Securing the enterprise in the frontier AI era

Depending on who you ask, this is either the beginning of the end for traditional cyber security, or a masterclass in marketing. Between the claims of 27-year-old “unfindable” bugs being squashed in hours and the decision to keep the model under lock and key for all but a select few, the stir is impossible to ignore.

The UK’s AI Security Institute (AISI) confirmed modern AI can now execute autonomous end-to-end intrusions, successfully breaching a simulated corporate network. The good news is that models still struggled against active defenders and segmented environments. While “expert human guidance” is still often required for complex intrusions, that gap is closing fast.

But beneath the hype and the headlines remains a technical reality. Even if this current round of frontier models don’t deliver on the marketing hype they’re creating, they’ve already reshaped the cyber security landscape. These highly capable systems are collapsing the window between vulnerability discovery and active exploitation from weeks or months down to hours and minutes. Despite these looming frontier models and their advanced capabilities, skilled researchers and engineers are already using available models to find real-world bugs and exploit them.

The stakes have moved beyond IT. This is now a business resilience issue. Traditional, human-paced security workflows built on periodic assessments and theoretical severity scores are no longer fit for an environment where attackers operate at machine speed.

To prepare your organisation for this shift, your security programme must pivot from measuring volume to managing true exposure.

Below is a proposed blueprint for modernising your cyber posture to respond to this new technical reality:

Organisations can no longer afford to ignore the backlog of vulnerabilities ranked purely by Common Vulnerability Scoring System (CVSS) scores. AI will surface more vulnerabilities than any team can manually process. Instead, security leaders must have visibility of what’s actively exploitable and reachable within their specific environment.

To effectively manage risk, we must first map our specific environment to identify actively exploitable attack paths. Determining the “reachability” of our assets is key to accurately assessing the true level of threat. This requires distinguishing between assets directly exposed to the internet and those that, while requiring internal access, may still be exploitable by an adversary who has already achieved initial network penetration.

For enterprises operating at scale, the cloud is no longer just a place where code runs, it’s a sprawling, ephemeral ecosystem made up of thousands of services both on-premise and across hyperscalers like AWS, Azure, and GCP. The volume of telemetry is often paralysing, with security teams drowning in a “sea of red” alerts where every vulnerability is labelled “Critical,” yet there’s no clear path to remediation. In these environments, the challenge isn’t a lack of data; it’s a lack of context.

By integrating Application Security Posture Management (ASPM), CSPM (Cloud Security Posture Management) and CNAPP (Cloud-Native Application Protection Platforms), we shift from theoretical risk to validated risk. We reallocate criticality by cross-referencing findings against:

• Known exploitation: Actively tracking CISA KEV, vendor advisories, and real-world “in-the-wild” signals.
• Exploit availability: Identifying assets with known, publicly available, functional exploits.
• Environmental reachability: Correlating vulnerability data with our internal reachability map.

Every reachable asset with a known vulnerability and a publicly available exploit must have a remediation plan. This ensures that finite resources are focused on the vulnerabilities most likely to be weaponised against us. Replacing end-of-life software should also be a priority.

2. Optimise and unify your existing defensive investments

Before adding new layers of complexity, you must break down the silos between your existing security tools. Most enterprises have fragmented telemetry across cloud, application, and endpoint environments that fail to provide a cohesive view of risk.

The temptation to find a new platform is real, but the better move is to consolidate existing defensive layers, leveraging AI tools that integrate directly into the security platforms you already run.

Both commercial (such as Anthropic’s most advanced generally available model at the time of publication, Opus 4.7) and open-source models can integrate directly with major cloud and security platforms, enabling organisations to leverage machine-speed threat analysis and response capabilities within their existing security ecosystem.

Traditional security controls still work; they must be optimised and properly implemented to match the velocity of attackers. Organisations must unify fragmented toolsets to ensure findings from across the estate are prioritised for remediation. The outcome is the federation of accountability across the organisation so that every department can continuously respond to the threats and vulnerabilities they own.

3. Tighten the blast radius

Because AI-assisted vulnerability discovery will inevitably uncover new initial access vectors, you must design your architecture assuming the perimeter will be breached. The goal is limiting the blast radius of that initial access.

• East-West network segmentation: While edge defences are necessary, you must implement controls between internal workloads (East-West traffic) to stop lateral movement, shrinking the blast radius from an entire environment down to a single system.
• Least and zero standing privileges: An initial exploit often only becomes catastrophic when it grants access to excessive privileges. Least privilege access must be the baseline, with increased adoption of continuous identity controls and zero standing privileges to ensure that compromised credentials don’t equate to the keys to the kingdom.
• Active deception: Deploy honeypots, decoy databases, and canary tokens across your network. Because no legitimate user will interact with a honeypot, every alert acts as a high-confidence tripwire, catching attackers the moment they attempt to move laterally.

4. Fight AI with AI: machine-speed defence

You can’t defend against automated, machine-speed attacks using manual, human-paced triage. The same AI capabilities adversaries use to accelerate exploits must be deployed to accelerate your defence.

Governed AI defence agents operating under clear guardrails can autonomously triage findings, summarise incidents, and identify remediation strategies. Embedding AI directly into security operations compresses the detection-to-containment pipeline from hours to minutes.

Outpacing the adversary is no longer about finding more vulnerabilities. It’s about taking decisive action faster than attackers can exploit them. Deploy AI defence agents now, not as an experiment, but as an operational imperative.

5. Cultivate cyber resilience and stress test incident response

Preventing every breach is unrealistic. The frontier AI threat model makes that clear. What separates resilient organisations is how fast they can contain and recover.

For business leaders, this shifts incident readiness from a technical IT function to a fundamental business resilience issue. Organisations that fail to tighten their recovery workflows face significantly greater exposure to disruption, data loss, and severe recovery costs. To achieve true resilience, traditional models that separate detection, investigation, and containment into distinct, human-paced stages must be augmented with defensive AI capabilities capable of neutralising threats in minutes.

Pressure testing incident response capabilities matters as much as building them. A plan on paper isn’t enough. In the frontier-era threat landscape, an organisation must have the capability to respond to simultaneous high-severity incidents. Playbooks need to be in place and validated to provide repeatable steps to manage critical incidents. Where possible, these response capabilities need to be automated and, where practical, augmented with AI.

Start today with tabletop exercises to validate response capabilities. For example, simulating a critical CVE dropping at 4:00 PM on a Friday to stress test whether current capabilities are fit for purpose, capable of coordinating swift decision-making, executing automated rollbacks, and recovering critical systems without business interruption.

While deploying AI agents is essential for machine-speed defence, these systems expand your attack surface and must be governed deliberately. AI delivers maximum business value when it operates within structured workflows to augment rather than replace human oversight.

By treating AI as an operational amplifier rather than a fully autonomous replacement, organisations can scale their defensive velocity safely and maintain operational control.

Frontier models will create real challenges for many organisations. They’ll also offer genuine solutions to problems we’ve struggled to solve for decades.

AI isn’t finding “new classes” of bugs; it’s finding bugs at a speed that humans can’t match. That speed and scale multiplier is available to both sides: those that seek to do harm and those that keep us safe. Traditional security controls still work, but only if they’re properly implemented. As AI-enabled threats become cheaper and faster, the window of opportunity for defenders is shrinking. Resilience now requires a blend of core IT hygiene and AI-driven defence.