Time to integrate AI into the core of the business

COMMENTARY: Advanced frontier models have put AI at the center of modern security. AI delivers speed and scale for defenders while attackers use it to gain visibility, access, and automate attacks. The same models accelerating attackers also let defenders detect, analyze, and mitigate risk at unprecedented speed.

The balance shifts constantly. Today’s most successful organizations treat AI as foundational, embedding it directly into their platform’s core and enabling defensive intelligence to move at the same pace as the threats. This change turns cybersecurity from a reactive checklist into a persistent, intelligent layer that protects the enterprise.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

The advantage is no longer about who has better tools, but who can operate faster and more cohesively across the entire security lifecycle — from detection to response.

How defenders should use AI

Here's how security teams should use AI to mitigate attacks:

Threat detection and response: Frontier AI models can handle the work that has historically stretched security teams thin. In threat detection and response, frontier AI models correlate signals across huge volumes of telemetry, spot anomalous behavior in real time, and help security operations center analysts spot the needle in the haystack and deliver fast triage and incident handling. These models serve as analysts that never blink, never sleep, and never overlook a single log entry. The result is a shift from reactive response to proactive control.

Security automation at scale: The demand for specialized security expertise has always outpaced supply. Frontier models close that gap. They generate secure code patterns, automate penetration testing workflows, and simulate attack paths across complex multi-cloud environments. High-quality security practices can now apply everywhere instead of only where the right experts are available.

Augmented security expertise: The models do not replace skilled people but rather multiply the impact of existing security teams. Junior engineers receive expert guidance on demand, and these models can free up their time to work on more valuable tasks, accelerating their capabilities. Threat modeling sessions that once took days of workshops now finish in minutes and with heightened accuracy.

Vulnerability discovery: Frontier AI models can scan codebases and identify vulnerabilities faster than traditional methods. Audit and test tasks that once took weeks or months can now be completed in hours. Models can assist in identifying previously undetected vulnerabilities and potential complex system weaknesses. Even if the model doesn’t find the vulnerability, it can guide threat analysts to the right part of the code and give them the right buttons to push to continue the hunt. AI supercharges the skill sets you already have, allowing you to deliver more with the same resources.

This compression of discovery timelines reduces exposure windows and lets organizations move from reactive patching to proactive risk reduction. Vulnerabilities that once took weeks or months to discover can now be identified in hours. 

From a security perspective, it’s a double-edged sword: The same capability that detects and patches a vulnerability can also weaponize it. This isn’t just another technology shift. It’s a fundamental reshaping of the threat landscape.

How cybercriminals use AI

Here are the two main ways threat actors leverage AI against defenders today:

Fewer skills, better attacks: Frontier models lower the barrier for sophisticated operations. They reveal hidden details of target systems, generate exploit code, pinpoint vulnerabilities, and chain together multi-stage attacks. Tasks once limited to elite hackers are now within reach of many more threat actors. Attack velocity rises sharply as a result.

Attackers leverage vulnerability discovery for the dark side: Vulnerability discovery shows the symmetry between the capabilities afforded to defenders and attackers most clearly. The model that helps an organization find and fix a bug can just as easily help an adversary discover it first. It compares software versions in seconds, reverse engineers patches, and compresses the timeline from discovery to weaponized exploit from months down to hours. Exposure windows shrink for everyone. Organizations that have not implemented disciplined cyber hygiene practices and cannot patch or mitigate at machine speed will face threats that have already evolved past their defenses.

Get back to the basics

Despite the doom-laden claims of an impending Apocalypse, the sky is not falling. We’re in a positive time in cybersecurity.

Adapting to today's AI cyber world does not mean abandoning the fundamentals security teams have relied on for decades. Security teams have used AI for years to guide fuzzing, automate penetration testing, and improve code analysis. Frontier models simply extend and strengthen that path. The most successful strategies still rest on mature vulnerability management programs, secure by design principles, and defense-in-depth architectures that contain the impact of any single breach.

Scale has become the important difference today.

AI lets us get in front of the problem in a way that has historically and continually posed a challenge. Of course, we’re in a cat-and-mouse game and threat actors will catch up quickly, so how we adjust to stay ahead is crucial.

The economics of cyber conflict have changed. Today, we need to mitigate first and patch later. That means hardened configurations, strict access controls, multi-factor authentication enforced wherever possible, continuous threat hunting, and full logging. Mitigate in minutes and patch in hours will become the new norm; prioritize internet facing assets for patching. Automation is no longer optional—it’s essential.

Temporary protections such as virtual patching and clear vendor workarounds become vital bridges while permanent fixes are completed. Architectural choices made at the design stage must now account for AI-driven attack speed. The old reasons for delaying upgrades, such as tax season, Black Friday, or any other busy period, no longer apply when exploits can appear within hours of disclosure.

The timeline of risk has changed. Detection, validation, and mitigation now must operate as a continuous, integrated process. Vendors should apply AI early in the product lifecycle, shorten remediation cycles, and use defensive engineering techniques to limit the impact of inevitable vulnerabilities. Organizations that do this will operate with greater visibility and control. Those that cannot will fall behind.

Security depends on consistent execution. Faster response models, supported by systems designed for scale, are now required.

Carl Windsor, chief information security officer, Fortinet  

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.