At the Gartner Security & Risk Management Summit in June, Gartner named four threats where attackers hold a significant advantage and cybersecurity leaders need to act now: AI application compromise, deepfake identity impersonation, software supply chain, and prompt injection. Twenty threats sit inside the full 2026-2027 ThreatScape. Those four are the ones the summit flagged as requiring urgent improvements.
The four are not entry-level threats. Every one of them lives inside the environment, using access the attacker has already earned. As John Watts, the Gartner VP Analyst presenting the ThreatScape, put it: cybersecurity leaders must be able to find the threat signal in all the noise. This piece is one read of that signal.

What attacks look like today
Four numbers describe the same window in the attack chain.
- Median dwell time rose from 11 to 14 days between the 2025 and 2026 editions of Mandiant M-Trends.
- Credential abuse appears somewhere in the attack chain in 39 percent of breaches, per the 2026 Verizon DBIR.
- Cloud-only intrusions rose 37 percent year on year in 2025, per CrowdStrike data cited by Gartner.
- And Anthropic's LLM ATT&CK Navigator, published four days after the ThreatScape, reviewed 832 accounts banned for malicious use of Claude over a year and found that only 0.7 percent of AI-assisted actions were lateral movement, yet those actors carried the highest risk scores in the dataset.
Recent disclosures worldwide fit the same shape. In mid-June, Salesforce disabled the Klue Battlecards integration after the Icarus extortion group used a forgotten service-account credential to generate OAuth tokens against Klue's Salesforce integration and bulk-exfiltrate CRM data from more than fifteen customers.
In the same window, SOCRadar's Dismantling FortiBleed report documented a Russian-speaking initial access broker running FortigateSniffer, a Go binary that abuses the FortiOS diagnose sniffer packet command to passively harvest cleartext credentials from about 430,000 FortiGate firewalls across 150 countries, with 354 full attack chains observed and twelve progressing to INC or Lynx ransomware.
On 15 June, Google Threat Intelligence Group disclosed UNC6508, a PRC-nexus operation that held access to North American medical, military, and AI-research networks for 26 months via a trojanized REDCap installation, then abused Google Workspace content-compliance rules to silently BCC-forward emails matching about 150 keywords to attacker-controlled Gmail.
And Symantec's Threat Hunter Team published research on Backdoor.Turn, a DragonForce implant that tunnels QUIC command-and-control through Microsoft Teams TURN relays so all outbound traffic resolves to Teams IP space and looks like a video call.
The details vary case by case but the pattern behind them does not: The attacker is inside the environment, authenticated, and moving.
AI is accelerating everything
The Anthropic Navigator data makes the same point at a different scale. AI-assisted operations concentrate in the same MITRE techniques human-driven attacks were already using two years ago: remote services (T1021), valid accounts (T1078.003), OS credential dumping (T1003), archive collected data (T1560). Each is three to five times more common in the high-risk group than across the rest of the dataset.
AI removes the operator's latency but not the shape of the attack. The Sysdig 2025 incident report walked an AWS intrusion that completed in roughly eight minutes because the operator was an AI agent. GTG-1002, disrupted by Anthropic in November 2025, ran the same movement pattern against government and critical infrastructure targets, with a human only setting direction. Track the behavior, not the tool.
The same three gaps, seen from a new angle
None of this is a new problem. It is the same three structural detection gaps that the Mind Your Attack Gaps framework has been describing since 2024.
- Nothing looks wrong: attackers use legit tools.
Living-off-the-land tradecraft using native admin tools. Volt Typhoon, Salt Typhoon, BRICKSTORM, DragonForce Backdoor.Turn hiding C2 in Teams TURN traffic. - Authentication succeeds: attackers use legit credentials.
Real credentials, real MFA codes, real OAuth tokens. Klue-Salesforce OAuth chain, FortiBleed passive credential harvest, UNC6508 26-month domain-admin dwell. - Movement is not visible: attackers use legit workflows.
Cross-domain lateral movement across identity, network, cloud, and SaaS. UNC6508 Google Workspace compliance-rule exfil, Sysdig AWS-AI, GTG-1002.
Gartner uses different vocabulary and different data sources. The pattern is the same one this framework has been mapping for two years.
Between the exploit and the impact, the attacker is authenticated, moving, and quiet. The signal is behavioral, and it becomes visible only when what happens on the network is correlated with what identity is doing, in real time. That is the phase Vectra AI was built for.
--
If you want to see this phase play out in your own environment, our team runs a free offensive security assessment that reproduces a real named campaign end-to-end and shows where the gaps sit in your controls. The Attack Labs walk the same named campaigns on video for anyone who wants to see one first.
If you want the framework end-to-end with the named-campaign anatomies, the Mind Your Attack Gaps ebook is the canonical reference.
And if the AI acceleration is the part you want to press on, 9 Questions to Ask AI Vendors About Threat Detection is a plain checklist for your next vendor meeting.
