Marco Gaietti brings a unique perspective to the digital battlefield, merging decades of high-level management consulting with a deep understanding of operational resilience and strategic business management. As organizations grapple with an increasingly volatile threat landscape, his insights into the strategic application of technology offer a roadmap for leaders who feel they are falling behind in the artificial intelligence arms race. By dissecting the core takeaways from the 2026 Gartner Cybersecurity and Risk Management Summit, he provides a pragmatic look at how the attacker’s playbook is no longer just a warning, but a blueprint for a more robust, proactive defense that leverages the very tools used by nefarious actors.
This conversation centers on the concept of mirrored defense, emphasizing that the processes used by threat actors are often less elaborate than we imagine, presenting a direct opportunity for replication by security teams. We explore the four pillars of this strategy: upscaling defensive skill sets to match the stunning speed of modern attacks, leveraging AI-driven research to anticipate target selection, utilizing synthetic data and honeypots for attack obfuscation, and the essential automation of mundane security tasks to optimize human capital for innovation.
The shift toward AI-fueled attacks has created a new reality for security teams. How is this technology specifically upscaling the capabilities of both novice and expert threat actors, and how should defenders respond?
The reality we saw at the 2026 Gartner Summit is that AI acts as a massive force multiplier that levels the playing field for attackers, regardless of their initial skill level. For those with only basic skills, AI provides the templates and sophisticated coding assistance needed to craft more potent attacks that previously required years of experience to execute. Meanwhile, advanced threat actors are using these models to move with stunning speed and scale, launching complex digital crimes that can overwhelm traditional defenses in seconds. To counter this, defenders must stop viewing AI as a luxury and start using it to expand their own abilities, training models that are significantly more adept at identifying threats and containing intrusions. By putting AI to work within our own systems, we create a defensive mirror that can match the creative and evasive maneuvers we are seeing from our adversaries.
One of the most unsettling aspects of modern cybercrime is the precision of target selection. How are attackers using AI to research their victims, and what can security professionals do to turn this specific tactic against them?
We are seeing threat actors move away from broad “spray and pray” tactics toward highly targeted phishing and deepfake operations, where they train AI agents to scour the web for personal details and communication styles of authority figures. By mimicking the tone and specific habits of a CEO or a high-ranking official, they create a level of impersonation that is terrifyingly effective at deceiving employees. However, security professionals can use these same tools by deploying AI agents to unearth facts about those very threat actor groups and to see exactly what information is publicly available about their own executives. I strongly recommend setting up RAG pipelines—retrieval-augmented generation—which ground AI responses in external data like RSS feeds, CVE feeds, and custom threat intelligence. By continuously monitoring for PII breaches and potential targeting vectors using these automated web crawlers, we can identify a threat before the first phishing email is even drafted.
If attackers are using AI to hide their tracks and obfuscate their methods, how can organizations use deception to gain the upper hand?
Attack obfuscation is a growing challenge because it masks the attacker’s modus operandi, making it nearly impossible to tell where an intrusion began or what its ultimate goal is. To fight back, we need to lean into the concept of a “wild-goose chase” by creating authentic-looking honeypots, fake websites, and bogus vulnerabilities that are designed specifically to attract and distract. By generating synthetic data that looks valuable to a hacker, we can keep them busy within a controlled test range or lead them toward a dead-end backdoor. This isn’t just about wasting their time; it’s a sensory experience for the defense, allowing us to monitor their activity in real-time and learn their TTPs—tactics, techniques, and procedures—without risking our actual assets. When you provide a persistent threat with a fake target, you turn their own curiosity into your greatest source of intelligence.
Automation is often discussed as a way to save money, but in the context of cyber defense, how does it help teams manage the “tedious” tasks that attackers are already automating?
Threat actors are already using AI to handle the most cumbersome steps of a breach, such as living-off-the-land attacks and maintaining automated kill chains that require constant, repetitive adjustments. For a human defender, trying to manually track these persistent threats is exhausting and leads to burnout, which is why delegating these less glamorous aspects of risk mitigation to AI agents is a strategic necessity. Security teams should be offloading offensive testing, security simulations, and even call center governance to automated systems so that human leaders can dedicate their mental energy to high-level innovation and business outcomes. When we automate the mundane, we transform our staff from reactive guardians who are constantly putting out fires into proactive adversaries who are always one step ahead. It is about reclaiming time—the one resource that an automated kill chain tries to take away from us.
What is your forecast for the evolution of AI-driven cybersecurity over the next few years?
I believe we are entering an era where the boundary between “offensive” and “defensive” tools will completely vanish, leading to a state of constant, autonomous digital friction. By 2028, I expect to see the widespread adoption of self-healing networks that don’t just alert a human to a breach, but actively reshape their own architecture in real-time to trap an intruder based on the mirrored playbook strategy we’ve discussed. We will see a shift where the “human in the loop” moves from being a tactical operator to a strategic orchestrator, managing fleets of AI agents that conduct constant, automated reconnaissance against potential threats. Organizations that fail to adopt this proactive, adversarial mindset will find themselves unable to keep up with the sheer velocity of AI-driven exploits. Ultimately, the winners in this space will be those who embrace Sun Tzu’s ancient wisdom and truly become their enemy to ensure their survival.
