For the past several decades, Cybersecurity has been an unfair fight. The economics have favored attackers, which have access to sophisticated resources, lower costs, fast innovation cycles and deep knowledge of vulnerabilities. Defenders, by contrast, bear the full burden of securing sprawling networks, fragmented technologies, and human error, all while operating under legal, regulatory, and financial scrutiny.
This asymmetry between attackers and defenders persists, and we believe is widening, in this era of AI. It is structural, not situational. And while defenders have made progress in automation, intelligence sharing, and board-level engagement, every new era of technology seems to widen the gap.
At Fal.Con 2025, CrowdStrike Executive Advisor Shawn Henry underscored this point. A former FBI cyber leader turned executive, Henry has lived through each era of cyber asymmetry. He recalls moments when adversaries gained massive advantage, often before enterprises or consumers even understood what was happening. Today, in his words, “the gap is once again widening” as AI and agentic technologies redefine the landscape.
In this Breaking Analysis, we’ll chart the history of asymmetry, era by era with a conceptual model that we believe reflects reality. We’ll explore the evolution of threats – from floppy disk viruses to nation-state espionage to AI-driven insider infiltration. We’ll analyze how defenders responded, often by adding more tools and vendors than they could manage. And we’ll consider Henry’s perspective on the new frontier – i.e. the AI and agentic security era, where speed, automation, and systemic reinvention are the only paths forward.
The Mainframe Era (1960s–1980s): Defense Holds the Advantage
The earliest days of computing were defined by centralization and isolation. Mainframes like IBM’s System/360 dominated, and access was restricted to a privileged few using tools like IBM’s Resource Access Control Facility (RACF). In addition, the following points describe the era’s risk profile:
- Threat landscape: Attacks were rare and usually academic. Security incidents were often insiders probing systems out of curiosity. Exploits were manual and slow, requiring deep technical expertise.
- Defensive posture: Because systems were centralized, defense was straightforward. RACF and other mainframe controls gave defenders a structural advantage.
- Asymmetry: Defenders held the edge. Attackers lacked connectivity, tools, or scale. The threat was mostly theoretical.
Still, the seeds of asymmetry were visible. As Henry notes, technology always contains vulnerabilities, even if adversaries haven’t yet exploited them. The foundation of offense-over-defense economics was already being laid.
The PC Era (1980s–early 1990s): Malware Spreads Beyond Walls
The arrival of personal computing shattered mainframe isolation. PCs spread to businesses and homes, floppy disks and bulletin boards carried data and viruses. Individual users were unsophisticated and vulnerable. The following points describe the risk profile:
- Threat landscape: Viruses like “Brain” (1986) and “Michelangelo” (1992) marked the first wave of consumer malware. Hackers (aka “hacktivists”) were often motivated by notoriety, curiosity, or ideology rather than profit.
- Defensive posture: Antivirus companies like McAfee and Symantec emerged to protect client devices. Tools were reactive, relying primarily on signature updates.
- Asymmetry: Attackers gained ground. For the first time, ordinary individuals could build and distribute malware at scale, while defenders scrambled to update AV databases. While the value for attackers was limited by the lack of technology ubiquity (no mobile, limited on-line banking, etc.), the exposure gap widened.
This was an era where the economics shifted and it became inexpensive to attack.
The Early Internet Era (mid-1990s): A Major Inflection Point
Connectivity and Metcalfe’s Law changed everything. As the value of networks increased, attacks became more lucrative. As enterprises embraced email, websites, and e-commerce, the Internet became both a business enabler and an ever-expanding attack vector. The following points describe the risk profile:
- Threat landscape:
- Worms like Morris (1988), Melissa (1999), and Code Red (2001) spread globally in hours.
- DDoS attacks emerged, taking down Yahoo and eBay in 2000.
- Phishing became a dominant tactic with limited user awareness and education.
- Hacktivist groups like Anonymous gained prominence.
- Worms like Morris (1988), Melissa (1999), and Code Red (2001) spread globally in hours.
- Defensive posture: Firewalls, IDS/IPS, and SIEM emerged. But enterprises lacked visibility, and consumers had almost no awareness.
- Asymmetry: Attackers took a decisive lead. A single worm could cripple millions of systems. Nation-states realized they could steal intellectual property at scale, with little resistance.
Henry’s PoV: The early 2000s were a turning point. “The adversaries absolutely knew there were vulnerabilities that could be exploited,” he recalled on theCUBE at Fal.Con 2025. “For eight years or so, the average person had zero understanding of what was happening. There was a lot of exfiltration.”
The Cloud & Mobile Era (2010s): Offense Becomes a Business
The 2010s ushered in cloud adoption, ubiquitous mobility, and social media. Data exploded, and enterprises digitized operations at unprecedented speed. While the cloud became the first line of defense, the shared responsibility model was not well understood by customers and it left organizations exposed. Moreover, the “shift left” movement put increased burden on developers. As the API economy evolved, it created more seams and greater complexity, further widening the gap between attackers and defenders. The following additional points summarize the risk profile for this era:
- Threat landscape:
- Ransomware became a business model, with crypto enabling anonymous payments.
- Advanced Persistent Threats (APTs) flourished – the Big 4 (China, Russia, Iran, and North Korea) all escalated cyber operations and invested heavily in cyber espionage.
- Supply chain attacks emerged, culminating in the 2020 SolarWinds breach, a sophisticated supply chain cyberattack, likely carried out by Russian state-sponsored actors, that distributed malicious code through trojanized software updates for the company’s Orion platform, compromising thousands of government agencies and private companies.
- Stuxnet, a sophisticated computer worm, believed to be developed by the U.S. and Israel, was discovered in 2010. It caused physical damage to Iranian nuclear centrifuges by covertly manipulating the industrial control systems that operated them and introduced a new era of attack sophistication.
- Ransomware became a business model, with crypto enabling anonymous payments.
- Defensive posture:
- Cloud-native security improved automation and visibility.
- Zero Trust gained traction.
- But tool sprawl exploded – enterprises deployed dozens of point products, creating silos and inefficiencies.
- Cloud-native security improved automation and visibility.
- Asymmetry: Attackers still held the edge. They exploited weak links in global supply chains, monetized ransomware, and targeted critical services.
Henry’s PoV: Boards of directors and CEOs “get it” now. Ransomware on TV made cyber risk tangible. The CISO became a leadership role, not just a cost center.
The AI & Agentic Era (2020s–present): Asymmetry Widens Again
Generative AI and the agentic era represents a structural shift in the balance of power. Unlike past innovations, it empowers both attackers and defenders simultaneously – but offense moves faster. AI has caused a complete reset in security philosophies. Prior to AI, defenders could thwart the vast majority of breach attempts (e.g. 99%) leaving humans to fight the remaining threats. AI changed the velocity of attacks (e.g. phishing at massive scale with higher quality) and has overwhelmed the ability of humans to defend the hypothetical 1%. As such, AI is needed to fight AI.
The following key points describe the risk profile of this era:
- Threat landscape:
- Exploits compress from months to minutes with AI-driven scanning.
- Nation-state-grade capabilities are democratized with access to ultra low cost tools.
- North Korean operatives use AI-generated resumes to infiltrate Western companies as remote employees.
- Deepfakes, synthetic identities, and autonomous agents blur truth and accelerate manipulation.
- China conducts cyber espionage to steal secrets and win bids on large infrastructure projects across the globe.
- The war in Ukraine gives glimpses to how conflicts will be fought in the future, with cyber attacks playing a major role.
- Critical infrastructure such as the electric grid, banking systems, hydroelectric facilities, etc. are increasingly vulnerable as entire industries become “critical.”
- Exploits compress from months to minutes with AI-driven scanning.
- Defensive posture:
- CISOs are embracing AI for faster detection, triage, and response.
- Boards understand the risk, but adoption lags. Education and investment remain barriers.
- As Henry emphasized: “Speed is king in cybersecurity. If you’re not as fast, you’re going to be victimized.”
- CISOs are embracing AI for faster detection, triage, and response.
- Asymmetry: The gap is widening. Attackers move faster, cheaper, and more creatively than defenders can respond.
Henry’s PoV: “Agentic is the next iteration,” he said. “It feels different because of the scope and scale in a relatively short time.” AI puts power into the hands of laymen, not just technologists. That makes this era fundamentally different.
Vendors and Tools: A Story of Sprawl and Fragmentation
The market reflects this asymmetry. Defenders respond to new threats by buying more tools from more vendors (*excluding services firms). The result is fragmentation:
| Era | Vendors (approx.)* | Avg. Tools per Enterprise |
| Mainframe (1960s–1980s) | 50 | 2 |
| PC (1980s–early 1990s) | 200 | 5 |
| Early Internet (mid-1990s) | 1,000 | 15 |
| Cloud & Mobile (2010s) | 3,500 | 50 |
| AI & Agentic (2020s–) | 5,000 | 75 |
This creates systemic disadvantage. Attackers adapt cheaply. Defenders spend heavily, often without integration. As Henry noted, the CISO’s role has changed, but the economics remain skewed.
Critical Infrastructure and Interconnected Risk
One of Henry’s most important points is about critical infrastructure. Traditionally, it meant energy, water, or transportation. But in a digital economy, every company is critical:
- A widget maker in the supply chain may power a city’s electric grid.
- Financial services, telecoms, and retailers are all interdependent.
- “From my perspective, every company we’re protecting is part of infrastructure one way or another,” Henry said.
This interconnectedness makes defense harder. A breach in one small vendor can cascade across global networks. Attackers understand this; defenders must adapt.
The Human Dimension
Despite the complexity of modern breaches, Henry stressed that many are simple – i.e. users hand over credentials like house keys. Human error remains the attacker’s favorite vector.
This is why education, board engagement, and cultural change matter. CISOs are no longer just technologists; they are risk managers, educators, and protectors of enterprise value.
The Road Toward Agentic Security
Our research takeaways and the conversation with Henry suggests the future of cybersecurity depends on systemic reinvention, what we’ve often called a “do-over.”
- Agentic security: AI-native architectures that act autonomously at machine speed.
- Integrated platforms: Reducing tool sprawl and vendor fragmentation.
- Board-level governance: Framing cyber in the language of risk, not technology.
- Public-private partnership: Governments, enterprises, and security vendors must align to address systemic risk.
Henry believes CISOs already see the value of AI. Adoption is not about reluctance but about timing, education, and investment. As adversaries exploit AI faster, defenders must scale agentic security to survive.
Asymmetry Remains Indefinately
The history of cybersecurity is painted with asymmetry. Subsequent to the mainframe era and most certainly into AI, the offense has consistently innovated faster and at lower cost than the defense.
Our research indicates that while boards, CISOs, and governments are more engaged than ever, the structural imbalance persists. Attackers exploit vulnerabilities creatively and cheaply, while defenders respond with increased complexity and higher costs.
Shawn Henry’s perspective is that the AI and agentic era represents a new frontier. The gap is widening again, and only speed, automation, and reinvention can restore balance.
Cybersecurity is no longer just a technical discipline. It is a business imperative, a governance issue, and a national security challenge. Unless defenders reinvent, the asymmetry that has defined this field for decades will continue to shape its future.
Watch the full interview with CrowdStrike’s Shawn Henry:
