Formerly known as Wikibon

Breaking Analysis: Cybersecurity’s Enduring Asymmetry in the Age of AI

For the past several decades, Cybersecurity has been an unfair fight. The economics have favored attackers, which have access to sophisticated resources, lower costs, fast innovation cycles and deep knowledge of vulnerabilities. Defenders, by contrast, bear the full burden of securing sprawling networks, fragmented technologies, and human error, all while operating under legal, regulatory, and financial scrutiny.

This asymmetry between attackers and defenders persists, and we believe is widening, in this era of AI. It is structural, not situational. And while defenders have made progress in automation, intelligence sharing, and board-level engagement, every new era of technology seems to widen the gap.

At Fal.Con 2025, CrowdStrike Executive Advisor Shawn Henry underscored this point. A former FBI cyber leader turned executive, Henry has lived through each era of cyber asymmetry. He recalls moments when adversaries gained massive advantage, often before enterprises or consumers even understood what was happening. Today, in his words, “the gap is once again widening” as AI and agentic technologies redefine the landscape.

In this Breaking Analysis, we’ll chart the history of asymmetry, era by era with a conceptual model that we believe reflects reality. We’ll explore the evolution of threats – from floppy disk viruses to nation-state espionage to AI-driven insider infiltration. We’ll analyze how defenders responded, often by adding more tools and vendors than they could manage. And we’ll consider Henry’s perspective on the new frontier – i.e. the AI and agentic security era, where speed, automation, and systemic reinvention are the only paths forward.

The Mainframe Era (1960s–1980s): Defense Holds the Advantage

The earliest days of computing were defined by centralization and isolation. Mainframes like IBM’s System/360 dominated, and access was restricted to a privileged few using tools like IBM’s Resource Access Control Facility (RACF). In addition, the following points describe the era’s risk profile: 

  • Threat landscape: Attacks were rare and usually academic. Security incidents were often insiders probing systems out of curiosity. Exploits were manual and slow, requiring deep technical expertise.
  • Defensive posture: Because systems were centralized, defense was straightforward. RACF and other mainframe controls gave defenders a structural advantage.
  • Asymmetry: Defenders held the edge. Attackers lacked connectivity, tools, or scale. The threat was mostly theoretical.

Still, the seeds of asymmetry were visible. As Henry notes, technology always contains vulnerabilities, even if adversaries haven’t yet exploited them. The foundation of offense-over-defense economics was already being laid.

The PC Era (1980s–early 1990s): Malware Spreads Beyond Walls

The arrival of personal computing shattered mainframe isolation. PCs spread to businesses and homes, floppy disks and bulletin boards carried data and viruses. Individual users were unsophisticated and vulnerable. The following points describe the risk profile: 

  • Threat landscape: Viruses like “Brain” (1986) and “Michelangelo” (1992) marked the first wave of consumer malware. Hackers (aka “hacktivists”) were often motivated by notoriety, curiosity, or ideology rather than profit.
  • Defensive posture: Antivirus companies like McAfee and Symantec emerged to protect client devices. Tools were reactive, relying primarily on signature updates.
  • Asymmetry: Attackers gained ground. For the first time, ordinary individuals could build and distribute malware at scale, while defenders scrambled to update AV databases. While the value for attackers was limited by the lack of technology ubiquity (no mobile, limited on-line banking, etc.), the exposure gap widened. 

This was an era where the economics shifted and it became inexpensive to attack.

The Early Internet Era (mid-1990s): A Major Inflection Point

Connectivity and Metcalfe’s Law changed everything. As the value of networks increased, attacks became more lucrative. As enterprises embraced email, websites, and e-commerce, the Internet became both a business enabler and an ever-expanding attack vector. The following points describe the risk profile: 

  • Threat landscape:
    • Worms like Morris (1988), Melissa (1999), and Code Red (2001) spread globally in hours.
    • DDoS attacks emerged, taking down Yahoo and eBay in 2000.
    • Phishing became a dominant tactic with limited user awareness and education.
    • Hacktivist groups like Anonymous gained prominence.
  • Defensive posture: Firewalls, IDS/IPS, and SIEM emerged. But enterprises lacked visibility, and consumers had almost no awareness.
  • Asymmetry: Attackers took a decisive lead. A single worm could cripple millions of systems. Nation-states realized they could steal intellectual property at scale, with little resistance.

Henry’s PoV: The early 2000s were a turning point. “The adversaries absolutely knew there were vulnerabilities that could be exploited,” he recalled on theCUBE at Fal.Con 2025. “For eight years or so, the average person had zero understanding of what was happening. There was a lot of exfiltration.”

The Cloud & Mobile Era (2010s): Offense Becomes a Business

The 2010s ushered in cloud adoption, ubiquitous mobility, and social media. Data exploded, and enterprises digitized operations at unprecedented speed. While the cloud became the first line of defense, the shared responsibility model was not well understood by customers and it left organizations exposed. Moreover, the “shift left” movement put increased burden on developers. As the API economy evolved, it created more seams and greater complexity, further widening the gap between attackers and defenders. The following additional points summarize the risk profile for this era: 

  • Threat landscape:
    • Ransomware became a business model, with crypto enabling anonymous payments.
    • Advanced Persistent Threats (APTs) flourished – the Big 4 (China, Russia, Iran, and North Korea) all escalated cyber operations and invested heavily in cyber espionage.
    • Supply chain attacks emerged, culminating in the 2020 SolarWinds breach, a sophisticated supply chain cyberattack, likely carried out by Russian state-sponsored actors, that distributed malicious code through trojanized software updates for the company’s Orion platform, compromising thousands of government agencies and private companies.
    • Stuxnet, a sophisticated computer worm, believed to be developed by the U.S. and Israel, was discovered in 2010. It caused physical damage to Iranian nuclear centrifuges by covertly manipulating the industrial control systems that operated them and introduced a new era of attack sophistication.
  • Defensive posture:
    • Cloud-native security improved automation and visibility.
    • Zero Trust gained traction.
    • But tool sprawl exploded – enterprises deployed dozens of point products, creating silos and inefficiencies.
  • Asymmetry: Attackers still held the edge. They exploited weak links in global supply chains, monetized ransomware, and targeted critical services.

Henry’s PoV: Boards of directors and CEOs “get it” now. Ransomware on TV made cyber risk tangible. The CISO became a leadership role, not just a cost center.

The AI & Agentic Era (2020s–present): Asymmetry Widens Again

Generative AI and the agentic era represents a structural shift in the balance of power. Unlike past innovations, it empowers both attackers and defenders simultaneously – but offense moves faster. AI has caused a complete reset in security philosophies. Prior to AI, defenders could thwart the vast majority of breach attempts (e.g. 99%) leaving humans to fight the remaining threats. AI changed the velocity of attacks (e.g. phishing at massive scale with higher quality) and has overwhelmed the ability of humans to defend the hypothetical 1%. As such, AI is needed to fight AI. 

The following key points describe the risk profile of this era: 

  • Threat landscape:
    • Exploits compress from months to minutes with AI-driven scanning.
    • Nation-state-grade capabilities are democratized with access to ultra low cost tools.
    • North Korean operatives use AI-generated resumes to infiltrate Western companies as remote employees.
    • Deepfakes, synthetic identities, and autonomous agents blur truth and accelerate manipulation.
    • China conducts cyber espionage to steal secrets and win bids on large infrastructure projects across the globe. 
    • The war in Ukraine gives glimpses to how conflicts will be fought in the future, with cyber attacks playing a major role. 
    • Critical infrastructure such as the electric grid, banking systems, hydroelectric facilities, etc. are increasingly vulnerable as entire industries become “critical.”
  • Defensive posture:
    • CISOs are embracing AI for faster detection, triage, and response.
    • Boards understand the risk, but adoption lags. Education and investment remain barriers.
    • As Henry emphasized: “Speed is king in cybersecurity. If you’re not as fast, you’re going to be victimized.”
  • Asymmetry: The gap is widening. Attackers move faster, cheaper, and more creatively than defenders can respond.

Henry’s PoV: “Agentic is the next iteration,” he said. “It feels different because of the scope and scale in a relatively short time.” AI puts power into the hands of laymen, not just technologists. That makes this era fundamentally different.

Vendors and Tools: A Story of Sprawl and Fragmentation

The market reflects this asymmetry. Defenders respond to new threats by buying more tools from more vendors (*excluding services firms). The result is fragmentation:

EraVendors (approx.)*Avg. Tools per Enterprise
Mainframe (1960s–1980s)502
PC (1980s–early 1990s)2005
Early Internet (mid-1990s)1,00015
Cloud & Mobile (2010s)3,50050
AI & Agentic (2020s–)5,00075

This creates systemic disadvantage. Attackers adapt cheaply. Defenders spend heavily, often without integration. As Henry noted, the CISO’s role has changed, but the economics remain skewed.

Critical Infrastructure and Interconnected Risk

One of Henry’s most important points is about critical infrastructure. Traditionally, it meant energy, water, or transportation. But in a digital economy, every company is critical:

  • A widget maker in the supply chain may power a city’s electric grid.
  • Financial services, telecoms, and retailers are all interdependent.
  • “From my perspective, every company we’re protecting is part of infrastructure one way or another,” Henry said.

This interconnectedness makes defense harder. A breach in one small vendor can cascade across global networks. Attackers understand this; defenders must adapt.

The Human Dimension

Despite the complexity of modern breaches, Henry stressed that many are simple – i.e. users hand over credentials like house keys. Human error remains the attacker’s favorite vector.

This is why education, board engagement, and cultural change matter. CISOs are no longer just technologists; they are risk managers, educators, and protectors of enterprise value.

The Road Toward Agentic Security

Our research takeaways and the conversation with Henry suggests the future of cybersecurity depends on systemic reinvention, what we’ve often called a “do-over.” 

  • Agentic security: AI-native architectures that act autonomously at machine speed.
  • Integrated platforms: Reducing tool sprawl and vendor fragmentation.
  • Board-level governance: Framing cyber in the language of risk, not technology.
  • Public-private partnership: Governments, enterprises, and security vendors must align to address systemic risk.

Henry believes CISOs already see the value of AI. Adoption is not about reluctance but about timing, education, and investment. As adversaries exploit AI faster, defenders must scale agentic security to survive.

Asymmetry Remains Indefinately

The history of cybersecurity is painted with asymmetry. Subsequent to the mainframe era and most certainly into AI, the offense has consistently innovated faster and at lower cost than the defense.

Our research indicates that while boards, CISOs, and governments are more engaged than ever, the structural imbalance persists. Attackers exploit vulnerabilities creatively and cheaply, while defenders respond with increased complexity and higher costs.

Shawn Henry’s perspective is that the AI and agentic era represents a new frontier. The gap is widening again, and only speed, automation, and reinvention can restore balance.

Cybersecurity is no longer just a technical discipline. It is a business imperative, a governance issue, and a national security challenge. Unless defenders reinvent, the asymmetry that has defined this field for decades will continue to shape its future.

Watch the full interview with CrowdStrike’s Shawn Henry:

Article Categories

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
"Your vote of support is important to us and it helps us keep the content FREE. One click below supports our mission to provide free, deep, and relevant content. "
John Furrier
Co-Founder of theCUBE Research's parent company, SiliconANGLE Media

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well”

Book A Briefing

Fill out the form , and our team will be in touch shortly.
Skip to content