When Anthropic signalled the direction of travel with its Mythos model, it highlighted a structural change in how cyber-attacks will be created, scaled and executed.

Enterprises are already deploying AI so fast than many security teams struggle to keep up. New tools are being embedded into workflows, connected to sensitive data and integrated across core systems. At the same time, frontier AI models, like mythos and GPT-5.5-cyber, are expanding what these systems can do, particularly in areas such as reasoning, automation and task execution.

The combination has direct consequences for cybersecurity, because it allows both vulnerability discovery and attack execution to operate with far less human involvement, at a pace that can’t be matched by humans.

The challenge for enterprises is not simply the volume of new vulnerabilities, but the operational burden of responding to them quickly enough, particularly in environments still dependent on distributed hardware and fragmented security infrastructure.

Agentic AI Will Change the Tempo of Defence

Attacks are becoming agentic, with discovery and exploitation turning into continuous processes handled by software systems that operate at machine speed. These systems can identify weaknesses, test attack paths and refine techniques in real time, running constantly and adapting as conditions change.

This alters the baseline for cyber defence. Attackers are no longer constrained by time, resources, or specialist skills, and can run operations in parallel across distributed environments. A single adversary can behave like a coordinated team, executing multi-stage attacks that evolve as they progress. This is the zero-knowledge threat actor on steroids.

The impact is already visible in how vulnerabilities are discovered and exploited. The gap between disclosure and active exploitation has been shrinking for years, and in some recent cases working exploits have appeared within hours of a vulnerability becoming public, followed quickly by automated scanning and targeting. More capable models accelerate this dynamic further, pushing discovery towards a continuous process and reducing the time available to respond.

For many organisations, this means the first indication of a new weakness may be an intrusion attempt rather than a security advisory. Security architectures built around prioritisation, staged patching, and manual investigation are not designed for this pace of activity.

Fragmented Security Stacks Won’t Keep Up

Security teams are already dealing with three parallel pressures. Organisations need to secure their own use of AI, which introduces new attack surfaces tied to critical data and systems. Attackers are using AI to make offensive operations faster, cheaper and more accessible, expanding the pool of capable adversaries. At the same time, defenders need to apply AI to improve detection and response, creating rapid innovation across the market alongside a significant amount of noise.

These pressures are colliding with environments that are fragmented by design. Cloud platforms, SaaS applications, remote users and on-premises systems all generate separate streams of security data. An attacker moving through that environment leaves traces across multiple systems, often spread over time, with each individual action appearing routine when viewed in isolation.

Understanding how those actions connect is what allows defenders to identify an attack in progress, and that requires visibility across the full environment and the ability to analyse activity as it happens. The network is becoming central in this context because it is the point where users, applications, and infrastructure intersect, and where activity can be observed and controlled in real time.

Disconnected security controls struggle to keep pace with this model. Systems that analyse fragments of data in isolation miss the relationships that define modern attacks, while adding more tools increases data volume without improving understanding.

A Unified Platform is Essential for Defenders to Keep Up in the AI Era

The direction of travel is towards unified platforms built as a single architecture, where data, policy and enforcement operate together and allow patterns to be identified and acted on as activity unfolds. This kind of integration becomes essential when attackers operate on timelines measured in minutes and hours, not days and months. Delays introduced by manual investigation, limited visibility caused by fragmented systems create exposure that can be exploited repeatedly.

There are early signs of how this approach is developing. Some platforms are using AI-driven systems to analyse newly disclosed vulnerabilities and generate protections immediately, reducing the window between exposure and defence. Others focus on identifying early indicators of unknown threats and applying controls before attacks fully develop.

Cybersecurity is increasingly shaped by the interaction between automated systems on both sides. Attackers are building capabilities that learn, adapt and scale, and defensive technologies need to operate with the same level of responsiveness. Human expertise remains critical in shaping strategy and understanding intent, but the execution layer is shifting towards systems that can operate continuously and at scale.

This shift sits at the centre of the wider AI economy. Organisations will not scale AI adoption without trust in how systems are secured, while at the same time AI is accelerating the threat landscape and increasing demand for security from both sides. The gap between what organisations assume about their security posture and what is happening in their environments is widening as a result.

What This Means for Enterprise Security

AI is not introducing a new category of cyber risk, but it is increasing the speed, scale and coordination of existing threats to a level where current approaches begin to break under pressure. Organisations that adapt will treat security as a real-time, integrated system that can observe, understand and act within the same operational loop. Those that continue to rely on fragmented tools and manual processes will find themselves reacting to attacks that have already moved on.