AI Now Carries Out Cyberattacks, Not Just Finding Them
Artificial intelligence has crossed a threshold in cybersecurity. A year ago, AI could identify vulnerabilities in company networks. Now it can autonomously execute attacks against them, according to Ryan Kratz, head of cyber for North America at MSIG USA.
The shift lowers barriers for attackers. Novice hackers can now use AI to not just understand how to breach a system, but to do it themselves. This acceleration matters most for smaller organizations that lack resources to defend against autonomous threats.
Supply Chain Risk Remains Overlooked
Organizations focus heavily on direct cyber threats but often miss exposure through their suppliers. When a vendor suffers a cyberattack, dependent companies face business interruption and lost revenue. This contingent business interruption coverage is becoming critical as supply-chain reliance grows.
Reinsurance Market Absorbs the Risk
Despite new AI-enabled threats, reinsurance capacity for cyber coverage remains abundant. Reinsurance renewals have been smooth, with no contraction despite tail risks on claims. The direct cyber insurance market shows similar abundance.
Glass-to-Ground Attacks Accelerating
AI-enabled attacks that move from vulnerability discovery to impact in hours-called "glass-to-ground" attacks-began appearing regularly in February 2026. These attacks are expected to become standard practice by year-end.
Large organizations are fighting back by deploying AI for their own security operations. This creates a competitive dynamic between defensive and offensive AI systems.
Insurance as Partnership, Not Just Transfer
MSIG is moving beyond traditional risk transfer. The company conducts external vulnerability scans for clients, identifying open exposures before quoting coverage. Clients must fix flagged vulnerabilities to qualify for better terms.
The relationship doesn't end at policy issuance. MSIG maintains continuous monitoring of client networks to detect zero-day events and alert affected customers before attacks spread. This approach treats cyber insurance as an active risk management partnership rather than passive coverage.
For insurance professionals managing cyber risk, understanding AI capabilities in threat detection and security monitoring has become essential to evaluating emerging exposures.
Your membership also unlocks:
