario, an analyst used Protocol SIFT to wrap up the entire investigation in a little less than 15 minutes, including identifying the malware, mapping the attacker's movements, and aligning the tactics, techniques, and procedures (TTP) activity to known frameworks, and determining next steps. It's the ability for defenders to move react quickly and coordinate across the global security community that will give defenders a true edge over attackers, Lee added.