惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
T
Threatpost
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
O
OpenAI News
Project Zero
Project Zero
G
GRAHAM CLULEY
P
Privacy International News Feed
A
Arctic Wolf
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
D
Docker
aimingoo的专栏
aimingoo的专栏
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
云风的 BLOG
云风的 BLOG
雷峰网
雷峰网
W
WeLiveSecurity
P
Proofpoint News Feed
腾讯CDC
Cloudbric
Cloudbric
S
Secure Thoughts
C
Check Point Blog
博客园 - Franky
T
The Exploit Database - CXSecurity.com
T
Troy Hunt's Blog
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
TaoSecurity Blog
TaoSecurity Blog
L
Lohrmann on Cybersecurity
V
Visual Studio Blog
F
Fortinet All Blogs
博客园 - 叶小钗
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
C
Cisco Blogs
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research

Arctic Wolf

Home-Field Disadvantage: AiTM, QR-Code Phishing, and Infostealers at the 2026 FIFA World Cup arcticwolf.com arcticwolf.com Celebrating Arctic Wolf’s 2026 Partner of the Year Winners at Global Partner Kickoff Celebrating Arctic Wolf’s 2026 Partner of the Year Winners at Global Partner Kickoff Die Auswahl Einer Vulnerability Management-Lösung The Hidden Economics of the Agentic SOC The Hidden Economics of the Agentic SOC | Arctic Wolf Security Operations in Maschinen-Geschwindigkeit Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf How Aurora Managed Endpoint Defense Combines Experts and Technology to Simplify Security Aurora Endpoint Sicherheitsportfolioa | Arctic Wolf From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services arcticwolf.com arcticwolf.com Arctic Wolf Product Updates: May 2026 arcticwolf.com Arctic Wolf Product Updates: May 2026 FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch What’s New What’s Next with Arctic Wolf: May 2026 Update Cybersecurity Trends in the Age of AI arcticwolf.com Arctic Wolf、AI搭載のモバイル脅威防御ソリューションを発表、 増加するモバイル端末を標的としたサイバー攻撃から組織を保護 How Arctic Wolf Aurora Mobile Threat Defense Protects the Mobile Attack Surface How AI Is Transforming Detection Engineering 「Aurora Mobile Threat Defense」の提供が開始されました Accelerating Cloud Security Outcomes Together: Why Arctic Wolf and Wiz are Redefining What’s Possible - Arctic Wolf InfoSecurity Europe 2026 OpenAI Daybreak and the Future of Secure Software Development - Arctic Wolf OpenAI Daybreak and the Future of Secure Software Development Turning Security Telemetry Into Actionable Insights | Arctic Wolf Detecting Identity Attacks at Scale with Herd Immunity Detecting Identity Attacks at Scale with Herd Immunity | Arctic Wolf arcticwolf.com arcticwolf.com PowerShell Security | Arctic Wolf How to Gain Visibility and Reduce Exposure with Aurora Attack Surface Management arcticwolf.com Mini Shai-Hulud: Supply Chain Malware Attack arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com Arctic Wolf Introduces the Next Era of Exposure Management to Help Organizations Outpace AI-Accelerated Vulnerability Discovery Arctic Wolf Launches AI-Powered Mobile Threat Defense to Protect Organizations Against Growing Mobile-based Cyber Threats Aurora Mobile Threat Defense is Now Available Turning Visibility Into Action: Introducing Aurora Exposure Management Protecting Against IOT Security Risks | Arctic Wolf CVE-2026-0300 — Critical Buffer Overflow in PAN-OS User-ID Authentication Portal IoT Security Risks | Arctic Wolf arcticwolf.com Should Your Organization Rely on XDR? | Arctic Wolf 止まらないランサムウェア被害 - Qilinの事案から読み解く、検知、対応と経営判断 arcticwolf.com Aurora® Attack Surface Management For Healthcare arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com CVE-2026-41940: Critical Exploited Authentication Bypass Vulnerability in cPanel & WHM Why Vulnerability Prioritization Requires More Than a Score | Arctic Wolf Token Bingo: Don’t Let Your Code be the Winner EFM Philadelphia IT Symposium MN Bankers Operations and Technology Conference SecureMiami 2025 Cyber Identity Summit – Ottawa MISA Exec Summit – Victoria Arkansas IT Symposium – efmEvents Cybersecurity Summit – Boston Houston Technology Summit – elevateIT Nevada Public Sector Cybersecurity Summit SecureWorld Philadelphia Nick Schneider of Arctic Wolf named Entrepreneur Of The Year® 2026 Heartland finalist by EY US arcticwolf.com arcticwolf.com Introducing Decipio: A Community Tool to Catch Credential Theft in the Act with Defense First AI Arctic Wolf Introduces Decipio, a Community Tool to Catch Credential Theft with Defense‑First AI Proxy Server Endpoint Endpoint Detection and Response AIマルウェアの急増:その挙動、攻撃主体の特定、防御体制の備え arcticwolf.com arcticwolf.com Project Glasswing Marks a Turning Point for Cybersecurity Frontier AI Models Mark a Turning Point for Cybersecurity arcticwolf.com arcticwolf.com Building Cyber Resilience with Arctic Wolf: A Practical Approach for Security Leaders Arctic Wolf、東映デジタルラボ株式会社を Aurora Managed Endpoint Defenseで保護 Arctic Wolf Named a 2026 Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response arcticwolf.com
Why Cybersecurity Still Matters Even If AI Improves Secure Development | Arctic Wolf
Dan Schiappa · 2026-05-01 · via Arctic Wolf

This post reflects the author’s views as of the publication date and contains forward-looking statements and opinions about technology trends. Actual outcomes may differ based on attacker behavior, customer environments, and broader market and regulatory developments.

Anthropic has officially launched Claude Security, moving its AI‑driven code vulnerability detection, validation, and patching capabilities from a limited research preview into public beta. Improving software security before code ships is a positive step for the industry and can help reduce future risk.

However, stronger secure‑by‑design development does not address the scale of exposure organizations face today. Most enterprises are already operating with thousands of known vulnerabilities, misconfigurations, and identity risks across live environments. Finding issues earlier in the development lifecycle reduces future problems, but it does not remediate what is already deployed and actively exposed.

That reality reinforces a broader industry truth: cybersecurity outcomes depend on identifying, prioritizing, and reducing risk across operating systems, cloud infrastructure, identities, and human workflows in real time. AI can accelerate this work, but only when paired with the operational context and expertise required to act on it at speed.

The recent announcement from Anthropic introducing new AI-coding capabilities tied to its Claude platform sparked immediate speculation about what AI-driven secure development could mean for cybersecurity.

The vision for the future of the security industry that’s currently being discussed online is extremely ambitious, with some experts claiming that Anthropic’s new capabilities will soon introduce AI systems that dramatically reduce, or potentially eliminate, software vulnerabilities before code ever reaches production.

If realized, that would be an important advancement, and one that Arctic Wolf would salute. Software vulnerabilities have long provided attackers with reliable entry points into organizations and reducing them at scale would improve the overall security posture of the digital ecosystem. Security leaders should welcome progress that makes secure development easier and more accessible.

However, enthusiasm about future innovation should not obscure reality. Even in a hypothetical world where software vulnerabilities could largely disappear, cybersecurity would remain both necessary and complex. Many of the most disruptive attacks in recent years have succeeded without exploiting a single software flaw, underscoring a broader truth about the nature of modern cyber risk.

Vulnerability Detection Is an Input, Not the Outcome

Major technology transitions often produce sweeping predictions about disruption. When markets cannot easily predict which companies will emerge strongest during a shift, the instinct is sometimes to assume everyone is equally threatened until proven otherwise. Cybersecurity is currently experiencing a moment like that as AI capabilities accelerate.

The assumption that AI-assisted vulnerability discovery fundamentally replaces security platforms or even security management products misunderstands how organizations actually achieve security outcomes. Vulnerability scanning and secure code analysis have existed for decades, delivered by highly capable vendors and adopted widely across enterprise development pipelines. Can AI improve the speed and scale of that work? Almost certainly. What it cannot do is eliminate a problem the industry has already spent years trying to solve. Finding bugs faster is an important input to security outcomes. It is not a replacement for security operations. Long before frontier AI models entered the conversation, developers relied on static analysis, dependency scanning, and automated testing tools to reduce risk earlier in the software lifecycle.

AI may significantly improve those capabilities, and that is a positive development. Faster identification of insecure patterns, automated remediation suggestions, and improved developer workflows can reduce exposure across industries. But discovering vulnerabilities does not equal protecting an entire enterprise environment. For example, Arctic Wolf published research last year that found that in 76% of intrusion cases, threat actors employed one or more of 10 specific vulnerabilities, all of which were previously known and contained a patch at the time of exploitation. This trend is similar when looking at ransomware cases, where zero-day exploits were only responsible for 0.4% of cases.

Security leaders and analysts are responsible for defending identities, monitoring cloud infrastructure, securing endpoints, managing third-party relationships, detecting anomalous behavior, and responding to incidents under real-world operational pressure. Tools that improve inputs into security operations ultimately strengthen platforms responsible for correlating signals and delivering outcomes. They do not remove the need for those platforms any more than better construction equipment eliminates the need for architects and builders.

Recent Breaches Show the Limits of a Vulnerability-Centric View

Recent high-profile incidents illustrate how frequently attackers bypass technical exploitation altogether. In 2023, attackers targeted major casino operators, including MGM Resorts International and Caesars Entertainment. Public reporting indicated that attackers relied heavily on social engineering tactics, impersonating employees and persuading IT help desk personnel to reset credentials.

The breach did not hinge on sophisticated malware engineering or undiscovered vulnerabilities. Instead, it exploited trust, process gaps, and human behavior. Once attackers obtained legitimate credentials, they operated within systems as authorized users, making traditional vulnerability defenses largely irrelevant.

A useful way to pressure-test the “AI will eliminate cybersecurity risk” narrative is to look at how some of the most damaging recent intrusions unfolded. The activity associated with Scattered Spider is a case in point. Their operations repeatedly bypassed hardened infrastructure not by exploiting zero-days, but by exploiting people and processes. Attackers impersonated employees, manipulated help desks, enrolled new devices, and reset credentials through legitimate workflows designed for customer service and operational continuity.

The lesson is uncomfortable, but clear: When identity becomes the perimeter, persuasion can become the exploit. The same dynamic appeared in the attack on Change Healthcare, where adversaries gained access through compromised credentials tied to remote access systems lacking sufficient MFA enforcement.

No novel software flaw was required. Instead, attackers combined credential access, authentication gaps, and operational blind spots to achieve systemic disruption at national scale. Even in a hypothetical world where AI eliminated memory-safety bugs or dramatically reduced exploitable code defects, these attacks would still succeed because they target trusted relationships, identity governance, and human decision making. That is precisely why security outcomes depend less on eliminating a single class of technical weakness and more on continuously managing exposure across identity, behavior, and operational controls.

This pattern has become increasingly common across sectors. Business email compromise campaigns rely on impersonation rather than malware. MFA fatigue attacks pressure users into approving fraudulent authentication requests. Cloud exposures frequently arise from configuration mistakes rather than exploitable bugs. Insider threats involve misuse of legitimate access privileges. Supply chain compromises leverage trusted vendor relationships to move laterally between organizations.

Attackers consistently demonstrate a preference for efficiency. If identity compromise or social engineering delivers faster results than technical exploitation, adversaries will choose those paths.

Perfect software cannot prevent deception, credential theft, or operational missteps. As organizations expand across hybrid cloud environments and distributed workforces, those risks often become more prominent, not less.

Frameworks Already Recognize Cybersecurity as an Operational Discipline

Established cybersecurity frameworks reflect this broader understanding of risk. The Cybersecurity Framework developed by the National Institute of Standards and Technology emphasizes governance, asset visibility, detection, response, and recovery alongside technical protections. Similarly, adversary behavior models maintained by the MITRE Corporation map attacker activity across dozens of tactics that extend far beyond exploitation.

Credential access, persistence mechanisms, lateral movement, and data exfiltration remain central components of modern attacks, regardless of software quality. Organizations rarely experience catastrophic breaches simply because a vulnerability exists. More often, incidents escalate because visibility gaps prevent defenders from recognizing attacker activity quickly enough or because fragmented tools slow response efforts. Cybersecurity therefore functions as an operational discipline rather than a purely technical one. Continuous monitoring, contextual analysis, and coordinated incident response remain essential even when preventive controls improve.

The Work Ahead

Cybersecurity has already navigated multiple technology inflection points, from cloud adoption to distributed workforces and SaaS sprawl. Each innovation improved speed and scale while expanding opportunity for attackers. AI will be no different. It will meaningfully reduce certain risks, but adversaries will continue to exploit identity, human workflows, and operational blind spots that exist far beyond the codebase.

That’s why lasting security outcomes don’t come from eliminating a single class of threats. Organizations need continuous visibility across their environments, expertise grounded in real adversary behavior, and security operations built to detect and respond when prevention inevitably fails. At Arctic Wolf, our focus remains the same: helping customers stay ahead of evolving threats by combining the Aurora™ Platform with human expertise to deliver measurable risk reduction across every attack surface.