Mapping the Expanding Universe of Cyber Threats Through the Eyes of Its Defenders

“Every time there was a technical advance, threat actors were the first to adopt it,” warns Kevin Mandia, the founder of Mandiant and General Partner of Ballistic Ventures, whose experience in cybersecurity extends over 30 years. “[Attackers] could move faster than defenders because offense does not need quality assurance (QA) or business processes. They just need to launch attacks."

And with AI agents potentially orchestrating attacks at speeds faster than humans can comprehend, much less react to, defenders face a stark reality: they must turn to AI themselves.
 

Perspectives from the Front Lines

In his prerecorded keynote address at GovWare 2025, Mandia outlined the evolving cybersecurity landscape. He observed how the AI arms race is intensifying with AI agents enhancing attack capabilities, how there is increased exploitation at the edge via new attack vectors, and how state-sponsored hackers are now targeting a wider range of civilian and critical infrastructure.

In his view, AI agents will eventually orchestrate attacks across the entire MITRE ATT&CK framework, with attackers seeking to exploit all possible paths into a network simultaneously. Compared to traditional human attackers, the speed of attacks will also accelerate dramatically.

This means defenders have no choice but to turn to AI to respond at compute speed: “The future is going to be AI-driven for offense and AI-driven for defence,” said Mandia.

While state-sponsored attacks are hardly new, Mandia pointed to a troubling shift: recent activities have been observed focusing not just on economic gain or espionage for security information, but also on civilian critical infrastructure. This includes power grids, utilities, and transportation systems such as trains or airports – likely pre-positioning by attackers for reasons that remain unknown.
 

How Nations are Responding

So how are countries changing their strategies to deal with these new threats? At the opening of the Singapore International Cyber Week (SICW), with GovWare as its anchor trade event, David Koh, the Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA) of Singapore, offered additional context on the evolving threat landscape.

“Cybersecurity is never quite finished. Threats evolve, technology advances, adversaries adapt, and we must always be ready, a shared effort built on trust, One Nation and resilience,” said Koh. “Cybersecurity is a team sport… across a global field with no spectators. Governments, critical infrastructure owners, industry, international organisations, even ordinary individuals are all on the pitch.”

Singapore is already moving to better protect its critical infrastructure. In his keynote, Coordinating Minister for National Security and Minister for Home Affairs K. Shanmugam announced additional efforts to better protect this critical sector by moving beyond the traditional regulatory role to partner more closely with private sector infrastructure owners. This will extend to equipping owners with advanced tools and sharing classified threat intelligence.

He said: “Regulations alone are not going to be enough. Most owners of critical infrastructure are private sector companies whose primary job is to ensure the delivery of essential services – water, power, transportation and so on. They are not specialists in cybersecurity, yet they are up against some of the best in class.”
 

Voices from the Field

At the opening panel discussion at GovWare, several insights were raised by cybersecurity leaders, including a CISO working actively on the ground to shape how organisations prepare for and respond to fast-evolving threats. Huang Shao Fei, Group CISO at SMRT Corporation, noted how a service deemed as a non-essential service by policymakers could in fact be pivotal to daily life for the man on the street.

“Have we actually started to look closely at the cascading effect [of a failure stemming from a cyberattack]. I think that is the question that has been quite concerning in terms of how we look at critical infrastructure.”

And as appealing as it would be to “protect everything,” Huang made an astute observation: “If everything is critical, then how do you prioritise your resources? Resources are finite; they’re even more constrained when you talk to companies who are responsible for protecting critical infrastructure… it’s economically unsustainable to have everything classified as critical systems.”

Building the capabilities to defend against cyberattacks doesn’t happen overnight. H.E. Marta Pelechová , Special Envoy for Cyberspace, Ministry of Foreign Affairs of the Czech Republic, shared how her country has a team that travels on capacity building missions, with representatives from the police, cybersecurity agency, and from the private sector to establish long-term partnerships and build cybersecurity expertise.

Final word of advice? Elizabeth Vish, Senior Director for International Cyber Engagement, Institute for Security and Technology (IST), cautioned against waiting for a major incident or emergency before governments and the industry collaborate. In a nutshell, the time to start is today.