"Let’s start with the 800-pound gorilla: AI." — Paul Welch, Leidos
AI-driven scale and speed: a new threat cadence
Paul Welch and Josh Salmanson of Leidos describe a rapid change in the cyber battlespace driven by artificial intelligence. Welch warned that the use of AI by "threat actors – both criminal and state sponsored" is increasing risk across cyberspace and that, as "data becomes increasingly important" to the Department of War's operations, the stakes for data availability and integrity grow, "in some cases exponentially." Salmanson echoed the metric of change: the volume, velocity and variety of attacks have produced an "absolute hockey stick" in attack cadence, exposing defenders to an exponential explosion of attacks that traditional systems struggle to match.
Deception, lures and identity: imposing cost on adversaries
Salmanson argues that deception is a practical lever defenders have yet to fully exploit. "Deception is a fantastic way to go," he said, urging defenders to introduce "decoy credentials, false data, synthetic services or other lures" that appear operationally valuable. Welch framed the tradeoff: adversaries must gain access for deception to work, but once they do, "the information they’re accessing is not real," they waste time, and their tactics can be observed. Salmanson added that properly constructed deception can move an intruder "off into a very safe space" where defenders can observe tools, tactics and procedures and then trace the original entry path.
Identity as the new perimeter and the expanded attack surface
"Identity is the new perimeter," Salmanson said, noting there are now "many, many more identities than people" inside environments — system accounts, automated services, AI activities, API integrations and cross‑cloud connections. That proliferation, he warned, blurs boundaries of what is "inside" an environment and makes it harder to distinguish legitimate activity from adversarial behavior. In this context, deception and tighter identity management are presented as ways to slow attackers where a traditional perimeter no longer exists.
Seams across multiple enterprise networks and the coordination problem
Welch emphasized how multiple infrastructures, "multiple technologies," hosts and applications create seams — operational gaps between forces or domains — that present vulnerabilities. He highlighted a particular operational challenge inside the department: "40-plus defended areas under 40-plus purviews" that make a single picture of situational awareness "virtually impossible." That fragmentation complicates correlation of activity across domains (for example, Air Force activity related to Navy activity) and makes coordinated response — especially proactive operations — critically dependent on improved cross‑domain command, control and shared situational awareness.
Legacy hardware, operational debt, and the call for modernization
Salmanson warned that many environments defenders must protect are "based on older architectures" and that incremental progress is insufficient against an exponential threat cadence. He urged a change in core hardware so defenders "can keep up" — noting that the industry is making "subtle changes" but that benefits flow unevenly. He pointed to raw performance gaps, saying the "difference between a CPU and a GPU is about a thousand times faster," and framed the imbalance bluntly: "When the adversaries are driving Ferraris and the defenders are still driving a Ford Fiesta from 1982, it is clear the defenders are going to have some problems."
What this means for defensive cyber teams, procurement leaders, and the Department of War
- Defensive cyber teams and engineers: Expect pressure to accelerate patching and incident response while avoiding operational instability; use deception to observe adversary tradecraft and to redirect activity into controlled environments, Salmanson and Welch said.
- Procurement leaders and platform architects: Salmanson urged consideration of newer hardware and secure-by-design development practices to address "technical debt" and provide defenders the compute to match AI-enabled threats.
- The Department of War and command leadership: Welch called for improved coordination across the "40-plus defended areas under 40-plus purviews" and shared situational awareness and command-and-control to close seams between warfighting forces.
Welch and Salmanson present a cohesive warning: AI is accelerating attackers' ability to find and exploit weaknesses, and the defensive response must be proactive, coordinated and materially different — from deception at the edge of identity to modernization of the hardware that supports defensive tooling. The immediate operational question they leave on the table is practical: can defenders accelerate tempos and coordination across dozens of purviews without introducing instability into already complex mission systems?




