Elia Zaitsev says most software companies exist for one purpose: to make their customers happy. But what he finds most thrilling about his 12-year career at cybersecurity company CrowdStrike is that it has to please clients, while also making the bad actors it fights against unhappy.

“There’s a determined adversary on the other side of the table who’s doing everything they can, with significant resources and time and expertise, to circumvent everything that’s being developed,” says Zaitsev, CrowdStrike's chief technology officer.

Those adversaries—espionage attacks that have increased from nations like China and Iran, as well as new generative artificial intelligence-driven phishing and impersonation tactics—have propelled a sharp increase in malware-free, identity-based attacks. And as businesses migrate more workloads to the cloud, those environments have also become a more frequent target too, with new and unattributed intrusions increasing 26% last year from 2023.

Rather than look for a vulnerability on an external server, these nefarious individuals and organizations are using generative AI and other tools to develop convincing text, audio, and video to infiltrate systems. What that means is that fraudulent emails coming from a company’s “help desk” asking for a password are now often more polished than prior attempts that were often riddled with easy-to-spot mistakes.

The cautionary tale on the lips of every cyber expert, including Zaitsev, is an incident last year in which a finance worker in Hong Kong was scammed out of $25 million after fraudsters used a deepfake to pose as a chief financial officer during a video conference call.

“They’re relying on the weakest link, often in defenses, which is the human,” says Zaitsev.

These evolving tactics are why CrowdStrike reports that the average breakout time for an intrusion—the moment an adversary is able to move laterally throughout a company's system after initially gaining access—has dropped to 48 minutes in 2024 from 62 minutes the prior year. The fastest breakout CrowdStrike reported was just 51 seconds, giving defenders less than a minute to detect and respond to an attack. 

CrowdStrike has bulked up its cyber defenses through a series of acquisitions, including Preempt Security and SecureCircle, a cybersecurity provider that requires identity verification for every access request, regardless of location.

CrowdStrike has also invested in new product development, including this week's debut of Charlotte AI's agentic capabilities, which asks and answers investigative questions, helping to streamline cyber attack analysis and give security experts more time to act.

Charlotte AI’s accuracy rate is over 98%, according to Zaitsev, meaning that the generative AI tool comes to the same conclusion as human analysts 98 times out of 100 when assessing either a true positive or false positive attack. But humans can take about five minutes, on average, to perform this triage versus seconds Charlotte AI. That can save large enterprise customers up to seven days of human labor, per week. 

Zaitsev says even as these generative AI-enabled defenses advance, he doesn’t see them replacing humans. Because even with the high effectiveness rate, many customers will continue to want their workforces to remain accountable to ensure cyber safety. “We’re short on humans,” says Zaitsev. “What we want to do is augment them, make them more and more efficient, and also use them as the guardrail, as the check and balance.”

Zaitsev was an early employee at CrowdStrike, joining as its first sales engineer in 2013 and rising up the ranks over a decade. He became acquainted with CrowdStrike CEO and founder George Kurtz and other executives when they were at security software company McAfee for a partnership with Zaitsev’s former employer i2, which provides visual investigative analysis software for governments and law enforcement.

He was elevated to the role of CTO in 2023, after running technology for the Americas business for nearly three years, following the promotion of his predecessor Michael Sentonas, who is now president.

“I always ground myself in and use that customer-facing perspective to try and understand not only what is the competition doing, but what are the customers looking to do,” says Zaitsev. He remains hands-on and technical—never a programmer, but having been a coder for decades—enabling Zaitsev to build trust with CrowdStrike’s engineering team.

Externally, trust in CrowdStrike eroded last summer, when a global IT outage due to a faulty software update crashed millions of Windows-based devices, stinging airlines, banks, retailers, and other customers, while costing Fortune 500 companies billions in damages. “The July incident was very painful for them and for us,” acknowledges Zaitsev.

CrowdStrike, he says, learned valuable lessons from the experience and incorporated customer feedback to bolster controls and capabilities to prevent another outage. The company also offered incentives for a time to keep enterprises from defecting to competitors. CrowdStrike’s financial results following the incident remained resilient. Total and subscription revenue—the latter generally a one-to-three-year commitment—each increased 36% in fiscal 2024 from the prior year. The stock has recovered from a sharp selloff in July.

“I think we have come out of this, frankly, stronger,” says Zaitsev.

John Kell

Send thoughts or suggestions to CIO Intelligence here.

This story was originally featured on Fortune.com