Skip to content
Tech News
← Back to articles

Are We Training AI Too Late?

2026-04-01 | original
read original get AI Training Course Kit β†’ more articles
Why This Matters

This article highlights the critical challenge in AI-driven cybersecurity: traditional models rely on historical data that may lag behind rapidly evolving attacker tactics, especially as adversaries increasingly use new infrastructure to evade detection. Recognizing the importance of real-time signals like infrastructure novelty is essential for proactive defense, making AI tools more effective in identifying threats before damage occurs. This shift could significantly enhance cybersecurity resilience for both industry and consumers.

Key Takeaways

QUESTION: Are we training AI too late?

Nishawn Smagh, Director of Intelligence at GreyNoise: Artificial intelligence anchors modern security operations. Detection models are typically trained on labeled breach logs, malware samples, threat feeds, and post-incident investigations; sources that provide validated ground truth and enable reliable classification.

But these sources share a critical structural limitation: They reflect attacker behavior only after malicious activity has already been confirmed.

The central question becomes whether we are training AI to recognize impact or intent. For the answer, let's look at IP patterns associated with malicious scanning activity.

The Fresh Infrastructure Problem

Internet-scale telemetry shows that high-impact exploitation frequently originates from infrastructure with little or no prior malicious history. According to GreyNoise's 2026 State of the Edge report:

Related:As Cybersecurity Firms Chase AI, VC Market Skyrockets

52% of remote code execution (RCE) exploitation traffic originated from IPs that had not appeared in common threat feeds.

38% of authentication bypass attempts involved previously unseen IPs.

For basic reconnaissance (e.g., information disclosure), the number of IPs with no scanning history drops to 29%.

... continue reading

Explore topics: greynoise cybersecurity remote code execution threat feeds infrastructure
Related:
Why Would a Business Need to Use a Proxy Server?
Microsoft Plans to Invest $5.5 Billion in Singapore by 2029
Oracle Cuts Thousands of Jobs Across Sales, Engineering, Security
It’s not your imagination: AI seed startups are commanding higher valuations
Marvell stock pops 13% as Nvidia takes $2 billion stake, continuing run of similar bets

© 2026 GoKawiil

About | Editorial Policy | Contact