![\"\"](\".\/media_13e5c9b67f89ff2eff2ece807a6648a15f63b6a50.png?width=750&format=png&optimize=medium\")
<\/p>\nGaining improved visibility and implementing compensating controls are the most important steps for many organizations alongside shifting to accelerated patching cycles, cybersecurity experts tell CRN.<\/p>\n
<\/p>\n
As CISOs rethink their approaches to exposure management and cyber defense following recent revelations about AI-powered vulnerability discovery, gaining improved visibility and implementing compensating controls are the most important steps for many organizations alongside shifting to accelerated patching cycles, cybersecurity experts told CRN.<\/p>\n
Following Anthropic\u2019s announcement<\/a> about its unreleased Claude Mythos Preview earlier this month, the security industry has signaled that a massive push is needed around vulnerability management and hardening environments against a potentially massive spike in cyberattacks from the use of similar capabilities.<\/p>\n [Related: How CrowdStrike Is Helping The Industry To Withstand AI-Driven Vulnerability Deluge: Exec<\/a>]<\/p>\n However, the real risk is not the zero-day vulnerability itself, per se, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike.<\/p>\n \u201cA zero day is the beginning of the story for us, not the end of the story,\u201d Meyers told CRN. \u201cThe adversary still has to move laterally. They still have to escalate privilege. They still have to do [a series of] things to have a successful attack.\u201d<\/p>\n What that means is that there are numerous steps along the way where organizations will have an opportunity to shut down a cyberattack\u2014provided they have the necessary visibility to do so, he said.<\/p>\n \u201cThe concern that you need to have is, do you have the visibility across your enterprise?\u201d Meyers said. \u201cCan you see when they jump or when they move or when they do something? That should be the No. 1 concern.\u201d<\/p>\n To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, containing the attack surface through implementing zero-trust controls will prove to be especially pivotal, Zscaler founder and CEO Jay Chaudhry told CRN<\/a>.<\/p>\n \u201cContaining the attack surface really means doing zero trust\u2014where everything is an island of its own, and [you can] only talk to certain parties, and you can\u2019t just move left or right on the network,\u201d Chaudhry said. \u201cTo keep [relying] on these firewalls, to create segments and rules, will be almost impossible.\u201d<\/p>\n Anthropic disclosed on April 7 that Claude Mythos Preview points to the fact that \u201cAI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.\u201d<\/p>\n Chaudhry said the emergence of AI-accelerated vulnerability discovery\u2014paired with long\u2011running challenges such as insufficient patching\u2014has created a level of anxiety in the cyber field that he has never seen before.<\/p>\n The overall reaction in cybersecurity right now is, \u201c\u2018Man, this is so scary,\u2019\u201d he said. \u201cI don\u2019t recall a moment like this in cybersecurity in the past 30 years.”<\/p>\n Indeed, the advancement of AI-powered vulnerability discovery likely upends existing vulnerability management practices, according to experts.<\/p>\n The result is that organizations must \u201cplan for surge\u201d when it comes to responding to vulnerabilities, according to Presidio\u2019s Dan Lohrmann.<\/p>\n