Just as Wayne Gretzky’s success came from anticipating where the puck was headed, cybersecurity’s next evolution lies in prediction—moving defense to where the attack will be, not where it’s already struck.

getty

Cybersecurity has long been defined by reaction. For decades, the industry has measured its success in terms of how quickly a team detects and contains an incident. But artificial intelligence is reshaping that logic.

AI is accelerating the offensive side of the equation — compressing the timeline between reconnaissance and compromise from days to minutes. Automated phishing campaigns, synthetic domains and AI-generated malware are flooding the digital landscape faster than humans can respond. The result is a fundamental imbalance: defenders are still playing catch-up in a game where attackers now move at machine speed.

That’s why a new model — pre-attack prevention — is beginning to take shape. Instead of responding to indicators of compromise, this approach targets what might be called indicators of intent. It focuses on the early signals that reveal a campaign in preparation: newly registered domains, command-and-control scaffolding and phishing kit staging. The idea is simple but radical — use AI to predict, detect and dismantle attacks before they happen.

The Acceleration Problem

“AI has completely collapsed the timeline of attack execution,” said Den Jones, founder and CEO of 909Cyber. “We used to have days or weeks to detect and respond; now, adversaries can build and deploy entire campaigns before defenders even know they exist.”

Generative AI gives attackers capabilities once reserved for nation-states. Machine learning can automate reconnaissance, generate polymorphic code and even test exploits autonomously. AI attacks can operate around the clock and quickly scale operations to hundreds of simultaneous targets.

As Guy Ben Arie, co-founder and head of engineering for Malanta, put it, “With AI attackers, attacks start and finish within a minute, so we are not playing on the same field with the current security stack that you have.”

That compressed window between setup and strike is the gap pre-attack prevention aims to close. By mapping and monitoring what Ben Arie calls “attack infrastructure” — the servers, domains, certificates and social accounts that make up a threat actor’s toolkit — AI systems can spot malicious mobilization before it breaches a network.

From Detection to Preemption

Hockey legend Wayne Gretzky once said, “I skate to where the puck is going to be, not where it has been.” The same principle applies to modern cybersecurity. For too long, defenders have been skating to where the attack was—analyzing logs, closing gaps and responding to breaches that have already occurred. But as AI accelerates the pace of attacks, the real advantage lies in skating to where the attack will be — predicting and disrupting it before it ever hits the net.

Traditional SOC metrics revolve around mean time to detect and mean time to respond. Those are still important, but they start the clock too late. Pre-attack prevention introduces a new benchmark: mean time to preempt — how fast an organization can identify and neutralize an attack before it begins.

Kobi Ben-Naim, co-founder and CEO of Malanta, explained it to me this way: “When we’re talking about mean time to preempt, it’s not just talking about how we detect earlier and prevent the attack from happening. It’s also adding the necessary KPIs for executives to actually prove that they can detect very early on and then preempt it and eliminate the attack before it grows.”

AI as Both Threat and Solution

The same tools enabling AI-driven attacks can also empower defense. Machine learning models trained on global telemetry can correlate pre-attack indicators, cluster related entities and identify staging environments invisible to traditional threat intelligence. When paired with automated response mechanisms, these systems can flag and even dismantle malicious infrastructure before activation.

Ben-Naim describes it as an arms race between autonomous agents: attackers use AI reasoning to optimize infiltration routes, while defenders deploy AI reasoning to anticipate and interrupt those moves. Ben-Naim believes the winner isn’t necessarily the one with better algorithms — it’s the one that acts first.

Pre-Attack Prevention in Practice

Malanta, an Israeli startup that recently exited stealth with $10 million in seed funding led by Cardumen Capital, with participation from The Group Ventures, is putting this approach into practice. Notable angel investors in its earlier pre-seed round include Udi Mokady, founder and executive chairman of CyberArk; Benny Schneider; and Harel Prag and Amit Greener, general partners at Rollout Ventures.

Malanta has developed a platform aimed at identifying what it calls “indicators of pre-attack.” IoPAs include signals such as domain registrations or infrastructure setup that may precede malicious activity. The company says its system uses AI to correlate those external clues with a customer’s environment and prioritize which potential threats warrant closer inspection.

According to Malanta, its early work with national cyber authorities has explored how early detection and infrastructure disruption could reduce the number of attacks that ever reach enterprise networks. Whether this approach ultimately proves scalable remains to be seen, but it reflects a wider effort to push security operations further left of the breach — toward prevention rather than response.

The Future of Cyber Defense

AI will continue to accelerate both attack and defense, forcing organizations to rethink how they balance automation, analysis and human oversight. The next wave of innovation is likely to center on prediction — using data, machine learning and collective intelligence to understand adversary intent before damage occurs.

Pre-attack prevention is an emerging concept, but it underscores a growing consensus across the security community: resilience alone is not enough. The future of cybersecurity may depend less on how quickly organizations recover — and more on how early they can see what’s coming.