惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Forbes - Security
Forbes - Security
WordPress大学
WordPress大学
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
P
Privacy International News Feed
A
About on SuperTechFans
T
Tailwind CSS Blog
I
InfoQ
S
Securelist
云风的 BLOG
云风的 BLOG
罗磊的独立博客
Recent Announcements
Recent Announcements
T
The Exploit Database - CXSecurity.com
B
Blog RSS Feed
V
Visual Studio Blog
Know Your Adversary
Know Your Adversary
The GitHub Blog
The GitHub Blog
Jina AI
Jina AI
腾讯CDC
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
博客园 - 【当耐特】
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
F
Full Disclosure
S
Secure Thoughts
博客园 - 司徒正美
J
Java Code Geeks
Y
Y Combinator Blog
Google Online Security Blog
Google Online Security Blog
GbyAI
GbyAI
N
News and Events Feed by Topic
Help Net Security
Help Net Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Project Zero
Project Zero
T
Tenable Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Tor Project blog
MyScale Blog
MyScale Blog
Scott Helme
Scott Helme
小众软件
小众软件
K
Kaspersky official blog

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Securing the Physical World as It Comes Online | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Supercharged Security: Security in the Time of Mythos | CISO Collective
Carl Windsor · 2026-04-20 · via Fortinet All Blogs

AI is compressing the timeline of cyber risk, with the gap between disclosure and exploitation collapsing. Vulnerabilities that once took weeks or months to discover and exploit can now be identified and weaponized in hours. 

Fortunately, this shift cuts both ways. The same models accelerating attackers are also enabling defenders to detect, analyze, and mitigate risk at unprecedented speed. The advantage is no longer about who has better tools, but who can operate faster and more cohesively across the entire security lifecycle. Organizations that rely on slower, fragmented approaches will not be able to keep pace. Security today needs to operate as a continuous, integrated process, spanning development, detection, and response.

Preemptive security models are now required to reduce exposure before vulnerabilities can be exploited. That means integrating AI into development, detection, and response, shortening mitigation cycles, embedding security directly into systems and workflows, and designing for scale from the outset. Those that adapt will operate with greater visibility, control, and resilience. Those who do not will struggle to keep pace in an environment now defined by automation and scale.

The History of AI at Fortinet

AI in the security industry is nothing new. Fortinet has been utilizing AI techniques in FortiGuard Labs since 2015 to address the exponential growth of potentially malicious signals received that the threat researcher had to investigate. Using machine learning (ML) and artificial neural networks (ANN), the team trained the model to autonomously identify malicious files and track botnets with high accuracy. FortiGuard Labs receives trillions of signals per day, which can be automatically classified using AI, freeing up resources to focus on the more elusive samples.

Since 2015, some of these methods have been embedded into products offered to customers, including AI-powered sandboxing (FortiSandbox) to identify high-risk files in email and network traffic, endpoint detection and response (FortiEDR) to identify malicious files and traffic behavior, and network detection and response (FortiNDR) to identify suspicious network activity.

Generative AI (GenAI) added the capacity for understanding and generation. Fortinet took advantage of this for generating threat actor reports in FortiRecon (our external attack surface monitoring platform), creating configurations based on verbal requests or whiteboard sketches in FortiOS (Fortinet’s unified networking and security operating system), and hunting for threats across the network in FortiSOC (our unified security operations platform) to create CISO-level briefings.

This foundation is what allows Fortinet to operationalize AI today—not simply experiment with it.

Agentic AI, the ability for all of these systems to cooperate, share intelligence, infer from each other and then take action to achieve the stated goals is the next step in this progress, but we will save that for a future blog and focus on AI for security analysis.

Traditional Security Tooling

Product security testing has remained relatively unchanged for years. There are multiple tools and techniques commonly implemented as part of a secure product development lifecycle:

Static application security testing (SAST) to analyze code and Software Composition Analysis (SCA) to identify vulnerable open-source code are part of the DevOps pipeline. Techniques such as dynamic application security testing (DAST) and fuzzing test against real, running systems. And then we have more resource-intensive, people-based methods such as penetration testing and manual code audits.

The reality is that if you care about security, you need all of these, and more importantly, you may need to use multiple of each to get good coverage. At Fortinet, we use three separate SAST tools and up to 10 different DAST tools, plus SCA, fuzzing, penetration testing, and manual code audit.

We are at an inflection point, however, where these more traditional, static tools, with their known limits, are being overtaken by frontier AI models.

Kings of the Wild Frontier (Models)

One of the main benefits of AI is the democratization of technology so people outside of the usual development ecosystem can code whole applications in a short amount of time. New generations of frontier AI models can analyze software, generate code, and simulate workflows with minimal guidance and at unprecedented speeds.

From a security perspective, this works in two ways. The same capability that detects and patches a vulnerability can also weaponize it. For product security teams, this isn’t just another technology shift. It’s a reshaping of the threat landscape itself. As with traditional tools, Fortinet is working closely with AI vendors, including Anthropic and other frontier AI companies, to leverage the best parts of each model.

Recent weeks have seen increased attention around Anthropic’s “Glasswing” project and its preview of Mythos, with early access extended to organizations responsible for building and maintaining critical software. Fortinet has access to the Claude Mythos Preview as part of this program. While details of implementation and findings are not disclosed, this reflects a broader shift: Frontier models are advancing rapidly in their ability to analyze, understand, and test complex systems.

Staying ahead of threat actors is crucial, so this level of collaboration matters. The question is not what any one organization is doing with these models, but what their accelerating capabilities mean for defenders more broadly.

The Benefits of Security at Break-Neck Speed

New frontier AI models are like an all-purpose rock star security engineer—the most skilled pen-testers and code auditors rolled into one. Think Neo in the Matrix: They know Kung-Fu. They know your products better than any developer, as they hold a full understanding of the code in their “brain” at all times. This leads to some amazing and slightly nerve-racking abilities.

Accelerated vulnerability discovery

Frontier AI models can scan codebases and identify vulnerabilities dramatically faster than traditional methods.

  • Audit and test tasks that once took weeks or months can now be completed in a matter of hours.
  • Models can assist in identifying zero-days and complex system weaknesses.

The reality, however, is that while these models seem to improve every few days, even the latest frontier AI models can make mistakes. False positives still occur, and identified vulnerabilities may already have other mitigations in place. As a result, these models should be treated as tools, not final solutions. The role of a security analyst does not go away, as they are still needed to guide the AI model and, most importantly, validate its findings. What they do is speed up analysis, making the security analyst much more productive.

This compression of discovery timelines directly reduces exposure windows, allowing organizations to move from reactive patching to proactive risk reduction.

Enhanced threat detection and response

Frontier AI models are particularly adept at:

  • Correlating signals across massive telemetry datasets
  • Detecting anomalous behavior patterns in real time
  • Assisting SOC teams with triage and incident response

These models act like tireless analysts that never blink, never sleep, and never miss a log line. Their ability to find the needle in the haystack is transforming SOC environments.

Security automation at scale

Security engineering has historically been bottlenecked by human expertise. Frontier models help dissolve that bottleneck. They can:

  • Generate secure code patterns
  • Automate penetration testing workflows
  • Simulate attack paths across complex architectures

This lowers the barrier to implementing robust security practices across teams and allows organizations to apply high-quality security practices consistently across environments, rather than selectively where expertise is available.

Augmented security expertise

My belief is that frontier AI models will not be so transformative as to completely replace the need for skilled people. High-quality security professionals will be here for a long time to come. Rather, the models act as “force multipliers” for existing security professionals:

  • Junior engineers gain expert-level guidance.
  • Security teams can scale their impact.

Security teams can gain insight into where to start probing and developers where to focus refactoring effort based on feedback from the model.

One of the greatest unexpected benefits we have found with these new frontier AI models is how adept they are at threat modeling. Having full product and data-flow information in its head makes it simple to create a threat model in minutes. And it is more accurate because it is based on the current reality, not on how developers think things work.

The Drawbacks

While these models are proving highly successful in helping product security organizations with the velocity of improvements, there are drawbacks.

Lower barrier for attackers

Here comes the uncomfortable symmetry: Attackers get access to the same tools, meaning frontier AI models can:

  • Provide previously unseen details of the inner workings of the product
  • Generate exploit code
  • Identify vulnerabilities in target systems
  • Automate multi-step attack chains

This reduces the skill required to execute sophisticated attacks. Tasks once reserved for elite hackers are becoming accessible to a wider pool of threat actors, increasing the number of capable attackers and accelerating attack velocity.

The rise of models capable of rapidly discovering and exploiting vulnerabilities in real-world systems raises alarms in high-risk sectors like banking and healthcare. However, defenders gain a structural advantage in environments where telemetry, control, and response are already integrated, allowing them to detect and contain activity at scale in ways attackers cannot easily evade.

Dual-use vulnerability discovery

The same model that helps you fix bugs can help someone else find them first.

  • AI can differentiate or compare software versions and identify changes in a matter of seconds.
  • AI can easily reverse-engineer patches.
  • AI can compress vulnerability identification and exploit development timelines from months to hours.

As a result, your exposure window shrinks. If you don’t patch fast, someone else will weaponize faster. The organizations that succeed will be those that treat mitigation as an automated process rather than a manual workflow.

Fortinet AI-Enabled Product Security

Fortinet has been using AI to augment security analysis for years, including AI-guided fuzzing, penetration testing, and code analysis. Frontier models such as Anthropic’s Mythos Preview represent a continuation of that trajectory, with greater capability for analyzing and testing software. This shift is significant, but it does not change the fundamentals. Fortinet maintains a mature vulnerability management and disclosure program designed to identify, mitigate, and remediate issues quickly and responsibly. Products are built secure by design, secure by default, and with a defense-in-depth approach to limit the impact of any AI-accelerated attacks.

Access to frontier models such as Mythos Preview comes with strict usage expectations. These models are used in controlled environments to support vulnerability discovery and remediation across Fortinet systems. They are not used for offensive research against external targets, and outputs are validated through established security review processes before any action is taken.

How to Survive in the Age of AI

I previously thought of AI as just a tool, and like any tool, it is only as good as the person using it. However, with recent increases in model performance, I have come to realize that this is not just a new tool; it has become an arms race. New frontier AI models don’t just improve security. They are reshaping the economics of cyber conflict, a shift that will require a complete mindset change.

Access to frontier models does not eliminate the need for discipline. It increases the consequences of getting that discipline wrong. These new models make it trivial for threat actors to reverse-engineer patches, making timely remediation key. In a poetic way:

Defenders gain speed and scale.
Attackers gain visibility and automation.
The balance shifts constantly.

To survive this new terrain, organizations need to evolve—and evolve quickly.

Shorten mitigation cycles dramatically

Given the speed at which we expect reverse-engineering attacks to occur, our primary defense mechanism will be to mitigate first and patch later. Mitigations start with the most secure deployment, which we are encouraging through our secure-by-default strategy, a CISA-driven pledge to which Fortinet has committed. Here are a few examples for Fortinet devices, but the concept is the same for other vendors:

  • Enforce password complexity policy.
  • Enable multi-factor authentication (MFA).
  • Restrict access to the admin interface using a local-in policy, or, better yet, remove administrative access to your FortiGate from internet-facing interfaces and instead manage it via an internal or out-of-band method.
  • Follow best-practice recommendations for configuration.
  • Understand your most exposed and critical attack surfaces and prioritize security for these devices.
  • Collect logs from all devices and perform continuous threat hunting across your entire infrastructure.
  • Keep your devices up to date and patched, giving top priority to any internet-facing devices.

However, actors using AI tools will be able to exploit vulnerabilities within hours of publication, so automation will be key, as every second matters to stay ahead of these actors. The days of a quarterly change window are now gone—velocity is critical.

Temporary mitigations are going to be vital. Fortinet has been promoting the concept of virtual patches to rapidly remediate issues with IPS-like signatures before the organization has the opportunity to patch, and in some cases, even before a fix is available. If virtual patches are not available, clearly defined workarounds from your vendor will be key to mitigation.

Organizations need to plan for this shift right at the architectural design stage. A common complaint against upgrading is that “I cannot take my business offline because it is tax season/Black Friday/Christmas, etc.” That needs to change. Fortinet has solutions to make this simpler with zero-impact upgrade capability, such as our FortiGate Session Life Support Protocol (FGSP). This enables you to synchronize sessions, withdraw a device from a cluster, patch it, and reinsert it with zero packet loss or disruption of network traffic.

Tools like FortiSOAR (security orchestration and response) can be used to accelerate this patching process for all vendors’ automation playbooks to: 

  • Identify vulnerable systems
  • Implement immediate workarounds, such as virtual patching
  • Identify patches
  • Open change window
  • Push patches

Conclusion

As part of broader industry collaboration, insights from early access programs like Glasswing contribute to anonymized, aggregated learning. The objective is to raise the baseline of security across the ecosystem, not to create isolated advantages, thereby helping organizations adopt safer development and response practices.

Frontier AI models are advancing quickly and will continue to do so. Fortinet has been preparing for this shift by systematically identifying and remediating vulnerabilities within our own codebase. Over the past two years, 68% of disclosed vulnerabilities were found internally. That reflects a preemptive security model focused on reducing exposure before vulnerabilities can be discovered and weaponized externally. As AI lowers the barrier to vulnerability discovery, this approach becomes increasingly important.

The timeline of risk has changed. Detection, validation, and mitigation now need to operate as a continuous, integrated process. Vendors need to apply AI early in the lifecycle, shorten remediation cycles, and use defensive engineering techniques to limit the impact of inevitable vulnerabilities. Organizations that can do this will operate with greater visibility and control. Those that cannot will fall behind.

Security depends on consistent execution. Faster response models, supported by systems designed for scale, are now required. Fortinet is built to support that shift.