Former officials and leading cyber experts agree on one thing: A major AI-enabled cyberattack is coming.

Why it matters: No matter what form it takes — from a highly targeted attack on utilities to cybercriminals losing control of AI agents — companies and government agencies need to rethink their defenses now, experts told me.

• I spoke with several leading cyber experts and former senior government officials in recent weeks to understand what worries them most about AI threats.
• They had their fears — and also solutions.

The big picture: Defenders need to embrace AI as quickly as the adversaries, officials warned.

• Former Defense Secretary Leon Panetta said the U.S. government will need to enhance its ability to collect and analyze intelligence about potential AI attacks.
• Gen. Paul Nakasone, former head of the NSA and Cyber Command, said defenders need to shift from episodic reactions to a model of persistent defense.
• "It needs to be, 'Hey, we're going to take a look at that, and we're going to improve our code and our capabilities and our defensive measures, not once, but all the time,'" Nakasone said.
• Kevin Mandia, founder of Mandiant, who is starting a new AI security company, foresees a future where humans are no longer in the loop and AI agents are on the front lines.
• "Fast-forward five years, what you're going to have in cybersecurity is AI agents that do offense," Mandia said. "The ultimate cyber offense will be training AI agents that do defense with not a lot of humans in either loop."

Yes, but: Chris Inglis, the country's first national cyber director and former NSA deputy director, warned against completely removing humans from the process of reviewing agents' actions.

• Defenders will need to know who was responsible for a decision and why it was made.
• Case in point: A Financial Times story last week found that an AI coding agent took part of Amazon Web Services offline for 13 hours in mid-December after determining the best course of action was to "delete and recreate the environment."

Between the lines: As AI rapidly advances, security programs need a new chain of command, Michael Sulmeyer, former assistant secretary of defense for cyber policy, told Axios.

• Rather than treating cybersecurity like it's a procurement and compliance issue, companies need to see it as critical to carrying out their mission, said Sulmeyer, who is also a Georgetown professor.
• "We need to stop making like cyber defense in the age of AI [is] a CIO, IT problem," he said. "It needs to be an operational problem."

What to watch: Companies are slowly adopting AI agents in their enterprises, while government agencies face privacy and compliance hurdles in deploying AI tools on their systems.