




















How can we adapt our defenses to deal with this brave new AI-centric world? The answer involves two key strategies: First, rethinking our IT architecture and leveraging AI to strengthen our defenses.
For several decades cybersecurity operated using a simple logic: find a bug, write a patch, and deploy the fix before attackers exploit it. The entire industry was built on the assumption that defenders had enough time to respond. Recently this assumption died. Zero days were a notable exception to this logic but can be addressed by the same logic I will outline below.
AI tools (including Anthropic’s Mythos, but also others) broke this longstanding model. They can trace software vulnerabilities in our applications and codebase at a speed that is much higher than any tool we have used before. Most importantly they can also turn these vulnerabilities into attack code at the same incredible speed. Engineers with no security background are now able to develop powerful working exploits overnight. This phenomenon is referred to as the vulnpocalypse (a combination of vulnerability and apocalypse). Cybersecurity is at an inflection point because AI finds and weaponizes flaws faster than we can patch them.
How can we adapt our defenses to effectively deal with this brave new AI-centric world? The answer involves two key strategies: first, rethinking our IT architecture by consistently applying fundamental security principles, and second leveraging AI to strengthen our defenses.
Security priorities in the age of AI
Figure 1. Security priorities in the age of AI
Most IT environments still resemble a medieval castle: fortified walls, a moat, and a single guarded entrance. Inside however, every internal door is often unleashed. Break through one layer, and the entire castle is vulnerable.
The alternative is a more resilient architecture that is grounded in core security principles such as zero trust, defense in depth, and least privilege. Imagine every room having its own lock, using access badges, all access attempts and entries logged, and doors locked by default. If AI bypasses the first layer and unlocks one door, it only gains access to a single room—everything else remains protected, and alarms are triggered with each attempt.
This idea is not new. It is simply about reapplying and reenforcing security fundamentals to our current IT architectures and engines. What has worked in the past to fight ransomware and other malware, should also be effective against today’s AI-driven exploits.
While technology evolves, the following core security principles must remain constant:
The same AI-driven capabilities that make tools like Mythos dangerous can be turned into powerful defenses that work to our advantage to:
The first bullets in the list above are a plea for the creation of what is referred to as a VulnOps—Vulnerability Operations—capability in your organization. Like the idea behind DevOps and SecOps, this is a continuous, automated process for discovering, triaging, and patching specially focused on software vulnerabilities. It can replace slower, and more periodic human-driven security checks with an always-on vulnerability checking pipeline. This is essential capability in the AI era, where advanced tools and models can find and exploit flaws much more rapidly.
But there is more than that: AI agents and agentic AI-based orchestration also open new horizons for increased automation, self healing, and auto-protecting infrastructures: as long as humans can keep the oversight and remain in control.
It is critical that your security operations teams start leveraging AI agents and agentic AI to outsource routine tasks and let them do things on their behalf. Good examples are the testing and prioritization of patches, audit log analysis and event analysis, triaging and prioritization, root cause analysis, implementation of regular pen testing and analysis of the results, and vulnerability checking (as mentioned previously) etc.
We should adopt an octopus model for our security operations. An octopus is one of the most intelligent invertebrates on our planet because it has a central brain that interacts with a distributed nervous system in its tentacles allowing it to react swiftly to changes in its ecosystem. Similarly, our SecOps specialists should call on different AI agents, allowing them to do parallel processing, saving time, and allowing them to respond to security threats more rapidly and agile—while still maintaining human control and oversight.
Building a resilient security posture ready for the AI age
Both strategies reinforce each other. A well-designed security framework rooted in fundamental security principles enhances AI defenses while AI-driven security solutions strengthen the overall resilience of the architecture.
Retrofitting traditional systems with these security fundamentals can be costly and disruptive—comparable to tearing down walls and rewiring your house while it remains occupied. However, cloud-based architectures—the dominant IT model today—are inherently more flexible and software defined. Incorporating security boundaries and reinforcing security principles in a cloud environment often requires just configuration changes. Cloud platforms are also naturally built around segmentation, isolation, logging, and advanced identity and access management controls to enable multitenancy.
Many cloud providers also include embedded AI-powered security tools, such as automated code reviews, autonomous penetration testing, compliance checking, and continuous vulnerability and anomaly scanning, all integrated into unified systems. This integration makes applying, implementing, and enforcing security principles more practical, scalable, and easier to manage.
To stay ahead, organizations need to start refining their security boundaries, reduce implicit trust, and deploy AI across all layers now. Acting promptly allows organizations to fully leverage the transition window; delaying increases the risk of facing a perpetual day zero, where each attack feels new and unmanageable.
Mythos highlights an important truth: it does not negate decades of security best practices but emphasizes their importance. AI accelerates how quickly operational weaknesses can turn into breaches. Organizations lacking strict discipline in applying core security principles or ignoring the inclusion of AI-driven controls will feel the impact sooner and more severely.
How HPE Services can help
Advisory and Professional Services—empowers customers to build secure, compliant, and resilient IT and AI environments. Our cybersecurity offerings include assessments, strategic planning, architecture, tailored implementations, and ongoing support—helping ensure your data and assets remains secure and trustworthy.
Our simple cybersecurity services portfolio helps customers address the two key security challenges of the AI era outlined in this article:
For further insights into the Mythos challenge, also see this Cloud Security Alliance (CSA) report: The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program
By Author:
Jan De Clercq,
HPE Services—Advisory and Professional Services,
Cybersecurity Segment, Security CT
Linkedin Account: https://www.linkedin.com/in/jan-de-clercq-7284b8/
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。