AI vs the internet’s dumbest attacks

We keep calling this the age of intelligent defence, but every week I still watch networks go dark for the dumbest reasons imaginable. Not clever exploits, not AI-crafted malware – just plain, old-fashioned floods. Packets. Traffic. Noise.

‍

Maybe the problem isn’t that attackers are getting smarter. Maybe it’s that the industry, as defenders, has started believing our own marketing. We’ve built machine-learning SOCs that classify threats in milliseconds, anomaly engines that claim to detect “unknown unknowns”, and dashboards that promise autonomous mitigation before a human even blinks. And yet, somewhere out there, a kid with a rented botnet and an attitude problem can still flatten a regional bank.

‍

I’ve seen it happen. The screens light up, the alarms go off, and everyone waits for the “automated playbook” to do its thing. Until human intervention comes, scrambling in.

‍

Artificial intelligence was supposed to be our shield against chaos. Instead, it’s starting to look like an expensive comfort blanket. The biggest causes of outages today aren’t nation-state campaigns or AI-powered intrusions. They’re floods – SYN floods, UDP floods, DNS reflections – the same junk we were fighting 15 years ago. The only difference is scale. The pipes are fatter, the botnets are cheaper, and the marketing is louder.

‍

We keep adding brains to the problem, but the physics haven’t changed. You can’t out-think congestion. You can’t “train” your way around a full uplink. When the pipe’s full, it’s full. And yet we keep pretending otherwise, as if the right buzzword might finally bend physics.

‍

That’s the irony of cybersecurity in 2025, and most probably in 2026 and beyond. We’ve surrounded ourselves with intelligent systems that understand everything except the internet’s oldest truth: bandwidth is finite, packets are cheap, and no matter how “smart” your defences become, they still crumble under a really dumb attack.

‍

The irony of intelligence

For years, the industry has been selling “AI-powered everything” – AI threat hunting, AI correlation engines, AI-as-a-Service. If the acronym doesn’t already end in intelligence, someone in marketing will make sure it does. The pitch sounds irresistible: machines that learn faster than attackers can adapt. But attackers don’t need to adapt. Why bother when brute force still works just fine?

‍

Take Aisuru, for example. That botnet has been a recurring nightmare since it surfaced late last year. Same formula as always: home routers, IP cameras, cheap DVRs, all hijacked and repurposed into a global flood machine. I remember the night it spiked – WhatsApp threads lighting up, colleagues sharing breaking news of 30Tbps attacks. No stealth, no genius. Just raw, overwhelming noise. It took out parts of a gaming network, a few banks, and at least one CDN that had “AI-driven mitigation” proudly printed across its homepage.

‍

Or the time, large hosting networks across Europe – OVH, Leaseweb, even parts of Hetzner – were hammered by carpet-bombing attacks back in March. Routers choked for hours before manual intervention finally restored stability. The attacks weren’t subtle: multiple small floods spread across hundreds of IPs, the same carpet-bombing playbook we’ve seen for years. Yet the “autonomous” mitigation systems that were supposed to respond instantly kept analysing traffic patterns long after customers had already gone offline.

‍

This is what makes it absurd. We’ve built systems that can tell you exactly what’s happening, complete with confidence levels and predictive graphs, but they still can’t stop it.

‍

Why dumb still wins

There’s a kind of cruel beauty to DDoS. It doesn’t hack anything. It just overwhelms. It’s the Internet’s version of yelling until the other side gives up. Attackers love it because it’s cheap and brutally effective. For the cost of a weekend takeaway, they can cause millions in damage.

‍

Defenders, meanwhile, drown in complexity. We architect layers of AI detection, flow analysis, and automation – but when the traffic flood hits, those systems spend more time thinking than acting. AI might spot anomalies faster, sure, but it can’t make your pipes bigger. It can’t rewrite BGP routes mid-stream or summon terabits of spare capacity out of thin air.

‍

Attackers know this. They don’t try to outsmart anyone – they just out-send them. While algorithms recalibrate and engineers debate thresholds, packets keep coming. It’s not brains that win these fights. It’s preparation – good architecture, clean escalation paths, and real capacity behind the marketing deck. The rest is theatre. I’ve seen both sides: the ones who build for optics, and the ones who quietly build for impact. The latter survives.

‍

The human problem

The truth is, AI isn’t making us safer. It’s making us lazy. We’ve automated awareness to the point where we’ve forgotten how to look.

‍

The Aisuru floods proved that, as did the Asian gaming outage in April. That attack hit around 2 Tbps and kept matchmaking servers down for hours. The “self-learning” mitigation system was still “learning” while players were flooding Reddit instead. During that European outage, routers stayed unstable for half a day before someone finally yanked the right lever manually. Every after-action report said the same thing: automation delayed the humans.

‍

AI acts only within the boundaries we draw. It doesn’t know which customer is mission-critical or when it’s time to sacrifice one link to save the backbone. Those calls require judgment that sometimes defies logic – the kind that’s earned, not trained. And yet we keep trying to automate our way out of thinking.

‍

If anything, this whole obsession with “autonomous defence” has exposed how brittle our operations really are. We’ve traded situational awareness for dashboards, readiness for reassurance, and engineers for dashboards that promise “autonomous response.” When the dumb attacks come – and they always do – we’re reminded that the smartest system in the room is still the person who knows which cable to pull first.

‍

Final word: be humble, be practical

To be fair, AI can be really effective. It helps us cut through noise, spot subtle shifts, and make sense of chaos faster than any human can. When used well, it’s an amplifier – not a replacement. The trouble starts when we mistake the tool for the solution.

‍

Attackers have evolved, too. The smarter ones blend both worlds – raw volumetric floods up front, and surgical, application-layer probes behind. The mix works because defenders tend to chase one threat at a time.

‍

That’s why the real answer isn’t to reject AI or worship it. It’s to keep both feet on the ground. Use automation where it helps, but never forget that defence still begins with good architecture, solid processes, and people who know when to act.

‍

AI may be learning fast, but experience still reacts faster. And in this business, that’s what matters.