"Operating at machine speed is no longer optional - just like aviation warfare is no longer optional," Tom Kellermann said, crystallizing the central claim of his briefing on the changing shape of cyber conflict.
Tom Kellermann: AI security and threat intelligence at TrendAI
Kellermann, who leads AI security and threat intelligence at TrendAI, framed the current threat environment as one driven by three converging factors: geopolitical tension, coordinated nation‑state activity and rapid AI adoption. In a video interview with ISMG, he outlined how those trends are transforming adversary behavior and the required defensive posture. His résumé, as stated in the interview, includes leadership roles at HITRUST, Contrast Security, VMware and Trend Micro; he was CEO of Strategic Cyber Ventures and served on the Commission on Cyber Security for the 44th president of the United States, and as an adviser to the International Cyber Security Protection Alliance.
Autonomous attack campaigns and AI-powered kill chains
Kellermann said autonomous attack campaigns and AI‑powered kill chains are growing. He described adversaries that are sharing access, automating kill chains and exploiting infrastructure at scale. That automation, he warned, allows operations to run with minimal human input and at a speed defenders must match or exceed.
Agentic AI and malware with embedded language models
The interview highlights a specific technical threat: cybercriminals pairing agentic AI with malware that contains embedded language models. According to Kellermann, such combinations enable malware to move laterally, maintain persistence and execute attacks with minimal human input — functions traditionally requiring human operators but now increasingly automated by models embedded in malicious tooling.
China, Russia and North Korea: collaboration and capability
Kellermann pointed to coordinated activity among nation‑state groups, noting the impact of collaboration between China, Russia and North Korea threat groups. He asserted that Chinese threat actors are rivaling or exceeding U.S. capabilities using AI‑driven operations — a direct comparison he made when describing the competitive dynamics of state‑level cyber operations and the role of AI in shifting capability balances.
Telemetry, a global research team and an advanced XDR platform
To counter these trends, Kellermann recommended a three‑part defensive approach: expanded telemetry, a global research team and an advanced extended detection and response (XDR) platform capable of predicting and suppressing adversaries. He described the need for AI‑driven defense and global threat intelligence as central to stopping operations that now function at machine speed.
What this means for technologists, policymakers, and enterprises
- Technologists and security teams: Invest in broader telemetry and XDR capabilities so systems can detect and respond to automated, agentic attacks operating at machine speed, as Kellermann urged.
- Policymakers and regulators: Monitor the cross‑national collaboration Kellermann described among China, Russia and North Korea, and the shifting balance he attributes to AI‑driven capabilities.
- Enterprises and procurement leaders: Consider the value of access to global threat research and AI‑enabled defensive tools that Kellermann identifies as necessary to predict and suppress adversaries exploiting infrastructure at scale.
Kellermann’s message in the interview is unequivocal: adversaries are automating more of the kill chain, embedding language models inside malware and collaborating across national lines, and defenders must adapt by widening telemetry, mobilizing global threat teams and deploying AI‑driven XDR. The practical question his remarks leave open is operational: will defenders accelerate those specific investments quickly enough to keep pace with the machine‑speed campaigns he describes?
Original story: https://www.govinfosecurity.com/ai-driven-arms-race-needs-better-threat-intelligence-a-31486




