惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
Recent Announcements
Recent Announcements
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
MongoDB | Blog
MongoDB | Blog
U
Unit 42
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
P
Privacy International News Feed
L
LINUX DO - 最新话题
博客园_首页
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
Visual Studio Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
P
Privacy & Cybersecurity Law Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
C
Cisco Blogs
博客园 - 【当耐特】
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
罗磊的独立博客
MyScale Blog
MyScale Blog
Last Week in AI
Last Week in AI
A
About on SuperTechFans
G
GRAHAM CLULEY
Y
Y Combinator Blog
Microsoft Security Blog
Microsoft Security Blog
GbyAI
GbyAI
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
D
DataBreaches.Net
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
I
InfoQ
T
The Exploit Database - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 叶小钗
Project Zero
Project Zero

The Cloud Experience Everywhere articles

What I learned about Epistemia: A new way to build AI you can trust Strategy is the easy part, but can you deliver? Simplify HPE Morpheus Software automation with the new visual workflow builder AI evolution: Shifting from training to inference needs infrastructure modernization HPE Morpheus Central is here. Managing a multisite fleet just changed. Architecting your IT environment for change is key to the Great VM Reset An overview of IT service management using HPE OpsRamp Software Service Desk Beyond the basics: Deeper observability for HPE Morpheus Software – VM essentials Simpler, faster hybrid cloud management with agentic AI in HPE Morpheus Software 9.0 Navigating the signal tsunami: Why shared observability matters today HPE OpsRamp Software named as major player in the IDC MarketScape Achieving zero downtime: A deep dive into HPE Morpheus Software high availability Scaling the hybrid cloud: Unveiling HPE Morpheus Software version 9.0 The rise of agentic AI: Ushering in the next era of intelligent IT Unleashing AI factory ROI: Secure agentic AI on multitenant infrastructure Introducing HPE CloudOps Software for cloud service providers Introducing HPE CloudOps Software for cloud service providers Next-gen IT unleashed: The boom of cloud paging and application packaging GreenLake Marketplace launches end-to-end commerce capabilities Discover what’s next with HPE Services at HPE Discover Las Vegas 2026 Secure application modernization with the Strangler Pattern to reduce security risk The private cloud resurgence by IDC—rebalancing cost, control, and AI HPE global trade integration: Enabling compliance in a connected digital world Sovereign by design for the workplace Reset with intent: Four smart moves to rationalize VMware exposure Building the high-performance data foundation for enterprise AI with HPE Storage Mastering hybrid cloud migration with HPE CloudOps Software suite Why sovereign cloud is becoming the backbone of modern workplace solutions Facilitating federated data and AI at scale with federated mesh architectures Reviving private cloud by automating day‑2 operations using Kubernetes operators From alerts to action: how Operations Copilot accelerates incident response Unleashing enterprise AI factories with Kubeflow: Overcoming multitenancy hurdles What a ride it has been—HPE Morpheus VM Essentials Software hits version 8.1 Cyber resilience: Securing the last line of defense in the digital age AI-augmented endpoint engineering: From deterministic to autonomous delivery HPE OpsRamp Software March 2026 release: Key updates for IT operations teams Simplify bare metal management with HPE Morpheus Enterprise Software BMaaS Operations Copilot from HPE OpsRamp Software: Your partner for next-gen IT operations ITIL (version 5): What’s new, what’s different, and why recertification matters Stop overpaying for platforms: Invest in GPUs for real AI value Why buying a training subscription is just like buying a gym membership HPE Morpheus Enterprise Software enhances its Kubernetes service with new features The great VM reset: Why enterprise virtualization needs a new foundation Engineering modern resilient-by-design applications for hybrid cloud PostgreSQL's BM25 ranking algorithm for enterprise-grade search quality Streamlining hybrid cloud: Announcing the unified HPE/hpe Terraform provider v1.1.0 Inside HPE Morpheus Minute: A closer look at storage types in HPE Morpheus Software Half your AI factory is sitting idle; here is the blueprint that fixes it Introducing True N-Tier Multi-Tenancy in HPE Morpheus Enterprise Software v8.1.0 Beyond observability: From signals to semantic intelligence in hybrid cloud Operationalizing agentic AI with NVIDIA Nemotron and HPE agents hub
The critical role of security fundamentals in the age of AI
HPE_Experts · 2026-06-15 · via The Cloud Experience Everywhere articles

How can we adapt our defenses to deal with this brave new AI-centric world? The answer involves two key strategies: First, rethinking our IT architecture and leveraging AI to strengthen our defenses.

HPE202601291654_800_0_72_RGB.jpg

For several decades cybersecurity operated using a simple logic: find a bug, write a patch, and deploy the fix before attackers exploit it. The entire industry was built on the assumption that defenders had enough time to respond. Recently this assumption died. Zero days were a notable exception to this logic but can be addressed by the same logic I will outline below.

AI tools (including Anthropic’s Mythos, but also others) broke this longstanding model. They can trace software vulnerabilities in our applications and codebase at a speed that is much higher than any tool we have used before. Most importantly they can also turn these vulnerabilities into attack code at the same incredible speed. Engineers with no security background are now able to develop powerful working exploits overnight. This phenomenon is referred to as the vulnpocalypse (a combination of vulnerability and apocalypse). Cybersecurity is at an inflection point because AI finds and weaponizes flaws faster than we can patch them.

How can we adapt our defenses to effectively deal with this brave new AI-centric world? The answer involves two key strategies: first, rethinking our IT architecture by consistently applying fundamental security principles, and second leveraging AI to strengthen our defenses.

Security priorities in the age of AISecurity priorities in the age of AI

Figure 1. Security priorities in the age of AI

  1. Rethink your architecture and reinforce security fundamentals

Most IT environments still resemble a medieval castle: fortified walls, a moat, and a single guarded entrance. Inside however, every internal door is often unleashed. Break through one layer, and the entire castle is vulnerable.

The alternative is a more resilient architecture that is grounded in core security principles such as zero trust, defense in depth, and least privilege. Imagine every room having its own lock, using access badges, all access attempts and entries logged, and doors locked by default. If AI bypasses the first layer and unlocks one door, it only gains access to a single room—everything else remains protected, and alarms are triggered with each attempt.

This idea is not new. It is simply about reapplying and reenforcing security fundamentals to our current IT architectures and engines. What has worked in the past to fight ransomware and other malware, should also be effective against today’s AI-driven exploits.

While technology evolves, the following core security principles must remain constant:

  • Understand the new risks that AI introduces, to what extent you are exposed to the new risks and how this affects your organization’s overall risk appetite and risk assessment. Pay special attention to third-party risk management
  • Know where your data resides (in use, at rest, in transit), also classify, label, and assign appropriate protection
  • Prioritize robust identity and access management, enforce zero trust and least privilege consistently across all identities (human and nonhuman)
  • Use strong and multifactor authentication (MFA) as a first layer of defense
  • Continuously enforce least privilege: only assign minimal permissions needed to get a job done and only for the time needed to do the job
  • Simplify and centralize access control decisions and logic: minimize unnecessary access control complexity and avoid the spread of access control decisions across different identity and access control islands
  • Implement continuous monitoring, privilege, and identity tracking across your IT stack
  • Apply Never trust, always verify—zero trust—across storage, compute, network, applications, identities, and devices
  • Enforce segmentation and microsegmentation and ingress and egress filtering rules across your physical and software-defined networking infrastructure
  • Establish and maintain up-to-date processes & procedures—that reflect the new AI reality—and train your staff accordingly to assume mistakes and breaches will happen
  • Honour defense in depth all over the board: include multiple layers of defense using segmentation and microsegmentation, and call on a diverse set of technical controls from different vendors and do this across the entire IT stack
  • Maintain an accurate, current inventory of all assets and their configuration and patch status, and use a configuration management system linked to a configuration management database
  1. Leverage AI to strengthen your security defenses

The same AI-driven capabilities that make tools like Mythos dangerous can be turned into powerful defenses that work to our advantage to:

  • Review code before deployment
  • Discover and identify vulnerabilities
  • Continuously penetration test systems
  • Enable more powerful breach and attack simulation
  • Perform automated security and compliance assessments
  • Automatically close gates while requiring human-in-the-loop supervision and approval

The first bullets in the list above are a plea for the creation of what is referred to as a VulnOps—Vulnerability Operations—capability in your organization. Like the idea behind DevOps and SecOps, this is a continuous, automated process for discovering, triaging, and patching specially focused on software vulnerabilities. It can replace slower, and more periodic human-driven security checks with an always-on vulnerability checking pipeline. This is essential capability in the AI era, where advanced tools and models can find and exploit flaws much more rapidly.

But there is more than that: AI agents and agentic AI-based orchestration also open new horizons for increased automation, self healing, and auto-protecting infrastructures: as long as humans can keep the oversight and remain in control.

It is critical that your security operations teams start leveraging AI agents and agentic AI to outsource routine tasks and let them do things on their behalf. Good examples are the testing and prioritization of patches, audit log analysis and event analysis, triaging and prioritization, root cause analysis, implementation of regular pen testing and analysis of the results, and vulnerability checking (as mentioned previously) etc.

We should adopt an octopus model for our security operations. An octopus is one of the most intelligent invertebrates on our planet because it has a central brain that interacts with a distributed nervous system in its tentacles allowing it to react swiftly to changes in its ecosystem. Similarly, our SecOps specialists should call on different AI agents, allowing them to do parallel processing, saving time, and allowing them to respond to security threats more rapidly and agile—while still maintaining human control and oversight.

Building a resilient security posture ready for the AI age

Both strategies reinforce each other. A well-designed security framework rooted in fundamental security principles enhances AI defenses while AI-driven security solutions strengthen the overall resilience of the architecture.

Retrofitting traditional systems with these security fundamentals can be costly and disruptive—comparable to tearing down walls and rewiring your house while it remains occupied. However, cloud-based architectures—the dominant IT model today—are inherently more flexible and software defined. Incorporating security boundaries and reinforcing security principles in a cloud environment often requires just configuration changes. Cloud platforms are also naturally built around segmentation, isolation, logging, and advanced identity and access management controls to enable multitenancy.

Many cloud providers also include embedded AI-powered security tools, such as automated code reviews, autonomous penetration testing, compliance checking, and continuous vulnerability and anomaly scanning, all integrated into unified systems. This integration makes applying, implementing, and enforcing security principles more practical, scalable, and easier to manage.

To stay ahead, organizations need to start refining their security boundaries, reduce implicit trust, and deploy AI across all layers now. Acting promptly allows organizations to fully leverage the transition window; delaying increases the risk of facing a perpetual day zero, where each attack feels new and unmanageable.

Mythos highlights an important truth: it does not negate decades of security best practices but emphasizes their importance. AI accelerates how quickly operational weaknesses can turn into breaches. Organizations lacking strict discipline in applying core security principles or ignoring the inclusion of AI-driven controls will feel the impact sooner and more severely.

How HPE Services can help

Advisory and Professional Services—empowers customers to build secure, compliant, and resilient IT and AI environments. Our cybersecurity offerings include assessments, strategic planning, architecture, tailored implementations, and ongoing support—helping ensure your data and assets remains secure and trustworthy.

Our simple cybersecurity services portfolio helps customers address the two key security challenges of the AI era outlined in this article:

  • To apply fundamental security principles to your existing IT infrastructure:
  • HPE Cybersecurity Services – Security Architecture and Integration: For applying foundational security principles across your IT platforms to establish holistic protection
  • HPE Cybersecurity Services – Security for AI: For applying foundational security principles across your AI platforms to ensure holistic protection
  • HPE Cybersecurity Services – Secure Networking: For applying foundational security principles (including segmentation and filtering) across your network platforms to ensure holistic protection
  • To use AI to your advantage:
  • HPE Cybersecurity Services – Security Operations Modernization: For leveraging AI, AI agents, and Agentic AI to make your security operations and overall security posture more flexible, adaptive, and resilient using tailored and customized solutions
  • HPE Cybersecurity Services – Security Posture Analysis: For leveraging AI, AI agents, and Agentic AI to provide continuous threat exposure management using off-the-shelf solutions

For further insights into the Mythos challenge, also see this Cloud Security Alliance (CSA) report: The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program

CTA
Learn more at HPE.com/services/security

By Author:
Jan De Clercq,
HPE Services—Advisory and Professional Services,
Cybersecurity Segment, Security CT
Linkedin Accounthttps://www.linkedin.com/in/jan-de-clercq-7284b8/