Security: Mandiant Warns of "25-Minute" Attack Cycles
Dillip Chowdary
Founder & AI Researcher
Google Cloud’s Mandiant unit has released its highly anticipated **M-Trends 2026** report, and the findings are a stark warning for global IT infrastructure. The headline metric: the average "dwell time" (the duration an attacker remains undetected) has plummeted, but not for the reason you might think. It's because autonomous AI agents are now completing entire attack cycles—from initial breach to full data exfiltration—in as little as **25 minutes**.
The "Negative Time-to-Exploit" Crisis
The report introduces a terrifying new industry term: **"Negative Time-to-Exploit."** In 2026, Mandiant observed that for 28% of critical vulnerabilities, functional exploit code was being deployed by autonomous agents *before* the vendor had even released a public patch. Attackers are using frontier models to perform real-time binary diffing and automated fuzzing the moment a software update is announced, allowing them to hit unpatched systems within minutes.
The Death of the Manual SOC
Mandiant researchers emphasize that the "human-in-the-loop" security operations center (SOC) is now biologically incapable of defending against machine-speed attacks. When an AI agent can pivot across a network, escalate privileges, and exfiltrate TBs of data in under half an hour, a 4-hour response SLA (Service Level Agreement) is effectively useless. The report advocates for a total pivot toward **Autonomous Cyber Defense (ACD)**—systems that can lock down network segments and revoke credentials automatically based on high-confidence AI detection.
Supply Chain as the Primary Vector
Beyond speed, the vector has shifted. M-Trends 2026 identifies **"Shadow Agents"**—malicious AI plugins and API integrations—as the fastest-growing attack surface. Attackers are no longer just phishing humans; they are "prompt-injecting" autonomous agents within enterprise supply chains to gain trusted access. This "agent-on-agent" warfare is predicted to be the defining characteristic of the 2026-2027 threat landscape.
As we move into the second half of the year, the mandate is clear: automate your defense, or prepare to be breached in the time it takes to grab a cup of coffee.