The arrival of frontier AI models with transformational cyber capabilities marks a clear inflection point in enterprise security. Models such as Anthropic’s Mythos, OpenAI’s GPT-5.5 Cyber, and others are increasingly capable of performing offensive cyber attacks, including vulnerability discovery, exploit development and multi-step attack chaining. Older AI models, while not as precise and effective, can still be damaging to enterprises as well.
The success of these models doesn’t imply that carefully constructed defense layers are ineffective. Rather, it shows that the timeframes defenders rely on—between disclosure and exploit, alert and triage, and patch availability and deployment—have narrowed in ways that will stress-test how cyber programs are organized and how quickly they can perform.
Mandiant and Flashpoint have confirmed a steady order-of-magnitude reduction in time-to-exploit over the past five years. CrowdStrike’s 2026 Global Threat Report also records an 89% year-on-year increase in AI-enabled adversary activity, with the fastest observed breakout times now measured in seconds rather than minutes.
These findings don’t invalidate the battle-tested cybersecurity playbook. The disciplines that mattered last year still matter today, and arguably even more. Zero trust, vulnerability management, exposure management, identity hygiene, and incident response all remain the right foundations. What’s changed is the margin of error around any gaps and the speed and precision of the environment in which those disciplines must operate.
AI is shifting the cybersecurity bottleneck
For years, comprehensive defensive vulnerability discovery was one of cybersecurity’s more difficult challenges, but frontier AI is beginning to erode that limitation. Mozilla’s Firefox 150 release, for example, surfaced and fixed hundreds of issues through AI-assisted analysis. Recent OpenBSD research uncovered a 27-year-old TCP SACK vulnerability that had survived decades of human review.
These aren’t edge cases. They’re clear indicators of a structural shift: machine-driven analysis is expanding what defenders can find and exposing the limits of vulnerability discovery that depends primarily on human-led review.
As frontier AI accelerates vulnerability discovery, the cybersecurity bottleneck has moved downstream. AI-assisted analysis can now generate more findings than many programs can validate, prioritize and remediate at the required pace. The operational challenge is no longer simply how to discover more vulnerabilities, but how to make faster, better-supported decisions about what’s exploitable in each environment and how to shorten the path from that decision to deployed mitigation.
Three measures should now sit at the executive level of cyber reporting: time-to-triage, time-to-mitigate and time-to-verify. Each captures a distinct point in the remediation chain where AI-accelerated threats compress the window for action. Programs that can’t provide these three metrics with confidence may still be running the right disciplines but at the wrong speed.
Why response speed is a core cybersecurity discipline
The compression of the cyber clock has made tempo itself a security discipline. Detection alone is no longer sufficient; the ability to assess, decide and act at machine speed is now a defining measure of operational resilience.
A useful test of this discipline is a tabletop exercise in which three to five critical vulnerabilities emerge in the same week, at least one chained into a multi-step exploit. In most organizations, the bottleneck that surfaces isn’t detection. It’s the speed of impact assessment, clarity of decision rights, coordination across teams, and the availability of pre-authorized playbooks for the harder calls. These are organizational and procedural gaps, not purely technical ones, and they’re where much of the achievable improvement in resilience now lies.
The same time compression applies to the most vulnerable links in the security chain: end users, suppliers, and their identities. Most real intrusions still begin with a social engineering attack, identity compromise, misconfiguration or third-party access. These aren’t always the most technically sophisticated attack vectors available, but they remain highly effective.
As AI-driven threats and vulnerabilities accelerate, a hardened security culture and strong controls around end users and suppliers become fundamental to resilience. Adversaries take the fastest path, not the most technically interesting one, and, in most environments, that path still runs through people.
Defending with AI, governing with discipline
The same capabilities that accelerate the attacker’s clock can also compress the defender’s response. Frontier AI is dual-use, and the operational value on the defensive side is becoming measurable. Telemetry analysis, configuration validation against baselines, log normalization and enrichment, alert correlation, incident scoping, and automated response measures are all areas where AI-assisted automation is reducing the time between signal and action.
The market for AI-native cybersecurity platforms, however, hasn’t yet matured. Independent benchmarks continue to shift, and clear category leaders are still emerging. Organizations making the most progress are those strengthening capabilities within their existing stack and partnerships, expanding the AI layer deliberately, governing its use carefully, and procuring decisively. At this stage, organizations that route tasks across models based on measured performance are likely to outperform those locked into a single vendor.
Discipline in defensive AI adoption matters as much as the adoption itself. The broader principles of governing autonomous and AI-driven systems—observability, accountability, human oversight, and the capacity to intervene rapidly when conditions change—apply directly here and are explored in more detail in my blog, Security at the edge of autonomy: Why AI and geopolitics are forcing a reset.
The defensive use of frontier AI isn’t exempt from those principles; it’s one of the most consequential places to apply them. Within CGI, the same discipline shapes how defensive AI is introduced into our own cybersecurity operations, with defined oversight, clear boundaries and the ability to respond quickly when the operational picture changes.
Sustaining resilience in a compressed environment
The work that defines cyber resilience in this environment is largely invisible from the outside. It depends on sustained operational discipline: shortening the time between a change occurring and the verification that it’s safe across patching, configuration, identity and the supplier estate. No single product or framework delivers that outcome. It comes from running existing programs with greater rigor, automation, coordination and practice than was historically required.
That is the standard against which every cyber program is now being measured—not by analysts or boards, but by the threat environment itself. As AI-accelerated capabilities continue to spread among skilled criminal actors, the gap will widen between organizations that have operationalized this discipline and those that haven’t.
The path forward isn’t just to launch new programs, but to sharpen existing ones. Reduce exposure. Stress-test remediation timelines before pressure arrives. Harden identity and fraud controls. Pilot defensive AI in controlled use cases. Maintain the rigor to absorb, prioritize and act on findings at the pace this moment requires.
In the age of frontier AI, the organizations that earn the trust of their clients, regulators and boards will be those whose security disciplines run at the tempo the threat environment now demands. The cyber playbook remains sound, even if it needs refinement. The clock, however, has changed drastically.
CGI is working with organizations across industries to deliver cyber resilience in the age of frontier AI. Contact me to learn more.