Loris Degioanni: Why AI Is Breaking Cybersecurity, and What Comes Next

What It Covers

Loris Degioanni, CTO and founder of Sysdig, explains how AI has compressed cyberattack timelines from weeks to hours, why traditional human-centered security is no longer sufficient, and how Sysdig's "headless cloud security" model built for AI agents represents the next defensive paradigm.

Key Questions Answered

• •Attack timeline compression: AI has reduced the window between vulnerability disclosure and active exploitation from weeks to hours. Security teams can no longer rely on response cycles designed for human-speed threats. Organizations must implement automated, real-time detection tools capable of identifying and acting on newly disclosed vulnerabilities before attackers can weaponize them at scale.
• •Attack surface taxonomy: Cloud infrastructure faces three primary attack vectors: misconfigurations (exposed S3 buckets, open firewall rules), unpatched software bugs enabling remote execution, and social engineering via AI-generated phishing and deepfakes. Defenders should prioritize posture management — systematically auditing configurations — as misconfiguration remains the most prevalent entry point in cloud environments.
• •Castle vs. city security model: On-premise data centers function like medieval castles — secure the perimeter with firewalls. Cloud infrastructure resembles a city with countless entry points, making perimeter defense obsolete. Organizations should shift investment toward internal detection tools like Sysdig's open-source Falco, which monitors network connections, file access, and executed commands across distributed cloud environments.
• •Headless, agent-first security architecture: Sysdig's "headless cloud security" model removes traditional dashboards entirely, exposing security data via APIs designed for AI agent consumption rather than human interfaces. Security workflows — vulnerability triage, ticket creation, patch deployment — run inside coding agents like Claude Code or Codex, enabling automated remediation cycles that match attacker speed without requiring manual analyst intervention.
• •Human role as orchestrator: As AI agents handle granular security tasks, practitioners shift from executing individual fixes to directing agent-driven initiatives. The practical model involves agents surfacing prioritized vulnerabilities overnight, proposing patches, opening pull requests, and notifying developers — with humans providing strategic oversight, approving actions, and correcting agent errors rather than performing the underlying technical work directly.