惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs
博客园 - 叶小钗
P
Privacy International News Feed
Jina AI
Jina AI
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
IT之家
IT之家
博客园 - 聂微东
Know Your Adversary
Know Your Adversary
Help Net Security
Help Net Security
罗磊的独立博客
I
Intezer
S
Schneier on Security
博客园_首页
C
CERT Recently Published Vulnerability Notes
雷峰网
雷峰网
Cisco Talos Blog
Cisco Talos Blog
宝玉的分享
宝玉的分享
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
H
Heimdal Security Blog
S
Secure Thoughts
Hacker News: Ask HN
Hacker News: Ask HN
Y
Y Combinator Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
SecWiki News
SecWiki News
The GitHub Blog
The GitHub Blog
A
Arctic Wolf
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
Engineering at Meta
Engineering at Meta
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

CSO Online

New malware turns Linux systems into P2P attack networks Poisoned truth: The quiet security threat inside enterprise AI Train like you fight: Why cyber operations teams need no-notice drills Die besten DAST- & SAST-Tools CISA mulls new three-day remediation deadline for critical flaws CISA pushes critical infrastructure operators to prepare to work in isolation CISOs step up to the security workforce challenge 10 Anzeichen für einen schlechten CSO Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models Security agencies draw red lines around agentic AI deployments The fake IT worker problem CISOs can’t ignore How CISOs should utilize data security posture management to inform risk Was ist ein Botnet? Human-centric failures: Why BEC continues to work despite MFA Just 34% of cyber pros plan to stick with their current employer Managing OT risk at scale: Why OT cyber decisions are leadership decisions 4 ways to prepare your SOC for agentic AI ‘Trivial’ exploit can give attackers root access to Linux kernel Bank regulator sounds warning over cybersecurity threat posed by AI models Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators Max-severity RCE flaw found in Google Gemini CLI Stopping the quiet drift toward excessive agency with re-permissioning ODNI to CISOs on threat assessments: You’re on your own 10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years AWS leans on prior ingenuity to face future AI and quantum threats What it takes to win that CSO role Third Party Risk Management: So vermeiden Sie Compliance-Unheil Critical Cursor bug could turn routine Git into RCE Securing RAG pipelines in enterprise SaaS What CISOs need to get right as identity enters the agentic era Stopping AiTM attacks: The defenses that actually work after authentication succeeds EDR-Software – ein Kaufratgeber Microsoft patched an ‘agent-only’ role that was not AI is reshaping DevSecOps to bring security closer to the code The 'manager of agents': How AI evolves the SOC analyst role 4 Wege aus der Security-Akronymhölle Autonome KI-Agenten: Strategien für die neue Bedrohungslage New US House privacy bills raise hard questions about enterprise data collection Scattered Spider co-conspirator pleads guilty Security-KPIs und -KRIs: So messen Sie Cybersicherheit Bitwarden CLI password manager trojanized in supply chain attack 3 practical ways AI threat detection improves enterprise cyber resilience The curious case of Sean Plankey’s derailed CISA nomination Google gets agent-ready for the Mythos age Google drafts AI agents secure systems against AI hackers CNAPP – ein Kaufratgeber Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure NFC tap-to-pay gets tapped by hackers Anthropic bets on EPSS for the coming bug surge SBOM erklärt: Was ist eine Software Bill of Materials? Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered Prompt injection turned Google’s Antigravity file search into RCE Why identity is the driving force behind digital transformation Top techniques attackers use to infiltrate your systems today The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook CISOs reshape their roles as business risk strategists Copilot & Agentforce offen für Prompt-Injection-Tricks Claude Mythos – ist der Hype gerechtfertigt? Für Cyberattacken gewappnet – Krisenkommunikation nach Plan Critical sandbox bypass fixed in popular Thymeleaf Java template engine White House moves to give federal agencies access to Anthropic’s Claude Mythos Another Microsoft Defender privilege escalation bug emerges days after patch Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten NIST cuts down CVE analysis amid vulnerability overload Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht The endless CISO reporting line debate — and what it says about cybersecurity leadership Behind the Mythos hype, Glasswing has just one confirmed CVE Insurance carriers quietly back away from covering AI outputs RCE by design: MCP architectural choice haunts AI agent ecosystem Critical nginx UI tool vulnerability opens web servers to full compromise Copilot and Agentforce fall to form-based prompt injection tricks The deepfake dilemma: From financial fraud to reputational crisis 7 biggest healthcare security threats The need for a board-level definition of cyber resilience Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action 13 Fragen gegen Drittanbieterrisiken April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs 4 questions to ask before outsourcing MDR 5 trends defining the future of AI-powered cybersecurity EU regulators largely denied access to Anthropic Mythos China-linked cloud credential heist runs on typos and SMTP How AI is transforming threat detection The AI inflection point: What security leaders must do now Cyber-Inspekteur: Hybride Attacken nehmen weiter zu Anthropic’s Mythos signals a structural cybersecurity shift Seven IBM WebSphere Liberty flaws can be chained into full takeover Old Docker authorization bypass pops up despite previous patch Hacker Unknown now known, named on Europol’s most-wanted list The cyber winners and losers in Trump’s 2027 budget CMMC compliance in the age of AI Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes Was CISOs von Moschusochsen lernen können Hackers have been exploiting an unpatched Adobe Reader vulnerability for months New ClickFix variant bypasses Apple safeguards with one‑click script execution Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning Patch windows collapse as time-to-exploit accelerates So geht Post-Incident Review
Cybersecurity was built for predictable systems. AI changes the rules
Joe Sullivan · 2026-06-18 · via CSO Online

Opinion

Jun 18, 20269 mins

AI's unpredictable, dynamic nature is breaking traditional cybersecurity models, requiring leaders to shift focus from prevention to real-time runtime visibility.

Every major technology shift changes cybersecurity. I’ve spent much of my career working through major technology transitions, from the rise of the commercial internet to mobile and cloud computing. Each shift created new opportunities for innovation, but it also created new security problems organizations weren’t fully prepared for.

AI may resemble previous technology shifts in some ways, but it differs in one important respect: it challenges one of the foundational assumptions modern security programs were built around: predictability.

For most of my career, security teams operated in environments where systems behaved deterministically. Applications generally executed the same way every time. Infrastructure changed slowly enough for humans to map dependencies, understand trust boundaries and implement controls around them. Even cloud transformation allowed us to apply familiar security models to new infrastructure.

AI changes those assumptions.

Agentic systems make decisions dynamically. Large language models generate different outputs based on context. AI systems increasingly interact with external tools, APIs and environments in ways their developers can’t always fully predict ahead of time. When systems stop behaving consistently, the traditional “keep bad things out” approach to cybersecurity starts to break down.

Prevention still matters. But prevention alone is structurally insufficient for environments where risk evolves continuously at runtime.

Security was built for deterministic systems

When I was helping build security programs years ago, much of the focus centered on hardening systems before deployment. Security teams tried to identify vulnerabilities early, reduce exposure and prevent attackers from gaining access in the first place.

Even during the early years of cloud adoption, most organizations still approached security primarily through configuration and policy management. We worried about permissions, exposed storage buckets and identity sprawl while cloud security tools focused heavily on identifying misconfigurations and locking down infrastructure.

Those controls remain critically important today. But the cloud era also taught us that security failures rarely happen in static diagrams. They happen in live environments, where permissions change, APIs evolve and identities gain unexpected access paths while systems interact in ways architects never fully anticipated.

By the time organizations map one state of the environment, it’s already changed. Risk increasingly emerges at runtime, when identities inherit unintended access, APIs change behavior or AI agents interact with systems in ways no architecture diagram captured.

In conversations I’ve had with companies, I’ve seen them go from generating hundreds of thousands of lines of code per month to millions. AI-assisted development tools are fundamentally changing software engineering workflows. A Harvard Business School study found that after developers gained access to GitHub Copilot, coding activity increased by 12.4% while time spent on project management tasks dropped by nearly 25% – a shift that can leave less time for the reviews and coordination governance depends on.

From a business perspective, acceleration creates leverage, but it also compresses the time security teams have to understand what’s entering production. Attackers are beginning to use AI to reduce the manual effort historically required for reconnaissance, exploit chaining and vulnerability validation at scale.

Security by obscurity isn’t a winning strategy. For years, organizations often accepted certain vulnerabilities because exploitation required too much time, expertise or effort from attackers.

Vulnerabilities once considered difficult to chain together are becoming easier to operationalize at scale as attackers use AI to automate portions of the process. Security leaders need to recognize that some of the prioritization models organizations built over the last decade may no longer reflect today’s reality.

Why prevention alone no longer works

As AI systems become more autonomous, runtime visibility becomes critical.

Many organizations historically treated runtime monitoring as a secondary layer behind prevention, viewing it mainly as a safety net for edge cases.

That model breaks down when systems can evolve and interact faster than security teams can realistically validate in real time.

If an AI agent can interact with multiple systems, generate new actions independently or adapt its behavior based on changing context, organizations can’t rely exclusively on pre-deployment controls. Security teams need visibility into what these systems are doing while they operate.

That includes:

  • What data AI systems can access
  • How identities interact with sensitive environments
  • What actions agents are taking
  • Whether systems are deviating from expected behavior
  • How quickly organizations can contain unintended consequences

In many ways, modern security is shifting from trying to prevent every compromise to limiting how quickly unintended behavior can spread once systems begin acting autonomously.

Security leaders should be careful not to overreact to this shift with fear-driven narratives. AI will absolutely create new security challenges, but it also creates opportunities for defenders.

Security teams can’t scale using human labor alone anymore. The sheer volume of infrastructure changes, software generation and vulnerability management exceeds what most organizations can handle manually.

We’re already seeing organizations experiment with AI-assisted triage, automated investigation workflows and defensive agents that can help security teams move faster and manage growing operational complexity. Security products are beginning to evolve into operational extensions of security teams rather than passive alerting systems.

That evolution makes sense. Attackers are using automation and AI to increase speed and scale. Defenders will need to do the same to maintain parity.

5 priorities for security leaders in the AI era

The organizations that adapt best to AI-driven risk won’t necessarily be the ones with the largest security teams or the biggest budgets. More often, they’ll be the ones that adjust fastest as software, infrastructure and attacker behavior evolve more quickly than traditional security operations were built to handle.

That shift requires you to think differently about how you manage risk, operations and resilience.

1. Rebuild vulnerability management for AI-scale software development

Many vulnerability management programs were already overwhelmed before AI accelerated software generation and lowered portions of the attacker cost curve. That challenge is becoming exponentially harder.

Stop assuming old exploitability models will hold up in an environment where attackers can use AI to accelerate reconnaissance, vulnerability chaining and exploit development.

You need to reassess how vulnerabilities are prioritized, validated and remediated because some of the assumptions organizations made over the last decade about attacker limitations may no longer reflect reality.

Some organizations are already investing in model harnesses to deploy new AI models more effectively and securely.

2. Treat runtime visibility as a primary control

Runtime monitoring can no longer be treated as a secondary capability behind prevention. Every team needs to invest in new forms of tooling to gain this visibility.

That said, runtime monitoring is not something security organizations can vibe code into existence. We need to expect our security vendors to build continuous visibility into workloads, identities, APIs and AI system behavior in production environments.

Prioritize clearer context around which vulnerabilities are reachable, exposed or being actively leveraged. This becomes increasingly important as AI systems interact with infrastructure and data in less predictable ways.

3. Use AI to augment defensive operations

Most organizations can’t hire enough people to keep pace with the operational demands AI introduces.

Use automation and AI to reduce investigation time, automate repetitive workflows and improve response speed. Human judgment still matters, but security teams are operating in environments where the volume of alerts, infrastructure changes and software generation exceeds what people can manage manually.

AI can help teams focus on higher-order decisions instead of operational noise.

4. Focus on resilience and containment

Perfect prevention has never existed, but it becomes even less realistic in highly dynamic AI environments.

Think more carefully about blast radius reduction, rapid containment and operational resilience. Your ability to detect unintended behavior quickly and limit downstream impact will matter far more as organizations deploy more autonomous systems.

I think many security leaders are still too focused on whether AI systems can fail instead of preparing for how to operate safely when they inevitably do.

5. Position security as an enabler of transformation

One of the biggest mistakes security organizations can make right now is to approach AI primarily as something to stop.

Boards and CEOs are pushing aggressively toward AI adoption because they view it as strategically necessary. If you position security purely as a blocking function, you risk losing influence during one of the most important technology transitions in decades.

Executive teams understand AI transformation can’t succeed without strong security leadership guiding risk decisions in real time.

That creates an opportunity to help your business move faster safely while building security programs better equipped for dynamic environments.

AI is forcing a new security operating model

The core challenge AI creates for security teams isn’t simply scale. It’s the erosion of predictability. The pace of change will accelerate as AI systems become more deeply integrated into business operations.

To operate effectively in this environment, focus on building security programs that can adapt quickly, contain risk in real time and support innovation without losing visibility or control. Drive this evolution through both hiring and vendor investments, with a stronger focus on AI fluency and operational expertise.

Only with prioritized investment in staff and tooling can you achieve stronger runtime awareness, faster response capabilities and operating models that keep pace with continuously changing infrastructure and software environments.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Joe Sullivan

Joe Sullivan is a former federal prosecutor and former CSO for Facebook, Uber and Cloudflare. He's currently a strategic advisor at Upwind, and he has over two decades of experience in cybersecurity leadership and public service.

More from this author

Show me more