AI-Powered Cyberattacks Are Escalating—Will 12-Hour Patching and MFA Fix the Breach?

Across May 26, 2026, multiple security outlets highlighted a fast-moving shift in cyber risk: attackers are increasingly using AI to accelerate DDoS and intrusion workflows, while defenders are racing to patch and harden identity controls. The Hacker News reported that new AI-assisted DDoS attacks are “smarter,” implying higher automation and better targeting of weak points in website availability and data access. In parallel, Microsoft released updates to address a SharePoint remote code execution flaw, CVE-2026-45659, with a CVSS score of 8.8 and exploitability that does not require specialized conditions. Separately, The Hacker News warned that MFA can be undermined via “prompt bombing,” where the second factor fails to stop social-engineering driven takeovers. Strategically, the cluster points to a broader geopolitical and market reality: cyber operations are becoming more scalable and less dependent on scarce human expertise, raising the baseline threat for critical services and cross-border digital trade. CERT-In’s new guidance for India to patch internet-facing critical vulnerabilities within 12 hours “where feasible” signals a regulatory attempt to compress attacker dwell time and reduce systemic exposure. This creates a power dynamic between fast-moving threat actors and slower enterprise change-management, with governments effectively trying to force faster compliance. OKX’s decision to incorporate AI proficiency into employee evaluations also reflects how financial and crypto infrastructure firms are treating AI capability as a defensive competency, not just a productivity tool. Market and economic implications are immediate for enterprise software, cloud collaboration, and identity security vendors. Microsoft SharePoint patching risk can drive short-term demand for vulnerability management, endpoint protection, and patch orchestration tools, while also increasing operational costs for IT teams that must validate and deploy fixes quickly. The identity-security angle—MFA bypass techniques like prompt bombing—supports upside for phishing-resistant authentication, security awareness platforms, and fraud detection services, and it can pressure providers whose controls rely heavily on user prompts. For India, CERT-In’s 12-hour requirement can increase compliance spending and accelerate adoption of automated scanning and remediation, potentially affecting IT services budgets and cybersecurity procurement cycles. In crypto-adjacent markets, heightened cyber risk can influence exchange risk premia, custody demand, and insurance pricing, even if no specific breach was reported. What to watch next is whether regulators and large vendors translate guidance into measurable enforcement and whether attackers adapt faster than patch pipelines. Key indicators include the number of internet-facing critical vulnerabilities flagged for 12-hour remediation in India, patch deployment lead times across major enterprise stacks, and any observed exploitation attempts tied to CVE-2026-45659 in the wild. For identity, monitor for rapid spread of prompt-bombing playbooks and whether organizations shift from traditional MFA toward phishing-resistant methods such as FIDO2/WebAuthn or number-matching flows. For DDoS, track changes in traffic patterns, botnet composition, and whether AI-assisted campaigns target specific application layers rather than only volumetric floods. Escalation would be signaled by coordinated exploitation of unpatched RCE and identity weaknesses within days, while de-escalation would look like sustained patch compliance and fewer successful account takeovers despite continued AI-enabled probing.

Geopolitical Implications

• 01

  Regulatory pressure (CERT-In) is turning cyber hygiene into a quasi-security policy lever, potentially reshaping cross-border compliance expectations for digital services.

• 02

  AI-enabled offensive tooling reduces the skill barrier for attackers, increasing strategic vulnerability of critical digital infrastructure and raising the cost of cyber deterrence.

• 03

  Financial and crypto infrastructure firms (e.g., OKX) are treating AI capability as a workforce security requirement, signaling an institutional shift toward AI-enabled defense operations.

Key Signals

• —Evidence of active exploitation attempts targeting CVE-2026-45659 shortly after patch release.
• —Measured patch deployment lead times for internet-facing critical vulnerabilities under CERT-In’s 12-hour standard.
• —Rapid adoption of phishing-resistant authentication methods in response to prompt-bombing and MFA weaknesses.
• —DDoS telemetry showing AI-driven changes in attack sophistication (application-layer targeting, adaptive probing).