Security leaders say the next two years are going to be ‘insane’ | CyberScoop<\/title> <meta name=\"description\" content=\"Top security experts warn AI is discovering vulnerabilities exponentially faster than defenders can respond, creating a "perfect storm" for attackers over the next two years.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Security leaders say the next two years are going to be 'insane'\"> <meta property=\"og:description\" content=\"Top security experts warn AI is discovering vulnerabilities exponentially faster than defenders can respond, creating a "perfect storm" for attackers over the next two years.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-27T17:16:18+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-27T17:16:21+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg\"> <meta property=\"og:image:width\" content=\"2448\"> <meta property=\"og:image:height\" content=\"1224\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1774625888g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88433\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88433\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88433 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.441791044776\">\n<div class=\"single-article__header-content\" readability=\"35.8625\">\n<p> Kevin Mandia, Morgan Adamski, and Alex Stamos tell CyberScoop that AI is finding bugs faster than anyone can fix them, exploit development is accelerating, and most organizations aren’t prepared for what’s coming. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"320\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane.jpg?resize=640%2C320&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg 2448w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=300,150 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=768,384 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=1024,512 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=1536,768 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=2048,1024 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=600,300 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=1200,600 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-2.jpg?resize=1500,750 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"121.72201039861\"><body readability=\"245.14447592068\"><\/p>\n<p><strong>SAN FRANCISCO \u2014<\/strong> Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about disruption from the very technology everyone was selling.<\/p>\n<p>In an exclusive discussion with CyberScoop at this year\u2019s conference, Kevin Mandia, founder of AI security company <a href=\"https:\/\/www.armadin.com\/\">Armadin<\/a>, Morgan Adamski, former executive director of U.S. Cyber Command, and Alex Stamos, a researcher and former chief security officer at several major technology companies, said the industry is entering what they described as an unprecedented two- to three-year period of upheaval, driven by <a href=\"https:\/\/cyberscoop.com\/tag\/artificial-intelligence-ai\/\">AI systems<\/a> that are discovering vulnerabilities exponentially faster than defenders can respond and threatening to render decades of security practices obsolete.<\/p>\n<p>\u201cWe are just at the inflection point that is going to be pretty insane, at least two to three years,\u201d Stamos said, describing a near-term future in which AI systems flood the threat landscape with working exploits while organizations struggle to patch vulnerabilities faster than attackers can weaponize them.<\/p>\n<p>Mandia put the timeline more bluntly. \u201cIt\u2019s a perfect storm for offense over the next year or two,\u201d he said.<\/p>\n<p>The core problem, according to the executives, is speed. AI has made vulnerability discovery almost trivial, while remediation takes time and effort, creating a widening gap that favors attackers across every stage of the kill chain.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cBecause of the asymmetry in the cyber domain, where one person on offense can create work for millions of defenders, speed leverages that asymmetry,\u201d Mandia said. \u201cIn the near term, there\u2019s an advantage to the attackers as they start to use models and agents to do a lot of the offense.\u201d<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-bug-discovery-goes-exponential\">Bug discovery goes exponential<\/h4>\n<p>The shift is already underway. Stamos, who is currently chief security officer at Corridor, said foundation model companies are sitting on thousands of bugs discovered through AI-assisted analysis that they lack the capacity to verify or patch. <\/p>\n<p>\u201cThe exploit discovery has gone exponential,\u201d Stamos said. \u201cWhat we haven\u2019t seen go exponential yet is plugging that into working shellcode that bypasses protections on modern processors. But maybe six months or a year from now\u201d AI will be generating sophisticated exploits on demand.<\/p>\n<p>He pointed to examples of AI systems discovering vulnerabilities in decades-old code that had been reviewed by thousands of developers and professional security researchers. In one case, he said, an AI system identified a flaw in foundational Linux kernel code that humans had overlooked for years.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> \u201cThis superintelligent system was able to figure out a way to manipulate the machine into a place that, when you look at the bug, I\u2019m not sure how a human could have found that,\u201d Stamos said.<\/p>\n<p>The pace of discovery is creating what Stamos called \u201ca massive collective action problem.\u201d Each successive generation of AI models could surface hundreds of new vulnerabilities in the same foundational software. \u201cIt\u2019s quite possible that all this development we\u2019ve done in memory-unsafe languages, without formal methods, that none of that is actually secure in the presence of superintelligent bug-finding machines,\u201d he said. \u201cIn which case we need to be massively rebuilding the base infrastructure we all work on. And nobody is doing that.\u201d<\/p>\n<p>The timeline for when those capabilities become widely accessible is measured in months. When Chinese open-source models, like <a href=\"https:\/\/cyberscoop.com\/tag\/deepseek\/\">DeepSeek<\/a> or Alibaba\u2019s Qwen, reach current American foundation model capability levels, Stamos said, \u201cyou\u2019re going to have every 19-year-old in St. Petersburg with the same capability\u201d as elite vulnerability researchers.<\/p>\n<p>Models trained on existing shellcode are already \u201creasonably good\u201d at generating exploit code, he said, and may be capable of producing <a href=\"https:\/\/cyberscoop.com\/tag\/eternalblue\/\">EternalBlue<\/a>-level exploits within a year. That <a href=\"https:\/\/cyberscoop.com\/tag\/national-security-agency-nsa\/\">NSA<\/a>-developed exploit, leaked in 2017, was used in the WannaCry and NotPetya attacks and remained effective for years because of how difficult such capabilities were to develop. <\/p>\n<p>\u201cImagine when that becomes available on demand,\u201d Stamos said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-agents-already-operating-beyond-human-scale\">Agents already operating beyond human scale<\/h4>\n<p>Mandia\u2019s company Armadin has built <a href=\"https:\/\/cyberscoop.com\/tag\/agentic-ai\/\">AI agents<\/a> capable of autonomous network penetration that he said would be devastating if deployed maliciously. Unlike human attackers who must manually type commands and wait for results, AI agents operate across hundreds of threads simultaneously, interpolating command outputs before they arrive and launching follow-on actions in microseconds.<\/p>\n<p>\u201cThe scale and scope and total recall of an AI agent compromising you and swarming you is not humanly comprehensible,\u201d said Mandia, who founded <a href=\"https:\/\/cyberscoop.com\/tag\/mandiant\/\">Mandiant<\/a> and served as CEO from 2016 to 2024. \u201cIf the old way was a red team that would get in, there\u2019s a human on a keyboard typing commands. That\u2019s a joke compared to\u201d what AI agents can do.<\/p>\n<p>Those agents can evade endpoint detection and response systems in under an hour, he said, and operate at human speed to avoid rate-limiting detection mechanisms. Once inside a network, an AI agent can analyze documentation, packet captures and technical manuals faster than humans can read them, designing attacks tailored to specific control systems on the fly.<\/p>\n<p>\u201cWhen you build the offense, it scares the heck out of you,\u201d Mandia said. \u201cIf we let the animal out of the cage today, nobody\u2019s ready for it.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>He said Armadin recently tested a Fortune 150 company with a strong security team and found either remote code execution vulnerabilities or data leakage paths in every application tested. \u201cBoth of us were shocked,\u201d he said.<\/p>\n<p>The shift changes the fundamental question boards ask after penetration tests. Historically, directors wanted to know the probability a demonstrated attack would occur in the real world. \u201cIn the age of humans, you could never really answer,\u201d Mandia said. \u201cBut with AI, it\u2019s 100 percent. It\u2019s coming and it\u2019s going to get cheaper and more effective at the same time.\u201d<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-defenders-face-impossible-timelines\">Defenders face impossible timelines<\/h4>\n<p>The compression of attack timelines is colliding with organizational realities that are moving in the opposite direction. Adamski, who is now the U.S. lead for PwC\u2019s Cyber, Data & Technology Risk business, said chief information security officers face pressure from boards to adopt AI rapidly, often with explicit goals of reducing headcount, even as compliance requirements remain unchanged and the threat landscape accelerates.<\/p>\n<p>\u201cCISOs are getting squeezed in that they cannot stop adoption because of demand from the board, from the CEO,\u201d Adamski said. \u201cNone of the SOC 2 requirements have changed. ISO 27000, anything that helps people get through from a compliance perspective, all those rules are exactly the same.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Stamos said patch cycles illustrate the mismatch. Where previously only sophisticated adversaries could reverse-engineer Microsoft\u2019s Patch Tuesday updates to develop exploits, AI will democratize that capability. \u201cYou\u2019re going to be able to drop the patch into <a href=\"http:\/\/ghidra.net\/\">Ghidra<\/a>, driven by an agent, and come up with [an exploit],\u201d he said. \u201cPatch Tuesday, exploit Wednesday.\u201d<\/p>\n<p>Many CISOs are trying to bolt AI capabilities onto existing security operations, an approach the executives said is insufficient. \u201cThey\u2019re not stepping back and looking at the bigger picture, that we have a fundamental, much more holistic problem in terms of how to reimagine and redo an entire cyber defense ecosystem that is solely driven by AI machine to machine,\u201d Adamski said.<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-avoiding-pandora-s-box\">Avoiding Pandora\u2019s box<\/h4>\n<p>The national security implications compound the problem. While other former government leaders talked at the conference about what they saw as the United States\u2019 <a href=\"https:\/\/cyberscoop.com\/former-nsa-chiefs-offensive-edge-rsac\/\">slipping in offensive cybersecurity<\/a>, the three industry leaders spoke to what they believe nation-states have developed with the use of AI.<\/p>\n<p>\u201cI think we\u2019re seeing less than 50 percent of the AI capability from modern nation-states right now,\u201d Mandia said. \u201cThey\u2019re not pressing. Nobody wants to be the first one to open that door.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Stamos said the operational tempo favors U.S. adversaries. <a href=\"https:\/\/cyberscoop.com\/tag\/russia\/\">Russian intelligence services<\/a> can observe and record data from the hundreds of businesses hit by ransomware daily, using that operational experience to train offensive AI models. \u201cWe don\u2019t have that kind of operational pace in the U.S.,\u201d he said.<\/p>\n<p>Adamski said any AI capability the United States develops for offensive cyber operations carries inherent risks. \u201cAnything you introduce, you\u2019re introducing it to an ecosystem that they can use back at us,\u201d she said.<\/p>\n<p>Stamos said AI\u2019s impact on cybersecurity will likely produce harmful consequences before other domains because the threshold for cyber operations is already low. \u201cWe allow on a Tuesday to happen in the cyber world what we would consider an act of war if it was in any other context,\u201d he said. \u201cI think this is where AI will be used first to hurt people, will be in cyber.\u201d<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-two-years-maybe\">Two years, maybe<\/h4>\n<p>The executives offered limited optimism that AI could also accelerate defensive capabilities, primarily by making security testing affordable at scale and enabling autonomous response systems. But the timeline for when defensive capabilities might catch up depends on immediate action. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTwo years if we\u2019re good,\u201d Stamos said. \u201cTwo years is the minimum if we actually start really fixing code and refactoring stuff into type-safe languages using formal methods.\u201d<\/p>\n<p>Mandia offered optimism \u201ca few years out\u201d if offensive AI built by defenders successfully trains autonomous defensive systems. But he acknowledged the current state is dire. Organizations will need autonomous systems capable of immediately quarantining anomalous behavior, he said, because traditional detection and response timelines will collapse.<\/p>\n<p>\u201cYou\u2019re not going to have time to call Mandiant on a Thursday afternoon, get people in, sign a contract,\u201d Mandia said. \u201cYou\u2019re going to have to be able to respond at machine speed.\u201d<\/p>\n<p>Stamos said defenders must assume they cannot patch their way out of the problem and focus instead on defense in depth, particularly around lateral movement and persistence, which remain more difficult for AI to automate than initial exploitation.<\/p>\n<p>But even that assumes organizations have time to prepare. The executives suggested that window is closing rapidly, if it hasn\u2019t already shut for good.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Adamski summed up the reckoning facing the industry: \u201cAI is going to potentially make us pay for the sins of yesterday.\u201d<\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8506711409396\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/security-leaders-say-the-next-two-years-are-going-to-be-insane-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ai-cyberattacks-two-years-insane-vulnerabilities-kevin-mandia-alex-stamos-morgan-adamski-rsac-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security leaders say the next two years are going to<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6287,235,384,78,4719,1807,3456,4570,310,288],"tags":[6288,236,388,86,4721,1810,3458,4571,311,294],"class_list":["post-8475","post","type-post","status-publish","format-standard","hentry","category-2026-rsac-conference","category-ai","category-artificial-intelligence-ai","category-cybersecurity","category-defense","category-exclusive","category-offensive-cybersecurity","category-red-team","category-technology","category-threats","tag-2026-rsac-conference","tag-ai","tag-artificial-intelligence-ai","tag-cybersecurity","tag-defense","tag-exclusive","tag-offensive-cybersecurity","tag-red-team","tag-technology","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/2026-rsac-conference\/\" rel=\"category tag\">2026 RSAC Conference<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/defense\/\" rel=\"category tag\">defense<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exclusive\/\" rel=\"category tag\">Exclusive<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/offensive-cybersecurity\/\" rel=\"category tag\">offensive cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/red-team\/\" rel=\"category tag\">red team<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8475"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8475\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8475,"date":"2026-03-27T12:16:18","date_gmt":"2026-03-27T17:16:18","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88433"},"modified":"2026-03-27T12:16:18","modified_gmt":"2026-03-27T17:16:18","slug":"security-leaders-say-the-next-two-years-are-going-to-be-insane","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/27\/security-leaders-say-the-next-two-years-are-going-to-be-insane\/","title":{"rendered":"Security leaders say the next two years are going to be \u2018insane\u2019"},"content":{"rendered":"