How AI-augmented attackers are reshaping identity attacks, code supply chains, and the economics of detection — drawn from Basalt engagements across four markets.
Phishing kits with LLM-driven voice, real-time MFA fatigue orchestration, and OAuth abuse have collapsed the gap between “credential stolen” and “tenant compromised”. ITDR coverage is no longer optional.
Most LLM features in production today were never adversarially tested. Prompt injection chained with tool use is the new RCE — and it routes around the WAF.
Static rules are now decisively outpaced. Programs that invest in behavioural detection see MTTD fall by an order of magnitude within two quarters.