AI-driven attacks shrinking response window for security teams, Elastic warns

Security teams are facing a rapidly shrinking window to detect and respond to cyberattacks as artificial intelligence accelerates the speed and scale of adversarial activity.

According to Elastic’s global general manager of security Mike Nichols, attackers can now move from initial compromise to meaningful system impact in as little as 11 minutes, creating a new operational challenge for security teams still relying on manual detection and response processes.

“At this speed, manual playbooks are no longer just slow, they’re mathematically impossible,” Nichols said.

Speaking during Elastic{ON} Sydney, Nichols warned that the growing use of AI by attackers is dramatically lowering the barrier to entry for sophisticated cyber activity.

In fact, AI is increasingly being used to identify vulnerabilities, generate exploits and automate elements of attack development that previously required highly specialised teams.

“We were already underwater in security,” Nichols said. “Now we’re at the bottom of the Mariana Trench.”

However, Nichols cautioned against the growing industry story that AI will replace security analysts altogether.

“The first thing I always say is that AI is icing on the cake, not the entire cake,” he said. “You still need a strong foundation first: processes, people and an architecture that works without AI. Then AI makes those systems better.”

Alert fatigue to AI-assisted defence

Indeed, the shift is forcing organisations to rethink how security operations centres operate.

If anything, many SOC teams today still rely on analysts manually triaging thousands of alerts generated across endpoints, cloud environments and networks.

Nichols said this model is increasingly unsustainable as attack volumes grow.

AI can instead analyse large volumes of telemetry and automatically surface the most relevant threats for analysts to investigate.

“Many SOC teams are staffed with people who should be detectives,” Nichols said. “But we make them act like beat cops writing traffic tickets.”

The goal, he said, is to allow analysts to focus on investigative work while AI handles repetitive tasks such as data correlation, alert aggregation and initial triage.

At the same time, organisations must avoid treating AI as a simple overlay on existing systems.

“You can’t just place a large language model on top of your data and expect everything to work,” Nichols said. “AI is fundamentally a data problem.”

AI strategies hinge on data foundations

Like Nichols, Elastic ANZ country manager, Jeremy Pell, said many organisations are now under significant pressure from executives and boards to deliver tangible AI strategies.

“Engineers and developers have one of the toughest jobs in the industry right now,” Pell told attendees.

“You are on the front line of what may be the biggest transformation our industry has ever experienced.”

According to Pell, organisations are shifting from experimentation with AI toward practical deployment.

“We’re moving into a new era, from AI hype to AI help,” he said. “Executives don’t just want an AI strategy. They want a strategy that genuinely propels the business forward.”

However, he warned that many early AI initiatives fail because organisations underestimate the complexity of their data environments.

“You need to capture and unify all your data, whether it sits on-premises, in the cloud, in structured formats, or increasingly in unstructured formats,” Pell said. “If your AI system only sees part of the data, it only tells part of the story.”

In fact, the reliability of AI outputs ultimately determines whether organisations trust the technology, he added.

“If those systems produce incorrect answers, you quickly erode trust, from users, customers and executives. Without that trust, your AI strategy simply won’t succeed.”

Data, context and the AI arms race

Certainly, the security implications of poor data visibility are becoming increasingly clear as attackers adopt AI-driven tooling.

Nichols said AI has significantly accelerated the discovery of vulnerabilities and the creation of exploit techniques, reducing the sophistication required to launch attacks.

In response, defenders must increasingly rely on AI-assisted analysis to process large volumes of security telemetry.

This includes correlating data across endpoints, cloud environments and applications to identify attack patterns that may not be visible within individual systems.

The approach reflects a broader shift toward using AI to analyse operational context rather than relying solely on static detection rules.

Digital expectations rising beyond security

While a large part of the discussion at Elastic{ON}  focused on security operations, the company also warns that the same data challenges are appearing across customer-facing digital systems.

New research released by Elastic found that 72 per cent of Australian online shoppers have abandoned a brand due to poor website search experiences, highlighting the growing importance of AI-powered search capabilities.

More than 62 per cent of shoppers said they now expect brand search tools to be as intelligent as generative AI systems, while over half of younger consumers increasingly use natural-language queries rather than keywords.

Pell said these shifting expectations illustrate how AI is raising the bar across digital experiences.

“Search is no longer a utility feature; instead, it’s a revenue driver,” Pell said.

Retailers that fail to deliver relevant, intelligent search experiences risk directing customers to competitors, particularly when external search engines redirect users to rival brands.

Ultimately, Pell said the common thread across both customer experience and cybersecurity is the ability to access the right data at the right time.

“Helping organisations navigate this increasingly complex landscape, and achieve real business outcomes from AI, is the real challenge ahead.”