How Can Organizations Keep Pace with New Artificial Intelligence (AI) Capabilities?

Advances in AI are reshaping the cybersecurity landscape in a fundamental way. Modern AI systems are no longer limited to detecting known threats. They are increasingly capable of uncovering previously unknown vulnerabilities buried deep within complex software and systems, including Zero Day vulnerabilities that can be found at lightning speed.

The announcement of Project Glasswing and Claude Mythos from Anthropic are a wake-up call. They are clear examples of how AI will revolutionize the speed and volume of vulnerability discovery and exploitation — and the way we build more secure software. These frontier AI models will push organizations to step up their defenses faster than ever.

In our most recent research, Vedere Labs showed how less-advanced, publicly available commercial and open-source AI models can find vulnerabilities that human researchers overlooked. Our research also showed that the most capable models – Claude Opus 4.6 and Kimi K2.5 – can now find and exploit vulnerabilities without complex prompts, making them accessible to inexperienced attackers.

Over the long term, Claude Mythos and other upcoming AI models will enable software companies to identify and fix vulnerabilities before products are released to reduce the burden on end users. However, in the short term, there will be increased pressure on end users and security teams to defend and keep up — something that is already challenging.

Today, many vulnerabilities are discovered faster than organizations can plan to respond. In many cases, patches do not yet exist, and traditional vulnerability management workflows are too slow to keep pace. For critical infrastructure, vulnerabilities can typically be patched only every few months to avoid disruptions to energy supply and manufacturing processes. In hospitals, security response has to be balanced against the risks to patient safety. Claude Mythos just multiplied this problem exponentially, which means more vulnerabilities will be available for longer for attackers to exploit.

To remain resilient, organizations must evolve beyond reactive security models into proactive approaches. Continuous visibility, real-time exposure assessment, and adaptive segmentation and control mechanisms are becoming essential capabilities for mitigating risk in this new era.

A New Era of Vulnerability Discovery and Response

Anthropic’s announcement describes how Claude Mythos can identify zero-day vulnerabilities that have eluded detection for years, including a 27-year-old vulnerability in OpenBSD. These are not always an oversight caused by poor coding practices. They often stem from deeply embedded software complexity, such as edge-case interactions, third-party libraries, and system dependencies.

What makes this development particularly significant is the speed and scale at which discovery can now occur. Instead of vulnerabilities emerging gradually through coordinated disclosure or isolated research, they can be surfaced rapidly and in large numbers.

This challenges a long-standing assumption in cybersecurity: that defenders have sufficient time to react once a vulnerability becomes known. That assumption no longer holds.

Historically, vulnerability management has relied on a predictable sequence: discovery, disclosure, patch development, and remediation. Security teams have long built processes and tooling around this cadence. AI-driven discovery disrupts this model. Vulnerabilities may be identified suddenly, without vendor awareness, and without available fixes. At the same time, attackers may gain access to similar capabilities, compressing the timeline between discovery and exploitation.

This creates a critical exposure window where organizations are aware of risk but lack the ability to eliminate it.

Where Are We Exposed?

When a new zero-day vulnerability emerges, the most urgent question an organization needs to answer is whether they are affected at all … And if so, where?

Unfortunately, many enterprises struggle to answer this basic question with confidence. Asset inventories, when in place, are often incomplete, outdated, or limited in scope. Periodic scanning and traditional endpoint-based approaches frequently miss entire classes of devices, including:

  • Unmanaged or transient endpoints
  • IoT devices: IP cameras, badge readers, smart TVs, etc.
  • OT devices: building controllers, PLCs on factory floors, medical devices, etc.
  • Third-party and contractor-owned assets

These gaps create blind spots in the attack surface that become especially dangerous when dealing with an increased number of vulnerabilities. Without accurate visibility, organizations cannot assess exposure, prioritize response, or make informed decisions under time pressure.

Continuous Visibility As a Foundational Capability

Effective security begins with visibility — but not as a one-time audit or periodic exercise. It must be continuous, comprehensive, and context-aware.

Organizations need the ability to:

  • Identify every device connected to the network in real time
  • Understand where each asset resides and how it communicates
  • Classify systems based on function, ownership, and business criticality
  • Map dependencies and relationships between assets

This level of visibility enables security teams to quickly determine not only whether they are exposed, but exactly where those vulnerabilities reside and how the risk propagates across the environment.

Go deeper: discover how to build operational resilience with Continuous Threat Exposure Management (CTEM).

From Remediation to Mitigation

The ultimate way to resolve a vulnerability is to patch the exposed device. However, when no patch is available or a patch cannot be installed for several weeks (e.g. until the next maintenance window of an electric power grid or manufacturing site), mitigation strategies must shift from fixing vulnerabilities to quickly controlling their exploitability. This is a critical mindset change.

Compensating controls may include:

  • Enforcing stricter access control policies and restricting network access to vulnerable systems.
  • Segmenting critical assets to limit lateral movement and reduce unnecessary communication paths.
  • Isolating high-risk devices while preserving operations.

Static network access control and segmentation policies and manual workflows are insufficient in scenarios where conditions are evolving rapidly. Instead, organizations need dynamic control mechanisms that can be applied and adjusted in real time, based on current risk posture and new intelligence.

The Network As a Control Plane

In this emerging landscape where devices cannot be patched fast enough, the network itself becomes a central enforcement point for security decisions. Rather than acting as passive infrastructure, it serves as an active control plane capable of adapting and responding to new threats.

Organizations that succeed in this model share several benefits:

  • They maintain real-time awareness of their environment
  • They can rapidly assess the impact of new vulnerabilities
  • They dynamically adjust controls without disrupting operations
  • They can quickly turn visibility into enforcement

This approach does not replace traditional practices like patching or vulnerability management. Instead, it complements them by providing a way to manage risk during the critical window when remediation is not yet possible.

Redefining Cyber Resilience

The rise of AI-driven vulnerability discovery does not necessarily mean that software, network and devices are becoming less secure. Rather, it highlights the extent of latent risk that has always existed beneath the surface. What has changed is the speed at which that risk can now be exposed.

To operate effectively in this new reality, organizations require solutions designed for continuous visibility and dynamic response, enabling security teams to act quickly and with confidence, even in the absence of patches or vendor guidance. These solutions allow organizations to:

  • Continuously identify and monitor all connected devices
  • Automatically assess exposure to emerging risks, including new vulnerabilities
  • Enforce mitigation and adjust controls in real time
  • Maintain operational continuity while reducing risk

Security programs that rely solely on traditional vulnerability management for prevention and remediation will struggle to keep pace. Those that embrace visibility, adaptability and network controls will be better positioned to manage the unknown.

How Forescout Can Help

The Forescout 4D Platform™ with VistaroAI™ is designed for exactly this kind of reality, where risk may be revealed suddenly, without warning, and without an immediate fix.

By providing continuous visibility into all connected devices and enabling organizations to adapt network and security controls dynamically, Forescout supports the rapid, context‑driven response this new era demands.

See How