Attack surface

Centralized danger

Part of the problem is the risk concentration. A 2024 report from SecurityScorecard revealed that 90% of global external attack surface is concentrated in just 150 companies, 62% in just 15 companies, meaning that threat actors have the advantage of targeting the familiar.

That’s because third-party software is heavily used, SecurityScorecard Chief Threat Intelligence Officer Ryan Sherstobitoff told IT Brew. It’s a “concentrated risk” that is made worse by corporate amalgamation.

“What we see is some of the company mergers and consolidation of cloud technologies are obviously providing an opportunity for threat actors,” Sherstobitoff said.

Coordination station

The changing threat surface also offers the opportunity for attackers to work together. Ransomware criminals in particular have been coordinating to take advantage of a vulnerability scheme that’s expanding as AI integrates into systems and expands the threat surface. Druva CSO Yogesh Badwe told IT Brew that the teamwork is less a union than a loose confederation of like-minded actors.

“It’s not a single group anymore that’s targeting a single company,” Badwe said. “It’s different groups, collaborating together in a way, with some sort of loose trust between them and handing off incidents.”

Expansion pack

With AI an ever more important part of the tech landscape, an increase in threat surface is to be expected. Agentic AI, which featured heavily in 2025’s RSAC Conference, is the latest technology to show great promise—but some are cautious, both for how attackers might deploy it and how its use could expand the attack surface.

RSA CEO Rohit Ghai broke it down for IT Brew at the conference: “AI as an attacker, AI as a defender, and then AI as an attack surface. Those are kind of the three dimensions of AI that we need to be thinking about.”