As companies rush to adopt AI across their operations, attackers are exploiting the same technology against them.

From automated hacking to AI powered scams, the new threats are forcing companies to rethink their broader approach to security. Beyond hardening technical defenses, companies operating in the AI age need to examine a wide range of practices, say industry experts, updating the way software patches are deployed and rebuilding the human layer of security.

“Everybody needs to be on a war footing right now,” Mayank Upadhyay, chief security and trust officer at Snowflake, told Fortune. The attack surface across a typical enterprise—network, laptops, cloud infrastructure, logins—is now generating so much data that human teams can’t hope to triage without help from AI, he said.

For years, most organizations managed cyber risk on a predictable schedule. Security teams would discover flaws in their software, vendors would bundle fixes into periodic updates, and companies would decide when to install those patches—often weekly, monthly, or even quarterly. That slower, batch style approach existed, in part, because updating critical systems can mean taking them offline, and there is always a risk that a new patch breaks something important.

Now, widely accessible AI systems can scan codebases at scale, automatically generate exploits for the vulnerabilities they find, and in some cases deploy those exploits to infiltrate networks and steal data or take control of systems. This AI accelerated vulnerability discovery allows threats to be identified and weaponized in hours rather than days or weeks, outpacing the traditional patching cycle.

Experts and industry leaders say the answer is to fight AI with AI.

“You have to use AI. It’s not even a choice, because there’s just so much data,” said Upadhyay. “If you’re being attacked by AI, there’s not enough security specialists you can put in place to fight that.”

Anthropic’s new Mythos model, although currently available only to select companies, is a prime example of the critical role AI can play as a defensive tool. Steve Schmidt, Amazon’s chief security officer, told Fortune that Mythos not only helps to patch individual bugs but also helps to permanently close whole classes of weaknesses that have been lurking in their systems.

“Everything we’ve seen has shown that we are far more effective using AI as defenders than adversaries are using it for attacks,” he said. “The experience we have with…the Mythos model is that it is a significant advantage to the defender.”

However, he said, the model only really performs when it’s paired with experienced engineers, adding that left to run on its own, even the most advanced systems throw off so many false alarms that developers eventually stop trusting what they see.

A new era of workforce risk

The economics of attacks are shifting too. Sophisticated, tailored intrusions used to be reserved for high-value targets; small and midsize companies could rely on relative obscurity. AI changes that calculus, lowering the cost and skill required to launch a customized attack against almost any organization, said Hugh Thompson, executive chairman of the RSA Conference.

“The fact that these tools can go after so many potential victims at once is a game changer in mindset,” he said.

And while a lot of attention has been given to AI models’ ability to exploit technical vulnerabilities, there’s been less conversation about the risks around social engineering—using psychology to manipulate people into giving attackers data or access.

Social engineering attacks utilize things like phishing emails crafted to mimic a colleague’s writing style; vishing—voice calls impersonating IT support or a vendor; business email compromise, in which an attacker poses as a senior executive to authorize a fraudulent wire transfer; and increasingly, deepfake audio or video calls designed to convincingly replicate a real person. In one high profile case, criminals used an AI generated video and voice clone of a company’s finance chief on a live video call to trick an employee into wiring roughly $25 million to fraudulent accounts.

Preparing workers for these AI risks requires more than prerecorded training videos or the occasional phishing email test. And instead of thinking about the risk of one or two employees being targeted by a sophisticated phishing attack, companies need to be prepared for all employees to be regularly targeted.

According to research from Charlemagne Labs, an AI-security startup, AI models already widely available can now sustain believable, multi-turn deception—conversations that span many back-and-forth exchanges rather than a single message—which is the hardest part of real-world scams. AI models, the research found, may enable convincing, automated end-to-end scams within 12 to 24 months.

“Because most AI researchers are more familiar with technical hacking and exploits, we believe social engineering—still the attack genesis for the vast majority of attacks—has gotten too little attention,” says Jeremy Philip Galen, a former Meta product manager and CEO of Charlemagne Labs.

One way that Galen’s startup is trying to address this is with a system named Charley that uses AI to monitor incoming messages and warn users about likely scams, acting as a kind of always on scam filter in the background.

“You can’t really train people, and that’s scary. You can’t teach people to identify threats, which means we’re entering a new era of workforce risk,” he said.

Snowflake’s Upadhyay says his team is already running daily “war room” exercises that bring together application security, cloud infrastructure, IT, and security operations teams. The aim is to remove silos so they’re prepared to react at “AI speed,” using the same AI powered tools as they test their defenses and find gaps before attackers do.

Upadhyay says teams should be establishing what is a four-step cycle powered by AI: Set up defenses, monitor them for breaches, contain and clean up any attacks or vulnerabilities that break through, and then build new controls so the same weakness can’t be exploited again.

“Just automating that entire life cycle—it’s using AI to fight AI. This is the thing that everybody should be rushing to do at this moment,” he said.