惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
W
WeLiveSecurity
Cyberwarzone
Cyberwarzone
H
Help Net Security
Spread Privacy
Spread Privacy
Jina AI
Jina AI
G
GRAHAM CLULEY
Project Zero
Project Zero
aimingoo的专栏
aimingoo的专栏
P
Palo Alto Networks Blog
云风的 BLOG
云风的 BLOG
B
Blog RSS Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
A
Arctic Wolf
L
LangChain Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
人人都是产品经理
人人都是产品经理
罗磊的独立博客
量子位
Microsoft Security Blog
Microsoft Security Blog
The Register - Security
The Register - Security
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
G
Google Developers Blog
小众软件
小众软件
Vercel News
Vercel News
V
Visual Studio Blog
IT之家
IT之家
C
Cisco Blogs
博客园 - 聂微东
Cisco Talos Blog
Cisco Talos Blog
Help Net Security
Help Net Security
S
Schneier on Security
PCI Perspectives
PCI Perspectives
C
Check Point Blog
V
Vulnerabilities – Threatpost
J
Java Code Geeks
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
N
News and Events Feed by Topic
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
SecWiki News
SecWiki News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tenable Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future

CSO Online

New malware turns Linux systems into P2P attack networks Poisoned truth: The quiet security threat inside enterprise AI Train like you fight: Why cyber operations teams need no-notice drills Die besten DAST- & SAST-Tools CISA mulls new three-day remediation deadline for critical flaws CISA pushes critical infrastructure operators to prepare to work in isolation CISOs step up to the security workforce challenge 10 Anzeichen für einen schlechten CSO Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models Security agencies draw red lines around agentic AI deployments The fake IT worker problem CISOs can’t ignore How CISOs should utilize data security posture management to inform risk Was ist ein Botnet? Human-centric failures: Why BEC continues to work despite MFA Just 34% of cyber pros plan to stick with their current employer Managing OT risk at scale: Why OT cyber decisions are leadership decisions 4 ways to prepare your SOC for agentic AI ‘Trivial’ exploit can give attackers root access to Linux kernel Bank regulator sounds warning over cybersecurity threat posed by AI models Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators Max-severity RCE flaw found in Google Gemini CLI Stopping the quiet drift toward excessive agency with re-permissioning ODNI to CISOs on threat assessments: You’re on your own 10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years AWS leans on prior ingenuity to face future AI and quantum threats What it takes to win that CSO role Third Party Risk Management: So vermeiden Sie Compliance-Unheil Critical Cursor bug could turn routine Git into RCE Securing RAG pipelines in enterprise SaaS What CISOs need to get right as identity enters the agentic era Stopping AiTM attacks: The defenses that actually work after authentication succeeds EDR-Software – ein Kaufratgeber Microsoft patched an ‘agent-only’ role that was not AI is reshaping DevSecOps to bring security closer to the code The 'manager of agents': How AI evolves the SOC analyst role 4 Wege aus der Security-Akronymhölle Autonome KI-Agenten: Strategien für die neue Bedrohungslage New US House privacy bills raise hard questions about enterprise data collection Scattered Spider co-conspirator pleads guilty Security-KPIs und -KRIs: So messen Sie Cybersicherheit Bitwarden CLI password manager trojanized in supply chain attack 3 practical ways AI threat detection improves enterprise cyber resilience The curious case of Sean Plankey’s derailed CISA nomination Google gets agent-ready for the Mythos age Google drafts AI agents secure systems against AI hackers CNAPP – ein Kaufratgeber Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure NFC tap-to-pay gets tapped by hackers Anthropic bets on EPSS for the coming bug surge SBOM erklärt: Was ist eine Software Bill of Materials? Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered Prompt injection turned Google’s Antigravity file search into RCE Why identity is the driving force behind digital transformation Top techniques attackers use to infiltrate your systems today The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook CISOs reshape their roles as business risk strategists Copilot & Agentforce offen für Prompt-Injection-Tricks Claude Mythos – ist der Hype gerechtfertigt? Für Cyberattacken gewappnet – Krisenkommunikation nach Plan Critical sandbox bypass fixed in popular Thymeleaf Java template engine White House moves to give federal agencies access to Anthropic’s Claude Mythos Another Microsoft Defender privilege escalation bug emerges days after patch Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten NIST cuts down CVE analysis amid vulnerability overload Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht The endless CISO reporting line debate — and what it says about cybersecurity leadership Behind the Mythos hype, Glasswing has just one confirmed CVE Insurance carriers quietly back away from covering AI outputs RCE by design: MCP architectural choice haunts AI agent ecosystem Critical nginx UI tool vulnerability opens web servers to full compromise Copilot and Agentforce fall to form-based prompt injection tricks The deepfake dilemma: From financial fraud to reputational crisis 7 biggest healthcare security threats The need for a board-level definition of cyber resilience Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action 13 Fragen gegen Drittanbieterrisiken April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs 4 questions to ask before outsourcing MDR 5 trends defining the future of AI-powered cybersecurity EU regulators largely denied access to Anthropic Mythos China-linked cloud credential heist runs on typos and SMTP How AI is transforming threat detection The AI inflection point: What security leaders must do now Cyber-Inspekteur: Hybride Attacken nehmen weiter zu Anthropic’s Mythos signals a structural cybersecurity shift Seven IBM WebSphere Liberty flaws can be chained into full takeover Old Docker authorization bypass pops up despite previous patch Hacker Unknown now known, named on Europol’s most-wanted list The cyber winners and losers in Trump’s 2027 budget CMMC compliance in the age of AI Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes Was CISOs von Moschusochsen lernen können Hackers have been exploiting an unpatched Adobe Reader vulnerability for months New ClickFix variant bypasses Apple safeguards with one‑click script execution Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning Patch windows collapse as time-to-exploit accelerates So geht Post-Incident Review
AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!
by Patrick Doliny Contributor · 2026-06-12 · via CSO Online

Opinion

Jun 12, 20269 mins

We have spent decades perfecting the cybersecurity emergency room. We never built the rest of the healthcare system. The Clinical Cybersecurity Framework is the model that does.

For 30 years, cybersecurity has operated like an emergency room.

Reactive. Crisis-driven. Always triaging. We are extraordinarily good at it — our detection is faster, our response playbooks are sharper, our incident teams are more capable than they have ever been. When something goes wrong, the modern security organization runs toward the fire with real skill.

But here is the uncomfortable truth that artificial intelligence is now forcing into the open: An emergency room does not produce a healthy population. Healthcare does that — through prevention, continuous monitoring, early diagnosis and a model of the whole patient.

Cybersecurity never built that model. We built the trauma bay and called it a profession.

For a long time, we got away with it. The threat environment moved at human speed. The gaps in our thinking were survivable. AI has ended that grace period. It has not created a new weakness so much as it has illuminated the oldest one — and it is now moving faster than our reactive posture can absorb.

We do not have a tooling problem. We have a missing-model problem. And until we name it, no amount of investment will fix it.

We’ve been asking — and answering — the wrong question

Walk into almost any boardroom and you will hear the same exchange. A director asks the CISO: “Are we secure?”

It is the wrong question, and most of us have known it for years.

“Secure” is binary. It is a snapshot. It is a yes-or-no answer to something that is actually a living, continuously changing condition. No physician would accept that question from a patient. A doctor does not ask “Are you healthy?” and expect a useful answer. They ask a better set of questions: How are you functioning? What do the vital signs say? What is trending in the wrong direction? What needs attention now, before it becomes a crisis?

Cybersecurity has never adopted that mindset because it never had the model that requires it. We have frameworks for controls. We have frameworks for adversary behavior. We have no widely adopted framework for organizational health — for whether the enterprise, as a whole living system, is well.

That gap was tolerable when threats were slow. It is not tolerable now.

Why AI breaks the reactive model

AI changes three things at once, and each one punishes a reactive posture specifically.

  • It compresses the timeline. Reconnaissance, exploitation, lateral movement and exfiltration that once unfolded over days now unfold in minutes. An emergency-room model assumes there is time between the symptom and the intervention. AI is closing that window. You cannot triage your way through an attack that completes before the triage begins.
  • It industrializes the routine. AI makes competent attacks cheap and abundant — phishing that is grammatically perfect and contextually aware, deepfaked executives authorizing transfers, vulnerability discovery at machine scale. The reactive model assumes a manageable volume of meaningful events. AI removes that assumption.
  • It introduces a new organ we do not know how to monitor. Every enterprise is now deploying AI systems into its own operations — including its security operations. These systems make decisions, take actions and carry risk. They are, in clinical terms, a new organ inside the body. And most organizations have deployed them with no intake assessment, no monitoring of their condition and no governance of their behavior. We have added an organ to the patient and never checked whether it is healthy.

A reactive model has no answer to any of this. You cannot out-triage machine speed. The only viable response is to shift from reaction to health — to build the enterprise’s adaptive capacity before the crisis, not after.

What a health model actually looks like

This is the thinking behind the Clinical Cybersecurity Framework — a model I have developed over two decades in the CISO chair, and one that has resonated strongly enough with peers over the past months to convince me it is naming something the industry already feels.

The premise is simple. An enterprise should be treated less like static infrastructure and more like a living organism — and once leaders see that anatomy clearly, the entire security conversation changes.

Every enterprise has the same essential anatomy:

ENTERPRISE SYSTEMCLINICAL EQUIVALENT
Critical business servicesOrgans
Data flowsCirculatory system
Identity and accessImmune system
InfrastructureNervous system
Telemetry and monitoringVital signs
Incident responseEmergency medicine
Resilience and recoveryRehabilitation
GovernanceClinical leadership
AI oversightAutonomous clinical supervision
The digital enterprise: clinical view. An anatomy map of the Clinical Cybersecurity Framework

Patrick Doliny

This is not a metaphor for its own sake. It is an operating model, and it does three things a controls checklist cannot.

  1. It makes diagnosis come before treatment. No competent clinician prescribes before examining. Yet cybersecurity routinely buys tools before it has assessed the patient. A health model requires a clinical intake first — an honest baseline of how the organization is actually functioning — and only then a treatment plan built for that specific patient.
  2. It makes health measurable and continuous. A patient’s vital signs are monitored continuously, against known healthy ranges, with the direction of movement mattering as much as the current value. A health model holds cybersecurity to the same standard: Not an annual audit snapshot, but continuous monitoring of the organization’s real condition.
  3. It gives every leader one shared question. A heart rhythm is universally legible — a clinician, an administrator and a frightened family member can all read the same monitor and grasp the same essential question: Is the rhythm steady, or is something wrong? Cybersecurity has never had that shared signal. Boards get threat counts and patch percentages; they do not get a pulse. A health model gives technologists, executives and directors one common language for the same reality.

Where this fits with the frameworks we already have

This does not replace what works. It completes it.

NIST explains controls — the disciplined architecture of safeguards. MITRE explains adversaries — how attackers think and move. Both are essential. Neither was built to answer whether the organization, as a whole, is well.

NIST tells you whether the safeguards exist. MITRE tells you who is coming for them. A clinical model tells you whether the patient can withstand the encounter — and recover from it. That third question is the one AI is now asking with an urgency the industry has never faced. It is the missing layer, and it sits above the others, not against them.

A graphic representing how NIST, MITRE and CCF fit together to creat a complete view of cybersecurity.

Patrick Doliny

Why this matters for the CISO and the board

Adopting a health model changes the CISO’s role and changes it for the better.

It moves the CISO out of the position of the technician who reports incidents and into the position of the clinician who reports condition. “Are we secure?” has no good answer. “Here is our organizational health, here are the vital signs trending the wrong way, here is the treatment plan and what it requires” — that is a conversation a board can actually govern with.

It also reframes resilience itself. Resilience is not the redundant infrastructure that restores data. Resilience, properly understood, is the process and outcome of adapting successfully to difficult conditions — through mental, emotional and behavioral flexibility. Backups restore data. Only adaptive people and well-governed systems restore an organization. A health model treats that adaptive capacity as something to be built and measured, not assumed.

And it gives the enterprise a way to think about AI that matches the stakes. If AI is a new organ, it requires what every organ requires: An intake assessment before deployment, continuous monitoring of its condition, defined operating boundaries and clinical-grade governance. AI deployed without that is not a capability. It is an unmonitored risk inside the body it was meant to protect.

Two different dashboards showing the difference between a technician-centric report and a clinician-centric report.

Patrick Doliny

It’s time to stop running the emergency room

The reactive era of cybersecurity is ending — not because it failed, but because it was never the whole job. We built a superb emergency room and mistook it for a healthcare system. AI is the force that has made the missing piece impossible to ignore.

The organizations that will lead the next decade will not be the ones with the most tools or the loudest alerts. They will be the ones that can answer a better question than “Are we secure?”

They will be the ones that can say, with evidence: We know how this organism is functioning. We are monitoring its vital signs. We are treating what the diagnosis revealed. And we are building the adaptive capacity to absorb what comes next.

It is time to stop running the emergency room and start practicing medicine.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Patrick Doliny

Patrick J. Doliny is a cybersecurity executive, US Marine veteran, and recipient of the 2026 CSO Cybersecurity Award from Foundry. He is the creator of the Clinical Cybersecurity Framework (CCF), a model that reframes cybersecurity as organizational wellness rather than static compliance.

Show me more