Introduction to AI-Powered Cybersecurity
Troy West, associate director of cybersecurity for autonomous offensive security company XBOW, had his dinner interrupted by a phone call in Warsaw. The call was to inform him that a trial version of XBOW's platform had found a vulnerability that led to a full takedown of a development environment used by Moderna, a pharmaceutical company known for its mRNA vaccines.
This incident highlights the shift in the cybersecurity industry, where AI models are discovering vulnerabilities faster than teams can patch them. Industry experts say the tools are getting sharper, the attack surface is getting larger, and the gap between finding a problem and fixing it is not closing fast enough.
The Impact of Claude Mythos
The inflection point came with Claude Mythos, a highly guarded model announced by Anthropic. Security executives at major enterprise technology companies took notice, and Zscaler was among the early organizations given access to the model. CEO Jay Chaudhry directed his team to use it to probe the company's own applications, and they found some serious vulnerabilities.
Tom Gillis, general manager for infrastructure and security products at Cisco, attributes the change to code complexity. Legacy network infrastructure was built on tens of millions of lines of code developed over decades, and earlier AI models lacked the context window and reasoning capacity to comprehend it in full.
Legacy Infrastructure and AI Models
The combination of aging infrastructure and newly capable AI models has created a meaningful and accelerating shift in attacker capability that the industry's existing operational rhythms were not built to absorb. Firewalls and network switches often run for decades without updates or reboots, and many have never been patched in any meaningful way.
Cisco's Live Protect
Cisco's answer to the oncoming vulnerability deluge is a technology called Live Protect, a compensated control built on eBPF, a Linux feature that lets security software operate at the kernel level to block threats without rewriting system code. Live Protect is a pinpoint, laser-fine control that can shield a vulnerability on a production system without touching or modifying the binaries.
The intent is to shrink the window between discovering a vulnerability and the next scheduled patch, allowing IT teams to fix issues without taking systems offline. Gillis acknowledges that some customers may be tempted to treat the shields as a permanent solution, but notes that eBPF is open source and expects the broader industry to follow.
XBOW and Continuous Testing
Farzan Karimi, Moderna's deputy CISO, faced a different problem: his vulnerability management system was surfacing hundreds of high-severity findings with no reliable way to know which ones an attacker could actually exploit. He turned to XBOW, a platform that can test continuously and everywhere.
Troy West, who leads offensive security for XBOW, describes the platform as a response to a structural problem in how offensive security has traditionally worked. Human testers scope an engagement, run it, write a report, and move on, leaving a window between tests where risk accumulates.
XBOW's Trial with Moderna
Karimi decided to put XBOW through a trial, which produced two notable findings. The first was a web application firewall bypass on a company application built on the Spring Boot framework. The second finding was more consequential, as XBOW identified a valid API key embedded in the source code of an internal application, used it to authenticate, and then began probing the application's APIs for SQL injection vulnerabilities.
The trial resulted in an unexpected outcome, as one of the APIs handled a malformed SQL injection attempt in an unexpected way, dumping garbage data into a shared routing application that other services depended on. Human pen-testers who reviewed the findings afterward confirmed they were valid and said they would not have found them on their own.
A Broader Reckoning
Across these conversations, a consistent theme was that even as defenders are trying to get arms around the forthcoming wave of bugs, it's going to be a tremendously uphill battle. Industry leaders have been warning about the timeline for a publicly available tool similar to Mythos, and the potential consequences of not making changes to address the new wave of vulnerabilities.
Gillis was blunt about what happens to organizations that don't move: 'Some people will be slow to change, but the consequence of not making that change is gonna be front-page news. It's a massive, massive compromise. You know, like, 'you gave up every credit card number.' Bummer.'
- AI models are discovering vulnerabilities faster than teams can patch them.
- The attack surface is getting larger, and the gap between finding a problem and fixing it is not closing fast enough.
- Cisco's Live Protect is a technology that can shield vulnerabilities on production systems without touching or modifying the binaries.
- XBOW is a platform that can test continuously and everywhere, providing a response to the structural problem in how offensive security has traditionally worked.
'In that world, cyberattacks could occur much more often, and in much more unpredictable forms.' - Anthropic blog post
The industry is facing a significant challenge in addressing the new wave of vulnerabilities, and organizations must be prepared to adapt and make changes to stay ahead of the threat landscape.
Source: CyberScoop