AI in cybersecurity shifts the balance as attacks happen in seconds while defenses lag behind

5 ways to fortify your network against the new speed of AI attacks

Defending against attacks requires structural changes to the network. Here's the paradox of modern cyberwarfare: Increasingly, the attackers are using machines that can work orders of magnitude faster than the humans who control them. In response, the targets are increasingly turning to automated systems to detect and repel those intruders. But in this machine-versus-machine combat, humans remain the center of each battle, and we mere mortals continue to be the weak point. That's the conclusion of this year's survey of the enterprise security landscape from Mandiant, a US cybersecurity firm -- now part of Google Cloud -- that specializes in investigating major global security breaches and advising organizations on how to protect themselves from cyber threats. Also: Stopping bugs before they ship: The shift to preventative security Modern enterprise networks are widely distributed and can hand off tasks to partners via software-as-a-service. The bad guys are doing the same thing, according to Mandiant, using a "division of labor" model: one group uses low-impact techniques like malicious advertisements or fake browser updates to gain access to a network, then hands off the compromised target to a secondary group for hands-on access. And this all happens at a startling pace. In 2022, Mandiant reports, this "time to hand off" was more than eight hours. In 2025, thanks to automation, those hand-offs were happening after an average of just 22 seconds. Likewise, the window to compromise systems with zero-day exploits is also plummeting, with the mean time to exploit vulnerabilities dropping to seven days before vendors have had time to issue a patch. According to Mandiant, the majority of attackers conducting "hands-on-keyboard operations" in compromised enterprise networks can be divided into two groups with distinctly different tactics and pacing: Cybercriminals pursue financial gain, using tools like ransomware, while espionage groups optimize for long-term, stealthy access. On one end of the spectrum, cyber criminal groups optimized for immediate impact and deliberate recovery denial. On the other end, sophisticated cyber espionage groups and insider threats optimized for extreme persistence, utilizing unmonitored edge devices and native network functionalities to evade detection. Those "dwell times" -- that is, the time from intrusion to detection -- average 14 days, but cyber espionage incidents can last much longer, with a median dwell time of 122 days. Also: The patching treadmill: Why traditional application security is no longer enough Mandiant identified more than 16 industry verticals that are being targeted, with the high-tech sector (17%) and the financial sector (14.6%) at the top of the list. No surprises here: Nearly one-third of detected intrusions come from exploits. The second most commonly observed vector is "highly interactive, voice-based social engineering," with groups targeting IT help desks "to bypass multifactor authentication (MFA) and gain initial access to software-as-a-service (SaaS) environments." Also unsurprising is the increasing adoption of artificial intelligence tools for reconnaissance, social engineering, and malware development. After gaining access to a network, they report, "attackers are weaponizing AI ... the QUIETVAULT credential stealer was observed checking targeted machines for AI [command-line] tools to execute predefined prompts to search for configuration files and collect GitHub and NPM tokens." Also: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond However, AI is still playing a secondary role. "Despite these rapid technological advancements," the report notes, "we do not consider 2025 to be the year where breaches were the direct result of AI. From our view on the frontlines, the vast majority of successful intrusions still stem from fundamental human and systemic failures." The entire tech industry has learned from Mark Zuckerberg's infamous imperative for Facebook engineers: "Move fast and break things." That's also true for cybercriminals, who have discovered that ransomware attacks are even more effective when they also target the virtual infrastructure that supports backup tools: Ransomware groups are no longer just encrypting data; they are actively destroying the ability to recover. ... actively deleting backup objects from cloud storage. ... By targeting the virtualization storage layer directly or encrypting hypervisor datastores, they can render all associated virtual machines inoperable simultaneously. Also: 1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now The good news is that the targets are getting smarter, too. "Organizations are improving their internal visibility. Across all 2025 investigations, 52% of the time organizations first detected evidence of malicious activity internally, an increase from 43% in 2024." The sooner you discover evidence of an intrusion, the sooner you can begin the recovery process. As attackers get more sophisticated and persistent, IT workers have to step up their game as well. Mandiant's advice includes advanced training for employees and help desk staff on how to recognize modern attack vectors: recognizing social engineering attacks using voice-based tools and messaging apps, as well as unauthorized MFA reset requests. Here are five other defensive strategies that involve changes in network infrastructure: Also: Cloud attacks are getting faster and deadlier - here's your best defense plan In its conclusion, Mandiant's researchers note that "identity is the new perimeter." Simply rotating passwords and enforcing MFA isn't enough anymore. Focusing on hardening identity controls and shifting to continuous identity verification, especially with third-party vendors, is crucial.

Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes -- LLM-assisted bug-hunting ushers in a new cyberworld order

If you're not integrating LLMs in your development pipeline for security checks, you've already lost. In case you haven't been in the cybersecurity news lately, here's a quick summary: discoveries and exploits of high-profile software vulnerabilities are becoming faster than ever, in part due to AI-assisted code scanning tools. For example, most every Linux distribution recently found itself on the wrong end of the Copy Fail and Dirty Frag privilege escalation vulnerabilities (gaining administrator access with a local account), for which patches hadn't been made widely available as there wasn't enough time between their disclosure and publication. Himanshu Anand, a security researcher, wrote a lengthy blog post explaining why the industry-standard 90-day disclosure window and associated procedure are effectively dead in this AI-powered world, and his conclusions might lead developers and sysadmins to pick up a stiff drink. On the developer side, he suggests programmers to add LLM to their code push, deployment, and dependency-checking steps as a countermeasure, as attackers are already using LLMs to undercover vunerabilities. The crux of the matter is the fact that although a bot isn't necessarily any smarter than a human at programming or hunting for security vulnerabilities, a LLM that can do so at full mental capacity 24/7 and is brutally effective at pattern recognition (built with pattern recognition, if we must). The vast majority of security exploits are rooted in specific bad programming habits, something a bot excels at noticing quickly and repeatedly. Both aforementioned exploits for the Linux kernel took advantage of insecure zero-copy mechanisms (performing calculations on data in-place instead of copying/calculating/replacing). In both cases, although the issues were communicated to the kernel team in advance, they were made public far before the usual 90-day period -- just over a week, in the case of Dirty Frag. Although nobody said it out loud, the general assumption was that white-hat reveals were done with little to no advance warning because the exploits were already in the wild, so there was nothing to gain and everything to lose by keeping them under wraps. To illustrate this point, Anand presents one of his own bug reports to an unnamed e-shop, wherein he found and reported an unpatched security bug that would let attackers buy expensive items for the princely sum of $0. Much to his surprise, he got a reply stating that 10 (!) other researchers had already reported the issue over six weeks. Conferring with a colleague, they noticed that "LLM-assisted hunters were converging on the same bugs almost simultaneously." This conclusion is further backed up by triage engineer @d0rsky, who notes that once a new vulnerability is found, he immediately sees "a wave of duplicate reports within days." Quite poignantly, Dorsky posits: "if researchers can replicate these findings so quickly, what's stopping black-hats from doing the same before the issue is fixed?" Anand further drives the point home by saying he made an exploit for a published and patched vulnerability in the React framework in just 30 minutes using LLM tools. In his conclusion, Anand doesn't mince words, stating that in this new world where non-ethical hackers can so quickly analyze code using AI, the 90-day window protects nobody, and that the usual monthly patch cycles are equally dead, as "[the] 30 day window between vulnerability and fix assumes attackers are slower than your release train." He urges developers to treat "every critical security issue as P0 and fix it immediately," as they can assume that said vulnerability is already under active exploitation. To wit, "if you are reading CVE descriptions while attackers are reading git log --diff-filter=M, you are already behind." Ironically enough, open-source software enjoys high security standards due to code being publicly available for scrutiny and correction, but LLMs are turning that characteristic into a double-edged sword. Having said that, in the OSS world, a patch can also be created and distributed within hours, something the Mozilla team recently proved by posting 423 security fixes in April alone. As for closed-source software, well, let's just say that tireless bots are equally good at decompiling and network scanning as they are at source code analysis, and it's likely enough that Microsoft, Apple, or Google will have their Copy Fail moments sooner rather than later. Do read the entirety of Anand's post, as it's quite elucidative. Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

Palo Alto Networks found and fixed 75 flaws this month, up from its usual five Palo Alto Networks usually finds five vulnerabiilties a month, but on Wednesday said it scanned its entire codecase using the latest frontier models, including Anthropic's Mythos, and found 75 security holes, covered in 26 CVEs. This comes a day after Microsoft said it used its new agentic bug hunting system called MDASH to find 17 vulnerabilities across its products - on a record-setting Patch Tuesday that saw Redmond disclose a whopping 30 critical CVEs. Plus, last week Mozilla said it fixed 423 Firefox bugs in April, which is more than five times higher than the 76 fixes issued in March and almost 20 times higher than its 21.5 monthly average last year. The browser maker previously said Mythos found 271 flaws in Firefox 150. It shouldn't be all that shocking. Security vendors have long warned about attackers using AI, and how this means defenders need to operate at AI speed to protect their own networks and systems (aka buying their AI-infused products). Now that models have become really good at finding bugs in code, security shops are using AI to scan their own software, hopefully to uncover and fix flaws before the baddies do. And this trickles down to two things: more patches, and more work for admins. Zero Day Initiative's chief vuln finder Dustin Childs agrees with this assessment. "At first, yes, this means more patches and thus more work for admins," he told The Register. "The goal over time would be to eliminate as many as possible, and, over time, that monthly number goes down." What will make this whole AI bug hunting season "really painful," he continued, is if the patches don't work or - worse yet - break things. "Many customers don't trust patches as it is, so if AI-related patches break things, they are less likely to apply as time goes on," Childs added. "This will be true even if AI only finds the bugs and doesn't make the patches." This isn't to say security companies should avoid AI to find and fix flaws. "All vendors should use what tools they have to find and remediate bugs before they are exploited in the wild," Childs said. "Ideally, they would find the bugs before they even ship, but I'm not holding my breath for that to happen." Both Microsoft and Palo Alto Networks (PAN) are part of Anthropic's Project Glasswing, which means they are among the select group of entities allowed to test Mythos, the much-hyped LLM, to find security holes in their own products. Palo Alto Networks began testing Mythos on April 7, and has since continued using the LLM and other frontier models, including Claude Opus 4.7 and OpenAI's GPT-5.5-Cyber, according to product manager Lee Klarich. "Today, we released our May 'Patch Wednesday' security advisories," Klarich said in a Wednesday blog, adding that "this is the first time where the majority of findings were the result of frontier AI models scanning our code." The LLMs scanned over 130 Palo Alto Networks products and platforms platforms, and as noted above found 75 issues, covered in 26 CVEs. None of these bugs are under exploitation, and as of Wednesday the company has fixed all bugs in its SaaS-delivered products and coded patches for all customer-operated products. "We intend to fix every vulnerability we find before advanced AI capabilities become widely available to adversaries," Klarich said in his blog, adding that his company expects "a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm." A day earlier, Microsoft said its new multi-model agentic scanning harness (codename MDASH) helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack, as disclosed in May's Patch Tuesday event. This included four critical remote code execution flaws in components such as the Windows kernel TCP/IP stack and the IKEv2 service. "Unlike single-model approaches, the harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end," Microsoft VP of agentic security Taesoo Kim said in a Tuesday blog. Tom Gallagher, VP of engineering at Microsoft Security Response Center, admitted that "this month's release sits on the larger side of a hotpatch month." Gallagher said he expects AI-assisted bug hunting to increase Patch Tuesday releases as both Microsoft and third-party researchers use these tools to boost vulnerability discovery. And yes, all of this ultimately means more patches and more work. "Finding bugs has always been the cheap end of the pipeline," Luta CEO Katie Moussouris told The Register. "Triage, disclosure, building patches that do not break production, and getting customers to deploy them is the expensive end, and nobody has funded it for this volume." Moussouris helped convince Redmond's top brass that Microsoft needed a bug bounty program in 2013, and three years later started her own bug bounty consultancy. She noted Palo Alto Networks' staggering jump in CVEs this month. "Multiply that across every vendor and the bottleneck becomes admins and vulnerability management teams," Moussouris said. And she also stressed that people should be using these new models to find vulnerabilities. "It is exactly what defenders should be doing," Moussouris said. "Both PAN and Microsoft landed on the same answer: no single model catches everything. PAN ran Claude Mythos, Claude Opus 4.7, and GPT-5.5-Cyber because each finds bugs the others miss," she added. "Microsoft orchestrates over 100 specialized agents across multiple models. Add threat intel and codebase context, and Microsoft rediscovered 96 percent of five years of confirmed bugs in a critical Windows component. The asymmetry is temporary, PAN puts adversary parity at three to five months, so any vendor not scanning their own code now is letting someone else find their bugs first."®

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

By Sila Ozeren Hacioglu, Security Research Engineer at Picus Security. In April 2026, Anthropic released its newest frontier model, codename Mythos, to twelve partners under a gated preview. Not general availability; the company explicitly held it back as it was (correctly) deemed too dangerous for open release. In its first 14 days inside that sandbox, it wrote 181 working Firefox exploits. The previous state-of-the-art model managed two. Uh oh. It surfaced thousands of zero-days across every major OS and browser, including a 27-year-old bug in OpenBSD, an operating system whose entire reputation is built on not having bugs like this. Let's back up a bit. In February, AWS Threat Intelligence published a postmortem on a FortiGate campaign run by a single operator. One person, low skill, no hands on keyboard. The AI did the work, and it hit 2,516 devices across 106 countries in parallel, taking just minutes per target. Zero days weren't required. Known CVEs and misconfigurations were enough; the AI simply operated faster than anyone could respond. Two data points, one message: offense now runs at machine speed. And the question every defender should be asking is, not "are we compliant?" or "are we covered?" It's more granular, and more pressing: "What's actually getting through my controls today, and how far?" If the honest answer involves a quarterly pentest report and some dashboard screenshots, consider the rest of this piece required reading. A decade ago, the median time from a CVE's publication to a working exploit appearing in the wild was measured in months, long enough for a real patch cycle. By 2024, that window had shrunk to about 56 days. By 2025, it was down to 23 days. Recent CVE-to-exploit pairings from CISA KEV, VulnCheck KEV, and exploit databases now show a median delta of roughly 10 hours. Reversing a published fix into a working exploit is no longer a specialist craft; it's now a prompt. This means that the comfortable assumptions of vulnerability management, that CVSS scores meaningfully prioritize, that "exploitability" is a useful filter, that you have time between disclosure and weaponization, have all quietly broken. The safer working assumption is now: every vulnerability has an exploit, or will, before you finish your next change-management meeting. Unfortunately, autoimmunity for defense doesn't exist yet. And blue side AI without validation is just guesswork at machine speed, and that's an expensive hunch to deploy into production. Let's start with the attacker first. At second zero, the AI script kicks off. By second five, a CVE is exploited. MFA bypassed by twenty. Web shell dropped at thirty. Credentials dumped at forty-five. By second seventy-three, the compromise is complete. No human in the loop, no hesitation, no team meetings, no coffee breaks. Now picture the defender. The SIEM alert fires at one minute, after the attacker is already done. A Tier 1 analyst picks it up around minute five. Someone triggers a SOAR playbook, by hand, at minute fifteen. A Jira ticket gets filed an hour in. Four hours later, it lands in the IT ops' queue. The patch goes out the next day, twenty-four hours after the breach that took seventy-three seconds to complete. Notice where the time goes. It isn't inside any one tool. The EDR is fast. The SIEM is fast. The vulnerability scanner is fast. The time dies between the tools: the Slack messages, the copy-pasted hash, the PDF report emailed for review, the ticket waiting for approval, the red team script being rebuilt by hand for the blue team. This is the spaghetti handoff, and it's as messy as it sounds. You can buy a faster scanner, plug in a smarter EDR, even bolt an LLM onto your SIEM, and none of them will markedly speed up your response, because the gap isn't inside any of your tools. It lives between teams and between systems. Accelerating one node in a graph doesn't accelerate the graph. This is a big part of why this conversation has moved out of the CISO's office. Six months ago, AI-driven cyber risk was a technical problem to delegate. Today, boards are treating it as existential and governing it directly. Budgets are unlocked, but not for 'more of the same.' They're funding credible, evidence-based plans. The fundamentals that made organizations resilient before Mythos still apply. There are three.: Pillar 1: Identify. You can't defend what you can't see. Even with comprehensive exposure visibility across network, endpoint, cloud, and identity, and aggressive attack surface management, the blind spots (orphaned remote access, missing segmentation, MFA gaps) are where machine-speed attackers live. Pillar 2: Protect. Effective network and endpoint controls, properly tuned. Tailored detection focused on credential access, lateral movement and privilege escalation rather than generic vendor rules. Pillar 3: Validate. This is the one most programs undervalue, and it's the one that actually answers the question we started with. Validation has two halves, and yes, you need both. Run only BAS, and you'll know your controls work in isolation but not whether an attacker can route around them. Run only autonomous pentesting, and you'll find attack paths but won't know which controls are silently failing on the assets the pentest never touched. Run them as one continuous loop, where each informs the other, and you'll finally have an answer to "what gets through, and how far" that's grounded in evidence rather than hypothetical opinion. But evidence isn't enough on its own. When offense runs at machine speed, the loop itself has to run at machine speed. A continuous loop is the right answer. But "continuous" still implies a human pacing it. In a post-Mythos world, the gap that matters isn't between seeing and detecting; it's between detecting and proving, fast enough that an AI-driven adversary doesn't find out for you first. That's where validation goes from continuous to autonomous: agents reading the alert, scoping the test, running the simulation, pushing the fix, and writing the report, while the SOC catches up on some much-needed sleep. We'll be unpacking exactly what that looks like (the architecture, the agentic workflows, the operational reality of running it inside a real enterprise) at the Autonomous Validation Summit on May 12 & 14, hosted with Frost & Sullivan and featuring practitioners from Kraft Heinz and Glow Financial Services, alongside PicusCTO, Volkan Erturk.

The patching treadmill: Why traditional application security is no longer enough

Vulnerability backlogs are overwhelming development teams. For all the time I've spent exercising on treadmills, I've always found them faintly demoralizing. You thump-thump-thump over and over again, but get nowhere. It's a lot of effort. You always work up a bit of a sweat, but ultimately feel unfulfilled. This feeling is reinforced the next day, when you have to do it all over again. In many ways, application security is like that treadmill. Once the coding is done, security teams (or customers) find flaws. Scanning tools also find flaws, often resulting in reports that seem never-ending. Coders are constantly yanked away from new development to re-learn what they wrote, locate bugs, patch them, and release fixes. Also: 77% of IT managers say their AI agents are out of control - 5 ways to rein in yours But then, like on the treadmill, the cycle repeats when new code, new dependencies, and new vulnerabilities appear. Because, of course, they will. This frustrating process is often called the find-and-fix cycle. Security and QA teams use vulnerability scanners and penetration tests. When problems are found, as they will be, developers work from the bug reports, set up triage queues, and sometimes dedicate blocks of time to remediation sprints. Find-and-fix isn't so much a development strategy as it is a reactive response to shipping code. The hope is that security flaws (all flaws, really) can be identified and fixed after release, but before they create serious harm or before your customers show up at your door with pitchforks and torches, demanding reliable code. Some security flaws are found so deep in older code that fixing them isn't practical. Code change after code change has been layered on an already shaky, compromised foundation. Getting to the root cause would require tearing everything apart, which would undoubtedly break even more. Also: I asked 5 data leaders about how they use AI to automate - and end integration nightmares That's where another time-honored but suboptimal practice, defend-and-defer, comes into play. Rather than fix deeply entrenched, vulnerable code, programmers and security teams add protective walls around it. Firewalls, runtime protections, monitoring, compensating controls, segmentation, access restrictions, and emergency mitigations all somewhat reduce exposure while the underlying application weakness remains unresolved. But at least there's some defense in place, right? Right? Here's the thing. Find-and-fix and defend-and-defer practices will never completely go away. No matter how good our best practices get, life will find a way. There will always be unexpected behavior. Given the non-deterministic nature of large language models, that possibility is even more true in the age of AI. Also: Nearly half of cybersecurity pros want to quit - here's why Find-and-fix and defend-and-defer practices are no longer sufficient. Software development moves way too fast, especially as developers use more AI assistance to crank out new versions and new capabilities at machine speed. It used to be the case that software delivered updates and new versions periodically. Big releases came out once a year. Updates, maybe, once a quarter. But now, with CI/CD (continuous integration/continuous deployment), the operative word is "continuous." Every tweak, every sprint, every bug fix, every dependency update, every cloud configuration change, every new API integration, and every AI-assisted coding session can break things and introduce new security problems faster than traditional security teams can review them. Also: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond And that focus doesn't even consider mitigation. When security teams review code, whether AI-assisted or not, they often reveal hundreds or thousands of problems that need fixing. The problems are being found faster than developers can realistically fix. Worse, most fixes take developers away from innovation and new code development, resulting in a painful and productivity-killing context switch. That's why most software has a queue of unresolved problems and vulnerabilities that regularly need to be prioritized, re-prioritized, accepted, deferred, or ignored. According to security platform provider Edgescan, network issues take an average of 54 days to fix. Web apps take almost 75 days to fix. The problem is worse at big companies. According to Edgescan's analysis, 45% of large-company vulnerabilities remain unfixed after a full year. This situation is not good. The software might create issues for users. The vulnerabilities could be exploited by attackers, bots, and criminal groups. Known but unpatched vulnerabilities are so popular that information about them is sold to others wishing to break into systems. Also: The biggest AI threats come from within - 12 ways to defend your organization When it comes to breaches, Verizon's 2025 Data Breach Incident Report determined that 20% of threat actors gained initial access to systems through code vulnerabilities, up 34% on the previous year. The other two primary access methods were credential abuse (22%) and phishing attacks (16%). In other words, patching vulnerabilities might have blocked 20% of all breach attacks, but success is not that simple. Here's another stat that reinforces this problem. Security analytics company VulnCheck reported that, "32.1% of KEVs had exploitation evidence on or before the day the CVE was issued, an increase from 23.6% in 2024." In short, bad guys knew about the vulnerabilities, KEV stands for known exploited vulnerabilities, before vendors knew they needed to be fixed. CVEs (common vulnerabilities and exposures) are the mechanism often used to notify and track the resolution of known vulnerabilities. Basically, the VulnCheck stat reported that almost a third of all vulnerabilities were in bad actors' hands and being actively exploited before the developers who could fix the vulnerabilities even found out about them. Unfortunately, we can't just demand that developers patch code with improved speed or productivity. Beyond the physical limits of human coders, or even the enhanced performance but practical limits of our AI overlords, there are practical concerns. Enterprise systems have dependencies, uptime requirements, change-control boards, regulatory constraints, customer commitments, fragile integrations, and teams that may not own the vulnerable code. Also: Rolling out AI? 5 security tactics your business can't get wrong - and why Smaller systems may depend on components or elements out of their control. For example, I woke up one morning this week to find that five of my legacy websites were no longer functioning. Those sites had been working perfectly. They had been unmodified for at least seven years. The hosting operator changed a version of a critical software system without warning, and some of my custom code stopped functioning. It took me a few days to get back up to speed on what my code did, then track down and fix it. And that was with the help of OpenAI Codex. Then there's the issue of prioritization fatigue. When every vulnerability comes in as critical, it's as if nothing is crucial. Did you ever have a day where you prioritized your to-do list, only to realize that you had 30 top-priority tasks? I see you nodding your head. At that point, it's just overwhelming, and no issue stands out. Also: Will AI make cybersecurity obsolete, or is Silicon Valley confabulating again? Even AI-driven vulnerability scans won't help you deal with the challenge. Super tools, like Anthropic Mythos, or even more accessible tools, such as Claude Security or Codex Security, can't really solve the problem. A dashboard full of findings can create the appearance of control, while the underlying engineering practices continue to produce the same defect categories. It's at this point that IT operators often try the defend-and-defer approach using tools like network or application firewalls, intrusion detection and prevention systems, endpoint detection and response, network segmentation, rate limiting, logging and monitoring, runtime application self-protection, or even virtual patching. These "compensating controls" are sometimes essential, but they can become a permanent substitute for fixing root causes. This practice is dangerous because surrounding weak software with a scaffold of security tooling doesn't solve the underlying problem: weak code. Patching after the fact isn't just insecure, it's really expensive. Yes, it's sometimes necessary (like when, a decade after I wrote a line of code using the standards at the time, a much later OS release broke it). But coding defensively, and making fixes while the original code is being developed, is far less time-consuming and painful than identifying, triaging, patching, validating, deploying, and monitoring fixes way after release. It's hard to pin down exactly when "modern development" practices started, because everyone has a different perspective. But it's fair to say that development lifecycles changed when we went from shipping updates on disk to building cloud-centric services. Then the practice changed again in the past few years when AI-assisted development became a transformative force. The fact is, our approach to software development is different from the time when find-and-fix was the way of the world. Application risk now pervades the whole software lifecycle: design choices, coding practices, dependency selection, secrets handling, identity controls, build pipelines, deployment configurations, and runtime exposure. Also: Why enterprise AI agents could become the ultimate insider threat As I've been discussing for the past year, AI has radically changed release timelines, accelerating schedules, and collapsing timelines. Unfortunately, that increase in speed can widen the gap between code creation and security review. If nothing else, the volume of code produced has increased as the time to create code has collapsed. Testing time, on the other hand, has not flattened. I've been working on a Mac app in Claude Code for about four months. The actual code-writing process takes about 20 minutes each session. But because my code uses on-device AI for sophisticated document parsing, the testing takes hours each session. My coding time has collapsed to a mere rounding error, but the testing time now takes the bulk of my development time. Still, without having AI for the initial code-writing process, I probably wouldn't have time to finish this project, whenever that happens. Also: 7 AI coding techniques I use to ship real, reliable products - fast The key problem is that AI-generated code is not necessarily secure code. AI monitoring company Snyk reported that 56.4% of developers frequently encountered security issues in AI-generated code, while 80% ignored or bypassed organizational AI code-security policies. In this article, we've looked at what happens as software production accelerates, but security remains a downstream problem: the treadmill speeds up. More code means more problems, which are found faster than developers can go back and make fixes. To be clear, we will never be able to abandon find-and-fix or defend-and-defer practices. Stuff happens. We'll always need to employ scanning, patching, monitoring, and runtime defense to some degree. But these practices should be migrated to a second-tier safety net. Do vulnerability backlogs feel like a manageable process or an endless queue in your organization? Let us know in the comments below.

5 frightening AI-powered threats that could hit your business hard

AI has given cybercriminals the one thing every stretched business fears: scale. In 2026, bad actors do not need AI to invent new ways to hurt a business. They already have phishing emails, stolen passwords, fake invoices, ransomware, and insider-style data leaks. The frightening part is what AI does to those familiar threats. A clumsy scam can become a polished message that sounds like a real supplier. A fake request from a senior executive can be written in the right tone, aimed at the right person, and timed for maximum pressure. And so on. For businesses, this turns everyday security weaknesses into sharper risks. A rushed finance approval, an over-privileged account, an unmanaged AI tool, or a single exposed login can become the opening an attacker needs. The answer is not to panic about AI, but to understand how it changes the threats already facing your organization - and close the gaps before criminals find them. Please note: All of the information is correct as of May 2026. Microsoft regularly updates its products, so some steps or features may change. AI phishing that sounds frighteningly real Pre-AI, phishing used to give itself away more often. Strange phrasing, messy formatting, and vague requests all helped staff spot when something was not quite right, even when an employee is rushed off their feet. AI strips away many of those warning signs. A scam email can be clean, specific, and written in the same kind of language a real colleague or supplier might use, and can also be adjusted quickly for different roles, locations, or business pressures, giving attackers a cheaper route to the kind of personalisation that once took far more effort. Email security now has to catch more than obvious spam. Microsoft Defender for Office 365 can help detect malicious links, attachments, and impersonation attempts, while Microsoft Defender XDR connects email activity with signals from identities, endpoints, and cloud apps. The aim is to spot the campaign behind the message before one convincing email becomes a compromised account. All it takes is one absent-minded click of a button to undo lots of good security work. Identity attacks that let criminals log in A cyberattack does not always start with malware. Often, the most valuable thing an attacker can steal is a working login. AI can make that easier by helping criminals build more convincing sign-in lures, imitate internal language, and target people with the right level of access. Once an attacker has a password, session token, or over-privileged account, they may not need to force their way through technical defenses and can move through business systems as though they belong there. This is where identity becomes a serious business risk: A compromised account can expose email, files, customer records, cloud apps, and admin tools, especially when access controls are too loose or old accounts have been left active. Defense starts with making every login work harder. Microsoft Entra can help businesses apply Conditional Access policies, require stronger authentication, and spot risky sign-ins, while Defender XDR can connect suspicious identity activity with signals from email, devices, and cloud services. Deepfake scams that turn trust into a weakness Some attacks work because they feel ordinary. A senior colleague asks for an urgent payment, or a supplier chases a changed bank detail, and so on. Deepfakes make those moments harder to judge. A voice note, call, or synthetic message can give a fake request just enough familiarity to bypass someone's instincts, especially when it appears to come from a person with authority. And to make matters worse, the damage can be immediate: money transferred, data shared, access granted, or a false instruction treated as real. Businesses need to treat trust as something to verify, not just recognise. Payment changes, unusual data requests, and urgent executive instructions should have clear approval routes outside the original message. Microsoft Entra can help tighten who has access to what, while Microsoft Purview can protect sensitive information and reduce the impact if someone is tricked into sharing more than they should. AI-assisted ransomware moving faster than security teams Ransomware has always been a race. Attackers need to find a way in, spread far enough to cause damage, and apply pressure before the business can contain them and fix the security holes. AI can tilt that race in their favour, helping criminals research targets, sharpen phishing campaigns, summarize stolen information, and adapt their approach more quickly once they find a weakness. The AI-powered threat is a faster and more efficient ransomware attack, not necessarily a fully automated one, at least not yet. For businesses, the impact is still painfully practical: locked systems, disrupted operations, exposed data, and customers left waiting while teams work out what has been touched. The longer an attacker goes unnoticed, the harder and more expensive recovery becomes. Defence depends on seeing the whole attack, not just one alert. Microsoft Defender XDR can connect signals across endpoints, identities, email, and cloud apps, while Microsoft Sentinel can help security teams investigate activity across a wider environment. "Shadow AI" and rogue agents leaking sensitive data Some of the riskiest AI tools in a business are the ones nobody has approved. Staff are already using AI to summarize documents, draft emails, analyse files, and speed through routine work. Used properly, that can be a major productivity boost; used casually, it can pull sensitive data into places the business cannot see or control. AI agents add another layer of risk. Once connected to workplace systems, they may be able to search files, trigger workflows, send messages, or act across apps. Without clear controls, an agent with too much access can spread a mistake far beyond the person who set it up. Businesses need visibility before they can manage the risk. Microsoft Purview can help classify and protect sensitive data, Microsoft Entra can control access and permissions, and Microsoft Agent 365 is designed to help organisations inventory, govern, and secure AI agents as they become part of daily work.