Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
Security WeekArchived Jun 02, 2026✓ Full text saved
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
Two reports offer differing viewpoints. One suggests a failure of tools to provide what security teams really need. The other suggests the tools exist but are not properly managed.
The industrialization of cybercrime threatens to overwhelm cyber defense. It’s a process that started before the arrival of ChatGPT, was supercharged by the age of AI, and is now typified as the post-Mythos era. It’s a time when defenders must improve their performance or cede the battleground to the adversary. Applications are the battlefield. The speed, scale and sophistication of AI-assisted attacks is difficult to contain.
“AI is not just creating more vulnerabilities. It is exposing the fact that companies cannot fix known vulnerabilities fast enough,” explains Daniel Shechter, CEO and co-founder at Miggo Security. “For years, security programs have been measured by how well they find risk before software goes live. Frontier AI like Mythos changes the question. If attackers can move from disclosure to exploit in hours, boards and CISOs need to understand how long the business remains exposed, and what can be done to mitigate quickly and efficiently.”
The Cloud Security Alliance (CSA) State of Modern Application and AI Security report (PDF), commissioned by Miggo and published on June 2, 2026, confirms and explains this new reality. CSA surveyed more than 900 cybersecurity leaders and found that vulnerabilities in this post-Mythos era are evading the pre-production phase while 82% of organizations lack effective runtime visibility.
“The real challenge begins once applications are in production, where security teams must rapidly determine which exposures are truly exploitable, prioritize the risks that matter most, and respond before attackers can take advantage,” suggests Daniel Shechter, CEO and co-founder at Miggo Security.
Most breaches are driven by known vulnerabilities. Eighty percent of the companies surveyed have suffered at least one incident involving a known vulnerability in the last year. If it is known, it is almost certainly patchable; but in the post-Mythos era there are too many patches to handle. The biggest problem is knowing which of those vulnerabilities are exploitable and most urgently need patching.
Only 9% remediate critical vulnerabilities within 24 hours; with74% take one to seven days. Patch time is important: Organizations taking four or more days had a 97% incident rate. Those taking three or less had a 67% rate. The implication is that patch rates must be increased and exploitable vulnerabilities better understood – and preferably both.
It gets more complicated, and urgent, in runtime, which is described as the breach battlefield. Most organizations only know what happened after reconstructing the event after the horse has bolted. Most (73%) would adopt virtual patching if they had better confidence in minimal false positives; but only 17% configure WAFs for automatic blocking, with 56% citing a lack of application context as the reason.
Because of the runtime difficulties, there is an intention by 42% of the organizations to increase investment in runtime monitoring and protection over the next few years. But since protection is always better than cure, the bulk of investment (52%) remains in pre-production such as CI/CD build protection.
The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.
A separate FireMon Insights report, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.
“Technologies like Mythos are shining a bright light on a reality security teams can no longer ignore: any connected system is vulnerable,” says Jody Brazil, CEO at FireMon. “As AI accelerates the speed and scale of attacks, firewalls, segmentation, and policy governance become more important than ever. Our Insights data shows most organizations still lack the operational control needed to consistently manage policy across hybrid environments. That is why network segmentation, microsegmentation, and continuous policy governance are becoming foundational to reducing attack surface and limiting blast radius.”
It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.
FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.
“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”
While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.
The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.
Related: Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
Related: The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
Related: New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Related: Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
WRITTEN BY
Kevin Townsend
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
The Credential Crisis: How Stolen Credentials Defeat Modern Security
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
Latest News
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Anthropic Expanding Mythos Access to 150 New Organizations
The Zero-Knowledge Threat Actor and the End of Responsible Disclosure
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
Oracle WebLogic Vulnerability Exploited in the Wild
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
Trending
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026
Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.
Register
People on the Move
Rapid7 announced that Wael Mohamed will assume the role of Chief Executive Officer, replacing current Chief Executive Officer Corey Thomas, who will become Executive Chairman of the Board.
Anurag Jain has been appointed Senior Vice President of Engineering at CodeHunter.
CTERA has appointed Tal Sarfaty as Senior Vice President of Cybersecurity.
More People On The Move
Expert Insights
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Raising The Cybersecurity Stakes: Ante Up For The Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael)
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael)
Flipboard
Reddit
Whatsapp
Email