Palo Alto Networks: AI-Assisted "Attack Compression" Reaches 25 Minutes

The speed of cyber warfare has shifted from "human-time" to "machine-time." A new threat report from Palo Alto Networks’ Unit 42 reveals a startling trend: the average time from initial unauthorized access to full data exfiltration has collapsed to just 25 minutes. This "Attack Compression" is a direct result of adversarial groups utilizing autonomous AI agents to automate lateral movement and credential harvesting.

The "Mythos-Class" Threat

The report attributes this acceleration to the availability of specialized LLMs trained on offensive security datasets—similar to the dual-use capabilities recently documented in Anthropic’s Mythos model. These adversarial agents can perform real-time reconnaissance of a target network, autonomously identify misconfigured Kubernetes clusters, and chain together multiple low-severity vulnerabilities to achieve root access. Because these agents operate with millisecond reaction times, they can outpace any human security operations center (SOC) that relies on manual alert triage.

Negative "Time-to-Exploit"

Perhaps most concerning is the rise of Zero-Day Automation. Unit 42 documented instances where AI agents began scanning the entire IPv4 space for a newly disclosed vulnerability within seconds of the CVE being published. In some cases, the "time-to-exploit" was effectively negative, as adversarial agents had already identified the underlying flaw via automated binary diffing before the official patch was released. Security professionals are now facing a "vulnerability gap" where the timeframe to protect a network has vanished.

The Pivot to Autonomous Defense

Palo Alto Networks argues that the only solution to machine-speed attacks is Machine-Speed Defense. The firm is advocating for a "Zero-Trust Agentic" model, where the firewall itself is powered by a high-fidelity reasoning engine. This engine doesn't just block IP addresses; it analyzes the linguistic intent of incoming API calls and identifies "logic collisions" that signify an agent-driven attack. To effectively counter a 25-minute attack cycle, the defensive system must have the authority to autonomously isolate entire network segments and rotate cryptographic keys without waiting for a human "OK."

As we enter the summer of 2026, the Unit 42 report serves as a final wake-up call: the human-in-the-loop is no longer a safety feature; in high-speed cybersecurity, it is a critical vulnerability. The era of agent-on-agent warfare is officially here.