Rethinking MDR as Attackers and Defenders Embrace AI

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more

The article reports that traditional managed detection and response (MDR) models are struggling as attackers increasingly use AI to automate and accelerate phishing, identity abuse, and lateral movement, overwhelming legacy detection and response workflows.[3][10] It also notes that defenders are beginning to adopt AI-enhanced monitoring and response, but existing MDR contracts, playbooks, and tooling are often not designed for AI-speed attacks.[3][10] From a CyberSE.AI perspective, this reflects a growing risk of malicious AI use where offensive automation outpaces defensive operations, requiring continuous adversarial testing of AI-enabled detection stacks and MDR workflows. Organizations should proactively red team their AI-augmented SOC and MDR integrations to validate that controls, runbooks, and escalation paths can withstand fast, high-volume AI-driven campaigns.