Data Breaches & Threats | Operational resilience

May 25, 2026

Anthropic’s Mythos AI model reportedly leapfrogs the coding and cyber security hacking capabilities of previous Frontier AI models. Similar future developments will undoubtedly further challenge effective cyber security protection. Testament to that is the recent revelation that Mythos has successfully reverse-engineered a cell type from raw DNA data. AI will soon grant people extremely dangerous powers and our defences will have to become more purposeful, everywhere.

The AI horse has truly bolted and effective cyber security now means something quite different to just months ago. Then, a successful attack might have taken an expert hacker several weeks to research and execute. AI can now autonomously achieve it in hours. In an open letter to industry ASIC advises that AI is shifting the cyber threat landscape:

  • Lowering the barrier to sophisticated cyber activity;
  • Increasing the speed and scale of attack; and
  • Enabling new forms of exploitation previously only available to expert adversaries

Organisations need to stress test their security controls and risk management practices for overall adequacy. Their ongoing cyber resilience depends on it.

These AI advances will in time deliver improved cyber defences and less vulnerable attack surfaces. But for now, they assist hackers more than the enterprises and security teams that protect them. In the wrong hands, AI assisted adversaries will automatically identify and exploit vulnerabilities at speed. An uplift in compensating security controls, defence in depth, and attack-surface protection is now essential.

Implications for security oversight

Levels of enterprise cyber security risk are understated, almost everywhere. As a result, calculus of operating, economic and reputational risks has changed.

Speed to vulnerability detection

Cyber security policies and risk management practices must now shift focus from security controls compliance to addressing unprotected vulnerabilities.

Automated AI attacks, with their speed and precision will severely test most cyber governance practices. As the times from discovery to vulnerability exploit (TTE) plummet the speed to security gaps detection becomes more critical.

Security compliance is not effective cyber security

Prudent cyber security practices are no longer just about compliance with security frameworks (if they ever were?). Security frameworks with their rules-based processes and controls must continue to guide cyber security activities. But the time to secure a security gap now determines your cyber posture; not your level of framework compliance.

Evidence-based actionable intelligence is now vital to identifying and protecting the attack surface against emerging security gaps. With remediation times needing to be slashed, effective cyber defence requires up-to-the-minute information to support dynamic risk mitigation activities. The inability of sampling or arbitrary risk assessment techniques to assist in identify emerging security gaps, is reducing their usefulness.

The changes required

To match this need for speed and rigour, security and risk teams need more dynamic cyber security risk management capabilities.

This in turn raises the question of the adequacy of existing cyber security governance practices more generally. For many, an annual review of such matters may now be too infrequent to meet current regulatory reporting obligations.

Your odds of an attack are shortening all the time

The increased velocity, scale and effectiveness of AI attacks brings with it far greater risks of operational disruption.   On top of plummeting TTE timelines is the reported skyrocketing of vulnerability numbers (CVEs). Together these factors make “keeping a continuous and watchful eye over your attack surface” increasingly taxing.

Address speed and scale with Continuous Threat Exposure Management

Security and risk teams now require near real-time visibility of their attack surface and the effectiveness of their mitigation responses. Data-driven threat exposure management (CTEM) technologies ensure faster and more reliable threat detection and risk management practices. In the background they monitor millions of security events per hour to identify and maintain real-time risk assessment practices:

  • Delivering ongoing evidence-based security intelligence to security and IT teams that inform the joint investigation and mitigation strategies; and
  • Supporting dynamic decision making and security control management to respond to emerging vulnerabilities before they are targeted by hackers.

Increased cadence of risk assessment

The ACSC Essential Eight Maturity Model will continue to be important in guiding organisations to systematically treat their security threats. Effective mitigation strategies that address:

  • misconfigurations;
  • access control,
  • authentication,
  • patching and
  • policy enforcement

remain essential for effective enterprise security management.

What has changed is that these threat assessments must now be completed faster and more often. And the cadence of these defensive enterprise security risk management practices must better match the ongoing offensive AI developments.

Collaborative IT and security risk mitigation team

The speed to mitigation is now as important as the time to vulnerability detection itself. Organisations must establish effective risk management operating models. This includes IT and risk management teams working jointly with the latest security intelligence to inform their defensive efforts. It also means fully informed detection and mitigation teams able to promptly respond to any gap emerging in their attack surface.

Risk management and governance processes must adapt

Clearly Frontier AI models will continue to automate a lot of things that humans can do, faster and more reliably. In response, enterprises must increase the rigour and tempo of security threat protection practices to protect themselves against operational disruption.

AI will hasten the discovery and exploitation of vulnerabilities everywhere. In response, regulators are now urging improved attack surface protection with more diligence and timely gap detection and repair.

Mitigating a vulnerability before your attack surface is breached by an AI-assisted adversary will ensure your ongoing cyber resilience.

For more information on threat exposure management technology and what it delivers, refer to https://huntsmansecurity.com/capabilities/threat-exposure-management/.

If you want to transform your cyber security practices to meet these AI challenges head on, please Get in Touch.

BLOG POSTS

Related Cybersecurity Content

From Cyber Activity to Measurable Business Protection

April 29, 2026

Cyber security has firmly entered the domain of enterprise risk management. Boards, regulators, insurers and investors are no longer satisfied with compliance statements or maturity scores. They want clear, defensible evidence of how well the organisation is protected and what level of risk remains. Yet many organisations still rely on periodic assessments, manual audits and […]

Read more

AI Is Reshaping Insider Risk: Why Organisations Must Rethink Cyber Resilience

April 8, 2026

Artificial intelligence is accelerating at a pace that is outstripping most organisations’ ability to govern, secure and monitor it. In recent months, discussion around AI has rightly focused on attackers who are using automated tools to find vulnerabilities at scale and with unprecedented speed. But there is another dimension that poses just as significant a […]

Read more

The Federal Court on adequate cyber security protection

March 23, 2026

The Federal Court recently provided guidance on what constitutes adequate cyber security protection for licenced Australian Financial Services (AFS) providers. For security leaders, risk professionals, and executives, the message is clear: cyber security is no longer just a technical function. It is an ongoing enterprise governance, risk and resilience priority. Background: ASIC v FIIG Securities […]

Read more

Too Important To Ignore: Why Cyber Sabotage Risks Demand Immediate Action

March 11, 2026

At the ASIC Annual Forum in November the ASIO Director General Mike Burgess made something crystal clear. The threat of high impact cyber sabotage in Australia is no longer a distant or hypothetical scenario. State backed adversaries are actively probing Australia’s critical infrastructure, looking for opportunities to disrupt power, poison water supplies, interfere with telecommunications […]

Read more

Effective detection of cyber security events that may affect the information systems supporting essential functions

February 11, 2026

Adopting the NCSC CAF 4.0: Detecting and Responding to Cyber Security Events Part 2 of a 2-part series on adopting the NCSC Cyber Assessment Framework (CAF 4.0) The NCSC Cyber Assessment Framework (CAF 4.0), released in September 2025, reinforces the need for organisations to move from reactive cyber security practices to measurable, outcome-based resilience. It […]

Read more

How to adopt the NCSC CAF 4.0

December 8, 2025

Getting Security Governance and Risk Management Right Part 1 of a 2-part series on adopting the NCSC Cyber Assessment Framework (CAF 4.0) In September 2025, the UK’s National Cyber Security Centre (NCSC) updated its Cyber Assessment Framework (CAF) to version 4.0, marking a significant evolution in how organisations assess and improve their cyber security maturity. […]

Read more

AI Threats Circle Unprepared Businesses

December 1, 2025

With promises of operational efficiencies many organisations are accelerating the adoption of AI. At the same time other organisations are struggling to step back and assess the real benefits AI offers. There is uncertainty about “sharing” sensitive information with an unknown AI assistant. This challenge isn’t new. Cyber security has long grappled with building trust […]

Read more

Cyber Security Predictions for 2026

October 7, 2025

2026 will bring new challenges for CISOs and security teams. Explore Huntsman Security’s six predictions - from geopolitical uncertainty to Secure by Design practices - that will shape the year’s cyber landscape.

Read more

Patching is Too Patchy, Say NCSC, ACSC and Friends

September 10, 2025

This type of joint-advisory has become all too familiar – the cyber security community again urging organisations to mitigate known, and avoidable, security weaknesses and vulnerabilities. The recent release from NCSC, ACSC and their counterparts details  a number of frequently exploited attacks and identifies their originating source – foreign commercial entities. Organisations, particularly those in […]

Read more

Beyond Compliance: The Case for Continuous Threat Exposure Management

September 4, 2025

Organisations must transform their threat exposure management practices to stay in control of their cyber security and minimise risk of disruption. This shift is essential to meet the growing volume and velocity of disruptions driven by today’s increasingly volatile threat environment. Managing an effective cyber security posture is already a problem for many organisations. Limited […]

Read more

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.