Are We Training AI Too Late?

CYBERSECURITY ANALYTICS CYBER RISK CYBERSECURITY OPERATIONS COMMENTARY Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts. Are We Training AI Too Late? Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors. Nishawn Smagh,Director of Intelligence,GreyNoise April 1, 2026 4 Min Read SOURCE: BESJUNIOR VIA ADOBESTOCK QUESTION: Are we training AI too late? Nishawn Smagh, Director of Intelligence at GreyNoise: Artificial intelligence anchors modern security operations. Detection models are typically trained on labeled breach logs, malware samples, threat feeds, and post-incident investigations; sources that provide validated ground truth and enable reliable classification. But these sources share a critical structural limitation: They reflect attacker behavior only after malicious activity has already been confirmed. The central question becomes whether we are training AI to recognize impact or intent. For the answer, let's look at IP patterns associated with malicious scanning activity.  The Fresh Infrastructure Problem Internet-scale telemetry shows that high-impact exploitation frequently originates from infrastructure with little or no prior malicious history. According to GreyNoise's 2026 State of the Edge report: Related:As Cybersecurity Firms Chase AI, VC Market Skyrockets 52% of remote code execution (RCE) exploitation traffic originated from IPs that had not appeared in common threat feeds. 38% of authentication bypass attempts involved previously unseen IPs. For basic reconnaissance (e.g., information disclosure), the number of IPs with no scanning history drops to 29%.   A striking pattern emerges: the more severe the activity, the more likely it is to involve new infrastructure. Adversaries appear to understand the constraints of reputation systems, increasingly deploying new cloud instances, short-lived VPS environments, and residential proxy networks to avoid leaving reusable IP history. Reputation-based approaches remain valuable, but inherently retrospective. If AI models heavily weight historical indicators and post-compromise artifacts, they risk inheriting the same lag. Infrastructure novelty, especially when paired with high-impact behavior, is becoming a meaningful risk signal in its own right. Attacker Behavior Often Comes First The timing gap may begin even earlier than most defensive workflows assume. GreyNoise analyzed edge-related activity starting in September 2024 and identified 216 statistically significant spike events after applying strict anomaly thresholds. When compared against subsequent common vulnerability exposure (CVE ) disclosures affecting the same technologies: 50% of spikes were followed by a new CVE disclosure within three weeks. 80% were followed by a new disclosure within six weeks. This pattern spanned eight enterprise-focused edge-facing systems (such as VPNs, routers, firewalls, and internet-facing management systems). Correlation does not prove causation, but the recurring temporal relationship suggests that attacker intent can surface before formal vulnerability disclosure.  Related:More Than 40% of South Africans Were Scammed in 2025 Most spike activity involved exploit attempts against previously known vulnerabilities, consistent with adversaries' inventorying exposed systems or testing exploit paths ahead of a coordinated campaign. Why the Edge Matters Edge-facing systems are increasingly becoming strategic access points, and large-language model (LLM) inference servers represent a particularly acute version of this problem. A compromised inference endpoint isn't just a foothold; it's a position from which adversaries can manipulate model outputs, exfiltrate training data, or pivot to internal systems querying it.  Reconnaissance targeting inference ports is already underway. If defenders are training AI to protect AI infrastructure using only post-compromise artifacts, then the most novel attack surface in the enterprise is being defended with the oldest detection logic. Edge systems capture exactly this kind of pre-compromise telemetry, reconnaissance, authentication probing, and infrastructure rotation patterns that reflect attacker coordination before a breach is confirmed. CrowdStrike's 2026 Global Threat Report reinforces the emphasis adversaries place on edge devices, noting that nation-state and ransomware operators targeted network perimeter devices as strategic entry points. China-nexus actors favor edge exploitation because it provides immediate access while limiting defender visibility Related:Vulnerabilities Surge, But Messy Reporting Blurs Picture This creates a structural asymmetry. Adversaries exploit the edge precisely because visibility is constrained. Yet defenders often train AI on artifacts that appear only after edge access has succeeded. At the perimeter, they see probing, exploit attempts, and infrastructure rotation, signals that may not map to a confirmed compromise, but frequently precede it. Detecting the 216 spike events required internet-scale baselining. A single enterprise might observe exploit attempts against its own systems, but it cannot easily determine whether they represent background noise or a coordinated global deviation. The visibility gap becomes a training gap. Implications for AI Strategy Post-incident artifacts remain essential; they provide reliable labels and serve as anchors for supervised detection systems. But if training datasets emphasize confirmed compromise and post-disclosure exploitation while excluding pre-exploitation behavioral telemetry, models will skew toward reactive signals. The findings point toward two measurable opportunities: A meaningful association between infrastructure novelty and higher-impact exploitation. A recurring relationship between behavioral spikes and subsequent CVE disclosures in edge technologies. Earlier signals exist, and they are measurable. Incorporating features such as first-seen IP timing, anomaly-detection outputs, infrastructure churn rates, and pre-disclosure spike behavior into AI pipelines could shift detection closer to attacker reconnaissance rather than to attacker success. Shift the Training Window Training earlier in the attack lifecycle doesn't mean abandoning validated impact data. It means expanding the signal set. As infrastructure rotation accelerates and edge systems remain high-value targets, defensive advantage will increasingly depend on how effectively AI integrates both confirmed compromise artifacts and internet-scale pre-exploitation telemetry. Organizations that close that timing gap move from reacting to breaches toward recognizing coordinated behavior before a breach occurs. About the Author Nishawn Smagh Director of Intelligence, GreyNoise As the principal intelligence liaison and a senior executive at GreyNoise Intelligence, Nishawn Smagh leads collaboration with global government and enterprise partners to enhance detection, understanding, and response to advanced cyber threats. Drawing on decades of operational experience, he helps government and commercial enterprises strengthen their offensive and defensive capabilities to counter sophisticated adversaries, defend critical networks, and outpace rapidly evolving APT tradecraft.   Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Latest Articles in The Edge VULNERABILITIES & THREATS Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles MAR 26, 2026 CYBERSECURITY OPERATIONS How Organizations Can Use Mistakes to Level Up Their Security Programs MAR 26, 2026 CYBER RISK Why a 'Near-Miss' Database Is Key to Improving Information Sharing MAR 25, 2026 СLOUD SECURITY CSA Launches CSAI Foundation for AI Security MAR 24, 2026 Read More The Edge Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security