AI-Powered Threats Are Ready for Take Off. Preparation Is Everything.
Emerging AI models are rapidly becoming one of the biggest AI security risks today. But this is not a time to panic.
The moment calls for a reinforcement of processes, tools, and posture to operate from a new baseline. The Forescout Frontier AI Readiness Resource Center brings together the most relevant research, frameworks, and hands-on resources available.
The Mythos-Ready Risk Register
Rather than a theoretical model, the Cloud Security Alliance and SANS Institute put together a prioritized set of actions — organized by risk level and timeline — that security organizations can begin acting on immediately.
The CSA Risk Register identifies 11 prioritized actions across three categories — Risk Control, Operations, and Governance. Three areas rated HIGH risk warrant immediate attention that Forescout can help you understand in a detailed way:
Incomplete Asset and Exposure Inventory
You cannot patch, segment, or defend what you do not know exists. Inventory work must start with critical internet-facing systems and build toward full-coverage over 45 days, including real SBOMs and active reduction of unmaintained or unneeded attack surface.
Network Architecture Insufficient for Lateral Movement Containment
The Risk Register calls for deep segmentation and Zero Trust enforcement as a fundamental defensive layer. Every boundary increases attacker costs. The architecture needs to reflect that reality.
Continuous Vulnerability Management Maturity Gap
With vulnerability disclosure volume accelerating, patching pipelines need to be treated as operational infrastructure, not periodic projects. The long-term answer the Risk Register calls for is a dedicated VulnOps function — permanent, staffed, and automated like DevOps, but built for continuous vulnerability discovery and remediation.
What the CSA and SANS Institute Recommend You Do Now
The Cloud Security Alliance (CSA) published “The AI Vulnerability Storm: Building a Mythos-Ready Security Program”. It was authored by the CSA CISO Community, SANS Institute, OWASP Gen AI Security Project, and the wider community. This strategy briefing was drafted over a single weekend by more than 60 contributors and reviewed by over 250 CISOs. It is organized across three time horizons, as follows:
| WHEN | WHAT TO DO |
|---|---|
| This week | Deploy LLM-powered agents against your own codebase and applications to identify exploitable vulnerabilities before attackers do.
Audit AI agents already running in your environment — their prompts, tools, and pipelines. Enable strict egress filtering for all AI agent traffic. Revisit your organization’s current patch prioritization criteria given the compressed exploitation window. |
| Within 45 days | Automate triage and remediation pipelines to absorb the expected volume of incoming patches from Glasswing-participating vendors.
Strengthen dependency management to reduce exposure from third-party and open-source components. Update your board briefing and risk register to reflect the new exploitation timeline realities. |
| Within 12 months | Build a standing Vulnerability Operations (VulnOps) function — staffed, automated, and integrated with AI-driven discovery capabilities.
Introduce AI agents broadly across the cyber workforce to give defenders the speed necessary to Re-evaluate risk tolerance for operational downtime caused by faster remediation cycles.Update governance structures to allow faster deployment of new AI-based defenses. |
The briefing also includes a 13-item risk register mapped to four industry frameworks – OWASP LLM Top 10 2025, OWASP Agentic Top 10 2026, MITRE ATLAS, and NIST CSF 2.0 – along with 10 diagnostic questions CISOs can use immediately to triage where their programs are most exposed.
Each framework anchors a different layer of defensive context. OWASP LLM Top 10 2025 catalogs the prompt injection, supply-chain, and model output manipulation risks that affect any LLM deployment. OWASP Agentic Top 10 2026 extends that lens to autonomous AI agents — covering misuse of tools, identity confusion, and excessive agency. MITRE ATLAS maps adversarial tactics and techniques against AI systems, providing a kill-chain analog for AI-specific attacks. NIST CSF 2.0 sits above all of these as the governance scaffolding most enterprise security programs already report against.
Go deeper. Read: Claude Mythos: What CISOS Must Do Now, Per the CSA
The Role of Universal ZTNA
Protecting against today’s threats and lateral East-West movement requires a different approach. It requires total visibility across every connected asset, continuous verification of every device’s compliance and risk posture, and the ability to respond at the speed threats actually move. That destination has a name: Universal Zero Trust Network Access (UZTNA).
UZTNA Across Every Asset Type: Managed and Unmanaged
Unlike traditional zero trust approaches that focus primarily on remote users and managed endpoints, UZTNA covers every asset type, managed and unmanaged, across IT and OT, IoT and IoMT. UZTNA enforces adaptive, least-privilege access policies based on real-time context, regardless of where a device connects or whether it supports an agent.
See how, in our e-book: “5 Steps to Smarter Network Security in an AI-Driven Era”
Understanding the Mythos AI Shift: What Changed, Why It Matters
The significance for defenders is not Anthropic’s Claude Mythos specifically. It is what Mythos represents: a class of capability that will proliferate, and that fundamentally compresses the timeline between a vulnerability existing and a working exploit being in the hands of adversaries.
Claude Mythos is the most-discussed exemplar, but it is not the only one. ChatGPT, Anthropic’s frontier siblings, and the next wave of open-weight models will all develop comparable vulnerability-research and exploit-generation capabilities. Defenders should plan for the class, not the model.
The Asymmetry Between Attacker Speed and Defender Capacity
At the same time, patching pipelines, security team capacity, and organizational approval cycles have not changed at the same pace. That asymmetry is the core challenge. It is addressable — but it requires deliberate action, not just awareness.
Read: Claude Mythos — When Zero-Day Vulnerabilities Outpace Defenses →
Watch our conversation with Rik Ferguson, VP of Security Intelligence
How Forescout Helps
The network continues to be the immutable source of truth, and the Forescout 4D Platform™ is the purveyor of first-party data about what’s on the network by:
- Continuously identifying and monitoring all connected devices, operating systems and software
- Automatically assessing exposure to emerging risks, including new vulnerabilities
- Enforcing Universal Zero Trust Network Access with contextual and dynamic evaluation
- Identify logical network segments with network-based segmentation enforcement
Continuous Threat Exposure Management
Identify exposures, prioritize risks, and act on them continuously.
ExploreNetwork Security & Universal ZTNA
See, classify, and enforce Zero Trust access across every device and every network segment.
ExploreOperational Technology Security
Reduce risk in converged IT/OT environments — passively, without disruption.
ExploreBuilding the Business Case for AI Readiness Investment
The Mythos-era exploitation timeline does not just shorten the window between vulnerability disclosure and weaponization. It shifts the cyber risk conversation into a board-level business risk. CISOs preparing for AI-powered cyberattacks need to make the budget case in terms the board recognizes: quantifiable risk reduction, audit readiness, and breach-cost avoidance.
Why frontier AI risk warrants new budget — not just reallocation
The attacker–defender speed gap can’t be fixed by reshuffling existing tools. The CSA briefing calls for net-new capabilities: VulnOps as an operational function, AI-driven discovery, and segmentation enforcement that legacy stacks weren’t built to deliver. The practical path is to treat frontier AI risk as a budget supplement, not a budget swap, before exploitation timelines compress further.
Tool consolidation as the budgetary lever
Most enterprise security teams juggle dozens of point tools for discovery, segmentation, vulnerability, and exposure management. The Forescout Platform consolidates these capabilities – asset visibility, UZTNA, segmentation enforcement, and CTEM – into one foundation, positioning AI readiness as tool rationalization a CFO can defend, not an added line item.
Outcomes a board cares about — risk reduction, audit readiness, breach containment
Frame the investment in board-level outcome language:
- Aggregate cyber risk reduction measured against a defined attack-surface baseline
- Audit readiness mapping controls to NIST CSF 2.0 and the OWASP frameworks
- Breach containment lateral movement reduction quantified through segmentation coverage
These are areas a board can act on — and they map cleanly to the disclosure narrative the SEC’s incident reporting rules now require public companies to maintain.
Forescout’s Vedere Labs Research: A Year of AI Vulnerability Capability Growth
Many organizations are operating with an incomplete asset and exposure inventory — they can’t protect what they can’t see. Network architecture often can’t reliably contain lateral movement, so one foothold can become widespread impact.
There’s a persistent vulnerability management maturity gap between ‘knowing’ and ‘doing’ — prioritization, remediation, and proof are where programs stall.
Forescout’s Vedere Labs has been studying AI closely, and our latest research discovered:
- A year ago, 55% of AI models failed basic vulnerability research and 93% failed exploit development tasks.
- Today, all tested models complete vulnerability research tasks, and half can generate working exploits autonomously.
- Using single prompts, we discovered four new zero-day vulnerabilities in OpenNDS.
- One of those vulnerabilities was missed during our previous manual analysis, underscoring how AI can identify bugs that human researchers overlooked.
Read: AI Security Testing — Agents Leap from Assistants to Autonomous Hackers →