The Role of Generative AI in BAS: Why Attackers Move in Minutes and Defenders Still Take Days

Generative AI is revolutionizing Breach and Attack Simulation (BAS) by allowing agentic workflows that can compress threat intelligence, attack emulation, and defense validation in minutes, whereas attackers leverage the same technology to scale attacks at an unprecedented rate.

Imagine a threat actor who has already been leveraging a Fortinet misconfiguration. Not against three organizations, but 2,500 at once, across 106 countries. The attacker establishes initial access, performs internal network mapping via LLMs, access to Active Directory, dumps credentials, and ultimately data extraction. The whole attack takes under an hour. The defender, meanwhile, is in their weekly sync meeting.

But this is not just a hypothetical.

As Volkan Ertürk, Picus CTO & Co-founder, described in his presentation at the FS-ISAC 2026 Americas Spring Summit, this is the reality of AI-assisted attacks, and it means a rethinking of Breach and Attack Simulation (BAS) is long overdue.

A Tale of Two Timelines: Attackers and Defenders in the Times of Generative AI

The asymmetry between attackers and defenders has always existed, but generative AI has made it an order of magnitude worse.

The Scale of Attackers with Generative AI

On the attacker side, threat groups are now bridging LLMs directly into the kill chain through custom MCP servers.

The workflow is fully autonomous: automated backdoor creation on compromised appliances, internal infrastructure mapping fed to LLMs, AI-driven vulnerability assessment, and AI-prioritized execution of offensive tools to gain Domain Admin access. The result is autonomous execution with a human merely reviewing the output.

The scale is what should alarm every security leader.

Defender’s Situation Compared to Attackers

But what about the defender's side?

An attack is taking place over the course of minutes, but what is the security team doing?

• They're required to be sitting in prioritization meetings.
• They're writing reports because some executive asked some pressing questions.
• They're taking two, three hours just to begin the review of the incident, and by then, the attackers have finished their attack.

This is true even with the help of AI-based tools for the SOC, which can speed up the review of the incident. Industry statistics are backing this up, too. The average incident response time, according to IBM's 2025 Cost of a Data Breach Report, is 181 days.

Ertürk used the following powerful metaphor to summarize the current state of the industry; the generative AI being actively used in the hands of attackers, where defenders are dealing with heavy operational burden.

The Real Threat of Generative AI: Speed via Autonomy

Perhaps the most important way of thinking is to understand that the threat from generative AI is not about zero-day exploits. It is about speed and autonomy.

In conversations with SOC and security leaders, we found that nobody was specifically afraid of AI-generated zero-days. The real concern is that LLM-powered attackers make automated, intelligent decisions at a pace defenders simply cannot match with current processes.

In the old world, attack chains took weeks. Today, they take minutes. Defenders do not have time to intercept.

Vulnerabilities and misconfigurations exist in your environment today. The adversary may not discover them for another 30 days.

The catch is that this advantage is only useful if it is exercised proactively and at speed. In a reactive battle where both sides start at the same line, the attacker wins every time.

The Current State: Calendar Speed vs. Machine Speed

Before examining how generative AI transforms BAS assessments, we must first grasp the shortcomings of the current approach, regardless of the size of the organization.

State of Large Organizations

Large organizations have the resources: CTI teams, vendor feeds, red teams, blue teams. The problem is that the workflow is dictated by the speed of friction.

• The CTI team determines the relevant threats and hands off the static PDF report to the red team.
• The red team creates an adversarial emulation campaign and hands off the results to the blue team.
• The entire workflow happens at what Ertürk so aptly describes as "calendar speed," while the adversary attacks at machine speed, as well as the organization’s IT environment is dynamically changing.

State of Small-to-Medium Businesses (SMBs)

Small and mid-sized organizations have their own set of problems.

Given their size and budget, their approach is to utilize turnkey solutions: dumping CTI feeds into SIEMs, writing IPS and firewall rules based on Indicators of Compromise (IoCs), and hoping for the best. The problem is that IoC-based defenses are fundamentally easy to evade, and everyone in the industry knows it. Indicators of Attack (IoAs), on the other hand, are an improvement but are still limited and vendor-specific. Small teams are fighting the good fight using the wrong tool for the job.

The traditional threat-informed defense workflow:

• research the intel,
• build the campaign,
• simulate the results, and
• mobilize the findings.

How Picus Platform’s Generative AI Transforms the BAS Workflow

Let me get one thing straight, Picus’ agentic BAS tool’s workflow does not aim to abandon threat-informed defense. On the contrary, is to accelerate it with an agentic AI architecture.

The core idea, as Ertürk presented it, is a four-agent workflow that compresses the entire cycle from intelligence to remediation into approximately three minutes.

The Agent Researcher for CTI Research

The Agent Researcher ingests CISA alerts, news feeds, and blog posts. It performs vetting and named entity recognition, outputting cleaned, structured data.

Critically, this agent does not produce human-readable reports. Its output is optimized for the next AI agent. It acts as a dedicated, automated CTI analyst that reads natural language contextually, not just by keyword matching. Unlike traditional CTI gateways that passively ingest static feeds, the agentic researcher proactively hunts for additional context across external sources and focuses exclusively on data that can be converted into technical execution.

The Agent Red Teamer for Semantic Matching of Atomic Tests

The Agent Red Teamer takes the structured intelligence and performs semantic matching via RAG against internal libraries of atomic tests.

It produces two outputs:

• An "Attacker Recipe". The specific, safety-checked command set, and
• A "Blueprint". The high-level strategic attack flow.

This agent chains atomic techniques into a coherent campaign that mirrors the actual adversary's workflow, while also planning cleanup to ensure simulations never break production infrastructure.

The quality of the underlying atomic test library is critical here.

Enterprise-grade libraries, like Picus Threat Library, provide deep variant depth across operating systems, guarantee non-destructive and reversible execution, and eliminate the broken tests common in unmaintained open-source repositories.

The Agent Simulator for Running Simulations Across Organizations’ Defensive Layers

The Agent Simulator takes the recipe and blueprint and runs simulations across the organization's defense layers, endpoints, cloud environments, network controls, SIEM, and EDR.

It gathers telemetry and produces proof data that answers the most important questions:

• Did we block it?
• Did we detect it?
• Which control was responsible?
• Does that match our expectations?

The Agent Coordinator for Remediation of Identified Security Gaps

The Agent Coordinator is where findings become action.

It bridges validation results to remediation by opening Jira tickets, triggering SOAR playbooks, and pushing IoA rules to EDR solutions.

The coordinator supports two execution strategies:

• human-in-the-loop review for sensitive assets and complex mitigations, and
• auto-deployment for high-risk-threat/low-risk-fix scenarios.

LLMs can reason about an organization's risk appetite and historical decision patterns to determine which mitigations are safe to push automatically and which require human sign-off. Vendor-native mitigations, not generic textbook advice, are generated for each specific finding, and a closed-loop verification process triggers re-simulation after a fix is deployed to confirm effectiveness.

The Value: Unlocking Your Team's Potential

For large organizations, agentic BAS AI architecture provides cost efficiency by eliminating redundant manual testing and replacing sporadic and expensive third-party assessments.

• Prioritization is no longer based on gut feel, and CISOs have the necessary data for boardroom discussions.
• Most importantly, existing teams can get 10 times the work done not by working harder, but by using agents for tactical muscle work and freeing people for strategic thinking.

The time required for emerging threats is reduced from days to minutes, and the difference between assumed and actual readiness is eliminated.

AI agents do not require sleep or coffee breaks and can run continuously, converting a small team into a large team.

90 to 365 Days Action Plan for Generative AI for BAS

Every organization will eventually have to adapt to an agentic security approach. The question is, will you be ahead of the curve or trying to catch up? Ertürk has outlined a plan that can be followed by anyone, regardless of organization size or maturity level.

Next Week

First, internalize the concept of a proactive security approach and what an agentic workflow looks like.

Make your team familiar with the difference between a multi-agent architecture and traditional automation. Most importantly, start to align your organization’s stakeholders. Have that first meeting with your organization to discuss why calendar-speed defense can no longer keep up with machine-speed attacks.

Next 90 Days

Establish a scope for your initial implementation and set goals. You do not have to implement everything.

Choose one use case, such as automating a response to a CISA alert of interest to your industry. Build and automate your first agentic security workflow. Even a basic implementation will allow you to think about how you need to operate in the future. Implement that workflow in a controlled pilot to measure results.

Next 12 Months

After you have proven the value of an agentic security workflow, you can move it to production. Establish KPIs to measure the metrics that matter to you. Bring your team in. As Ertürk mentioned, it creates a snowball effect.

The defenders who start in the next 30 to 90 days will have a plan for the year ahead. The ones who wait will be reacting to the next headline instead of staying ahead of it.

How Picus Security Operationalizes Agentic AI for BAS

Picus Security has built this agentic philosophy into a production-ready platform.

With over 700 enterprise customers and more than 12 years of threat research powering its Threat Library, Picus’ Security Control Validation (SCV) module provides the high-fidelity atomic attack sets that make the Red Teamer and Simulator agents reliable at enterprise scale.

The Picus platform operationalizes the full agentic workflow: from ingesting threat intelligence and mapping it against a curated knowledge graph of safe simulation actions, to running production-safe validations across every defense layer, to mobilizing vendor-specific mitigations with closed-loop verification.

Through its conversational AI interface, Numi AI, security teams can move from navigating complex dashboards to expressing high-level intent, and the platform handles the rest.

Ready to operationalize agentic AI for your security validation?

Request a demo to see how the Picus platform turns threat intelligence into validated defense strategies in minutes.