Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.

Blog / AI Security Subscribe Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Vlad Korsunsky May 6, 2026 6 Min Read When AI accelerates the speed and scale of vulnerability discovery, the pressure on security teams shifts to prioritization and identifying the exposures that are the most critical to fix first.  Key takeaways There’s a growing narrative that AI will overwhelm cybersecurity. That attackers will simply outpace defenders. That’s too simplistic.   AI changes both sides of the equation. It accelerates vulnerability discovery in some domains, especially where data is rich and accessible, and expands what defenders can see across their environments.   Even when organizations can see more, they still struggle to decide which exposures matter most and act on those decisions fast enough. When AI is capable of finding more exposures, across more of your environment, the pressure shifts to what you choose to fix first.   The pace of AI-driven vulnerability discovery doesn't just call for faster patching. It’s calls for a completely different operating model. When Anthropic’s CEO Dario Amodei talks about a “moment of danger,” it’s worth paying attention. The headline takeaway from the Anthropic news cycle is straightforward: AI models like Mythos are discovering vulnerabilities at a speed and scale we’ve never seen before. The time between discovery and exploitation is collapsing. What used to take weeks could soon take hours. That is a real shift. But the industry’s instinctive reaction is to treat this as a vulnerability problem. More findings. Faster scanning. Shorter patch cycles. That framing is already outdated. This is not a vulnerability crisis. It is an exposure crisis. Discovery just became infinite For years, security programs have been built around a simple loop: find issues, prioritize them, fix them, repeat. It was never perfect, but it was at least bounded by human limits. AI just removed those limits. Discovery is no longer the bottleneck. Machines can now surface weaknesses continuously, across code, cloud, identity, and infrastructure, at a pace no team can match. And more importantly, they can identify paths of attack no human has ever considered — chaining weaknesses together in ways that weren’t previously visible. That doesn’t just increase volume. It fundamentally changes the nature of the problem. Because when discovery becomes effectively infinite, and attack paths expand beyond human intuition, the idea that you can “keep up” starts to fall apart. And that’s exactly what this moment is revealing. It’s also why this isn’t just a call for faster patching. It’s a call for a different operating model entirely. If discovery is continuous, exposure management must be continuous too. The industry is solving the wrong problem Most organizations already understand vulnerabilities. They have scanners. They track CVEs. They run patch cycles. If more findings alone made companies safer, we would have solved this by now. But breaches don’t happen because a vulnerability exists in isolation. They happen because a weakness sits in the wrong place, is reachable in the wrong way, and can be combined with other exposures, like misconfigurations, over-privileged identities, or unprotected assets, to create real impact. That combination is what actually matters. That combination is exposure. What AI is accelerating is not just the number of flaws, but the number of meaningful attack paths that connect these exposures across an environment. It is shifting the problem from “what is broken?” to “how can this be exploited in context?” And most security programs are not built to answer that second question. The real bottleneck has shifted The uncomfortable truth is that AI is not just creating pressure on defenders. It is exposing where the real bottleneck has always been. Yes, discovery has mattered and still does. You can’t secure what you can’t see. Gaps in visibility, incomplete inventories, and blind spots across environments are still very real challenges. But even when organizations can see, they still struggle to act. Because the true bottleneck isn’t just discovery. It is decision and action. Even before this moment, organizations were patching only a fraction of what they found. Not because they didn’t care, but because they didn’t have the clarity to know what mattered most. Now multiply that by an order of magnitude. More findings don’t lead to more security. They lead to more indecision. And indecision, at machine speed, is risk. This is why the conversation has to move beyond vulnerability management. The question is no longer how many issues exist. It is which ones actually matter, which ones can be exploited right now, and what will reduce risk the fastest. That requires a different way of thinking. One that connects assets, identities, configurations, and vulnerabilities into a single, contextual picture. One that understands not just severity, but reachability and impact. One that can guide action, not just report findings. In other words, exposure management. Not as a buzzword, but as a necessity. The AI arms race is really about prioritization There’s a growing narrative that AI will overwhelm cybersecurity. That attackers will simply outpace defenders. That’s too simplistic. AI is changing both sides of the equation. It is accelerating vulnerability discovery in some domains, especially where data is rich and accessible, while also expanding what defenders can see across their environments. But discovery is not uniform. Gaps in asset visibility still exist. Proprietary environments, incomplete inventories, and fragmented tooling mean organizations are often still working with partial pictures of their attack surface.Which makes the real challenge even clearer. Because even when organizations can see more, they still struggle to decide what matters most and act on it fast enough. When more can be found, across more of the environment, the pressure shifts to what you choose to fix first. The advantage will not go to the organization with the most data or the most alerts. It will go to the one that can turn what it knows into clear, confident decisions and act on them immediately. In this environment, prioritization is no longer a supporting function. It is the strategy. Where Tenable fits This is the shift Tenable has been building toward. Not another detection engine. Not another flood of findings. But a way to understand how risk actually forms across an environment and to drive the actions that reduce it. Because visibility alone creates noise. Context without action leaves you exposed. And speed without prioritization just accelerates the chaos. What’s needed now is a system that can connect the dots, identify what matters, and help organizations move at the same speed as the threat. That’s the real challenge of this moment. The bottom line The “moment of danger” is not that AI can find vulnerabilities. It’s that AI is exposing how unprepared most organizations are to act on them. The future of cybersecurity will not be defined by who discovers the most issues. It will be defined by who can answer, in real time, where they are truly exposed and what to do about it. That’s the problem that matters now. Vlad Korsunsky Chief Technology Officer, Tenable Vlad Korsunsky, Tenable’s Chief Technology Officer and Managing Director of Tenable Israel, is responsible for driving the company’s technical vision, platform strategy, and innovation. He leads efforts to scale the Tenable One Exposure Management Platform and advance the company’s AI strategy. With over 25 years of experience, Vlad joined Tenable after more than a decade at Microsoft, where he served as Corporate Vice President of Cloud and Enterprise Security. During his tenure, he built and led global multi-cloud security, enterprise AI security, and exposure management businesses, playing a pivotal role in shaping Microsoft's AI security strategy. Vlad holds a B.S. in Computer Science and Applied Mathematics from Bar-Ilan University and an M.S. in Computer Science from Reichman University. Related articles May 8, 2026 Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patches being made… Scott Caveza May 8, 2026 Why the approaching flood of vulnerabilities changes everything — and what to do about it AI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Raymond Carney May 7, 2026 The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats. Team Tenable Exposure Management Vulnerability Management Tenable AI Exposure Tenable One Tenable Vulnerability Management Cybersecurity news you can use Enter your email and never miss timely alerts and security guidance from the experts at Tenable. Email Address Submit