惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Fortinet All Blogs
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
美团技术团队
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
月光博客
月光博客
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
Recorded Future
Recorded Future
I
Intezer
博客园 - 【当耐特】
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
GbyAI
GbyAI
罗磊的独立博客
V
V2EX
Google DeepMind News
Google DeepMind News
D
DataBreaches.Net
Last Week in AI
Last Week in AI
T
Tailwind CSS Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
A
About on SuperTechFans
Scott Helme
Scott Helme
Vercel News
Vercel News
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
C
CERT Recently Published Vulnerability Notes
G
Google Developers Blog
B
Blog
博客园 - 叶小钗
WordPress大学
WordPress大学
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Jina AI
Jina AI
IT之家
IT之家
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
小众软件
小众软件
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Securing the Physical World as It Comes Online | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Update on Fortinet Use of Frontier AI | CISO Collective
Carl Windsor · 2026-06-30 · via Fortinet All Blogs

In our previous CISO Collective blog post, Supercharged Security: Security in the Time of Mythos, Fortinet highlighted that it has been using AI to augment our security analysis for many years, including malware analysis, AI-guided fuzzing, penetration testing, and code analysis.

More recently, however, Fortinet has been closely collaborating with several vendors to leverage multiple frontier models, including Anthropic’s Glasswing (Mythos) and OpenAI’s Daybreak (GPT 5.5 Cyber) projects. Fortinet is leveraging the best parts of each cyber model, together with on-premises models, as part of a robust security testing process. While AI has been part of our established security testing program, frontier cyber model innovations have supercharged our ability to analyze and test software at scale.

This shift is significant, but, it does not change our fundamental approach to product security and responsible innovation. We diligently balance our commitment to the security of our customers and our culture of innovation and responsible transparency. Safeguarding customers is our highest priority, and we share information regularly about our technology, people, and processes with that mission in mind.

Fortinet maintains a mature vulnerability management and disclosure program designed to identify, mitigate, and remediate issues quickly and responsibly. Products are built secure by design, secure by default, and with a defense-in-depth approach to limit the impact of any AI-accelerated attacks. Fortinet has a long-standing commitment to being a role model in ethical and responsible product development and vulnerability disclosure. See, for example, Fortinet’s well-established product security policy.

Fortinet continues its rigorous testing and validation of findings in third-party open source projects used within our products and our own code. This work continues in parallel to the additional Frontier model testing.

Findings to Date

Firmware testing

Fortinet began testing the frontier models by replicating the most likely exploitation pathways a threat actor would take. As a threat actor would not have access to source code, this adversary emulation testing is limited to firmware analysis, penetration testing, and red teaming.

We used our test harness to leverage a multi-agent strategy to achieve this goal:

  • Analyze the firmware and create an accurate threat model
  • Review the code for security-related findings
  • Remove false positives by comparing to the threat model
  • Validate the issues in a live system through penetration testing

Upon the review of Fortinet solutions, Fortinet did not find a significant number of exploitable vulnerabilities. Importantly, the results of this testing yielded valuable ancillary findings:

  • The threat models created from frontier AI models were of the highest quality we have observed, including our own threat models developed over several years. Having such a complete and accurate view of the firmware's inner workings in memory offers organizations a much more comprehensive model than can be achieved by interviewing developers.
  • The frontier models are incredibly adept at analyzing firmware, assessing changes between versions, and developing proof-of-concept exploits for known, remediated vulnerabilities.

The firmware testing story is important. In the short term, the risk posed by a threat actor gaining access to the current models is relatively low, given the threat actor’s ability to discover new vulnerabilities. However, the advantage it gives in reverse-engineering known, fixed vulnerabilities is significant. 

Cybersecurity professionals know that it is only a matter of time before the models improve and these capabilities become available in open-source versions, and Fortinet expects the landscape to change very quickly once that happens. We will come back to this point later in the recommendations section.

Source code testing

We expanded the test harness’s use to analyze source code, resulting in more substantial findings. After conducting over 100 tests of 30 distinct product families, we are currently assessing and actioning on the results, which, at the time of writing, stand at:

  • 30% false positive
  • 30% security best practice (not a vulnerability, but something we could enhance)
  • 40% true positive

We have made extensive use of penetration testing to triage frontier AI coding discoveries. But because we do not want to miss any true positives, Fortinet security analysts and security champions manually review every finding as the “human in the loop” to validate it before accepting a false positive classification. This step is crucial so that we do not overlook security best practices—issues that are not exploitable due to defense-in-depth measures or other mitigations. These are all useful and improve security, and will be addressed accordingly.

Addressing the true positives

Frontier AI brings significant changes, but it does not change the fundamentals. We believe that the change brought about by frontier AI models presents defenders with a valuable opportunity to prepare. Over the coming weeks and months, Fortinet will address issues and develop and publish security enhancements based on our assessment of the severity and exploitability of any discovered vulnerabilities, as we would with any other vulnerabilities. And as part of our secure-by-design transparency commitment, we will reference the source of the vulnerability when sharing these solutions publicly.

Our next CISO Collective Forum will be on Wednesday, August 19, 2026, at 8 a.m. PST | 11 a.m. EST | 4 p.m. GMT. Register here.

Integrating Frontier AI into the Fortinet Software Development Lifecycle (SDLC)

Security engineering at organizations has historically been bottlenecked by their ready availability of human expertise. Frontier models help resolve that bottleneck. They can:

  • Identify coding weaknesses and vulnerabilities at scale
  • Automate penetration testing workflows
  • Simulate attack paths across complex architectures
  • Suggest appropriate mitigations and fixes

This improves the scalability of these skilled teams, supercharging their capabilities. This increase is good news, given that the Fortinet 2026 Global Cybersecurity Skills Gap Report revealed that cybersecurity hiring has stalled, with over half of IT leaders facing corporate pushback.

It is important to recognize that the often-cited expectation that AI will significantly reduce headcount is unlikely to materialize, even as frontier AI capabilities continue to advance. Organizations will still require skilled analysts to design effective prompts and develop meaningful test harnesses for optimal results. Substantial effort and resources remain necessary to interpret the outcomes, address issues, and validate fixes. While AI can dramatically improve efficiency and augment human capabilities, it is not a fully autonomous solution today, nor should critical processes rely entirely on automation.

Augmented security expertise

My belief is that frontier AI models are unlikely to be transformative enough to replace the need for human security professionals. High-quality security professionals will remain essential for the foreseeable future. Rather, frontier AI models serve as “force multipliers” for existing security professionals:

  • Junior engineers gain expert-level guidance.
  • Security teams can rapidly scale their impact.
  • Security teams can gain insight into where to start probing and where developers should focus their refactoring efforts, based on the model's feedback.

Security knowledge becomes embedded in the organization’s development process, rather than siloed within a single team, enabling the collective of the company’s security professionals to operate more efficiently and move with greater momentum.

The value of an AI-augmented SDLC

At the time of writing, the average token cost per true positive of all severities is standing around $540, representing a solid return on investment. This doesn’t even consider the benefits from the security best practices and threat modeling findings. 

The frontier AI models are having a significant accelerating impact on cybersecurity, and given the success we have seen since we began integrating them together with local Fortinet models in our own AI foundry and into our SDLC permanently for continued testing, we expect Fortinet’s own solutions to improve over time, and the costs for this continued effort to reduce significantly.

Staying Prepared

A key finding in the FortiGuard Labs 2026 Global Threat Landscape Report, published prior to the launch of Mythos and GPT 5.5. Cyber, was that as AI accelerates reconnaissance, weaponization, and execution, and the finding that the time to exploit (TTE) had dropped to 24–48 hours for critical outbreaks, a sharp reduction from the 4.76-day TTE average in 2024. I mentioned earlier that a key takeaway from the firmware testing was how easy it was for the newer models to reverse-engineer the firmware and create proof of concepts for remediated vulnerabilities. With the advent of frontier AI models, we fully expect the TTE to continue the rapid trend towards zero.

To survive this new terrain, organizations need to evolve, and evolve quickly.

Shorten mitigation cycles dramatically

Given the speed we expect reverse-engineering attacks to occur, our primary defense mechanism must shift to a strategy of mitigating first and patching later. Mitigations start with the most secure deployment option, which we are encouraging by our secure-by-default strategy, a topic driven by CISA and to which Fortinet committed as one of the first cybersecurity company signatories to the corresponding pledge. Here are a few examples of best practice deployments for Fortinet devices, and the concept for other vendors is similar:

  • Enforce password complexity policy
  • Enable multifactor authentication (MFA)
  • Restrict access to the admin interface using a local-in policy, or better yet, remove administrative access to your FortiGate from internet-facing interfaces and instead manage it via an internal or out-of-band method
  • Follow best practice recommendations for configuration
  • Understand your most exposed and critical attack surface through continuous threat exposure management (CTEM) tools such as FortiRecon and prioritize security for these devices
  • Reduce your attack surface by putting internal resources out of harm’s way and behind remote access solutions such as a secure access service edge (SASE)
  • Collect logs from all devices and perform continuous threat hunting across your whole infrastructure
  • Keep your devices up to date with the latest firmware and patches, giving top priority to any internet-facing devices

The above is critical, as actors with AI tools will soon be able to start to abuse vulnerabilities within hours of a vulnerability being published, so automation will be key, as every second matters to stay ahead of threat actors. The days of a quarterly change window are gone.

Velocity of mitigations is going to be key, and Fortinet continues to advocate the concept of virtual patching to remediate issues rapidly, using IP-based signatures to help organizations before they may have the opportunity to patch a vulnerability, before a fix is even available in some cases. If virtual patches are not available, clearly defined workarounds from your vendor will be key to the timely mitigation of potential threats.

Organizations also need to plan for this shift early in the process. This shift in approach needs to be built in right at the architectural design stage. A common obstacle to upgrading is the refrain: “I cannot take my business offline; it is tax season/Black Friday/Christmas, etc.” That mindset needs to change. 

To incorporate this change in approach, for example, Fortinet offers solutions that simplify mitigation and remediation efforts and enable zero-impact upgrades via the FortiGate Session Life Support Protocol (FGSP). With this capability, you can synchronize sessions, withdraw a device from a cluster, and patch and reinsert it with zero packet loss or disruption to network traffic.

Security orchestration and response tools like FortiSOAR can be used to accelerate this patching process for all vendors’ automation playbooks to:

  • Identify vulnerable systems
  • Implement immediate workarounds like virtual patching
  • Automate the identification of patches, open the change window, and automate the application of patches

More details on protective actions can be found in our white paper, “The Cyber Implications of Frontier Cyber Models for Organizations and Customers.”