Guest: Steve Winterfeld (LinkedIn)
Company: Akamai
Show Name: CISO Insights
Topic: Security

The cybersecurity arms race is entering a new phase where artificial intelligence doesn’t just assist attackers—it orchestrates entire campaigns from start to finish. Steve Winterfeld, Advisory CISO at Akamai, is sounding the alarm: security teams have a narrow window to prepare before AI-managed attack campaigns become the norm.

The Skills Gap That Will Cost Organizations

Winterfeld points to a fundamental disconnect happening in security operations centers right now. Years ago, he witnessed a security engineer telling a DevOps developer to deploy file integrity management agents on servers. The developer’s response? “I don’t have a server. I have scripts and code snippets in containers in the cloud.”

They weren’t speaking the same language. That same gap exists today with large language models and AI security.

“We have to give our people large language model skills,” Winterfeld emphasizes. “So they understand how to work with these and protect them and investigate them and audit them.”

This isn’t about optional training or nice-to-have certifications. Security professionals who don’t understand LLM architecture, behavior, and vulnerabilities will be unable to defend against the next generation of threats. The technical divide between traditional security controls and AI-driven systems is creating blind spots that attackers are already exploiting.

End-to-End AI Attack Campaigns Are Already Here

What Winterfeld sees emerging isn’t just AI-assisted hacking tools. It’s fully integrated attack platforms where artificial intelligence manages every phase of an intrusion.

“I see more and more end-to-end attack campaigns right now. I think they’re leveraging AI,” he notes. The evolution follows a logical progression: AI develops the exploit code, AI handles deployment, AI executes actions once inside the network.

But the real inflection point comes when all these capabilities unite under a single AI system that operates continuously, innovates on the fly, and adapts in real-time to defensive responses.

“At some point, we’re going to see speed and scale change, because everything’s going to be under that one code, or that one Gen AI implementation, where it’s going constantly, and it’s innovating, and it’s adapting real time,” Winterfeld explains.

Why Traditional Security Playbooks Won’t Work

The cat-and-mouse game of cybersecurity has always favored attackers who only need to succeed once while defenders must be right every time. AI amplifies this asymmetry to unprecedented levels.

Speed becomes the first casualty. Human-speed incident response and threat hunting can’t keep pace with AI systems that test thousands of attack variations per hour, learn from failures instantly, and pivot strategies without sleep or coordination overhead.

Scale follows immediately after. What took organized crime groups or nation-state actors months to orchestrate—reconnaissance, infrastructure setup, payload development, testing—AI can compress into days or hours.

For CISOs and security leaders, the next 12 months represent a critical preparation window. Organizations that invest now in LLM literacy across their security teams, implement AI-aware detection capabilities, and develop response protocols for autonomous attacks will have fighting chance. Those that wait will find themselves defending against threats their teams fundamentally don’t understand.

Winterfeld’s warning is clear: “That’s when the fight is going to change a little bit for us.” The question isn’t whether AI-managed campaigns will emerge. It’s whether your security organization will be ready when they do.