Runtime security rises

Runtime security is moving from a niche cloud tool to a front-line defense as attackers use artificial intelligence to break into systems in minutes. (techzine.eu) Runtime security watches what code, containers, and cloud workloads do while they are running, not just how they were configured before launch. Sysdig said threat actors reached full administrative control of an Amazon Web Services environment in eight minutes in a November 28, 2025 intrusion it published on February 3, 2026. (techzine.eu) (sysdig.com) That speed is pushing security teams beyond the old model of waiting for alerts, then investigating after the fact. Techzine reported on April 13 that Conor Sherman, Sysdig’s chief information security officer in residence, said traditional posture checks and log reviews are too slow when short-lived cloud workloads can disappear before responders arrive. (techzine.eu) A parallel shift is happening in how companies define cyber resilience. The World Economic Forum said on April 9 that resilience should be measured “upstream” through preparedness and early mitigation, not only by how fast an organization recovers after an incident. (weforum.org) The change is tied to two pressures that grew over the past year: artificial intelligence is speeding up attacks, and third-party dependencies are widening the blast radius when one supplier or cloud service is compromised. The World Economic Forum’s Global Cybersecurity Outlook 2026 said accelerating artificial intelligence adoption, geopolitical fragmentation, and supply-chain complexity are reshaping cyber risk. (weforum.org 1) (weforum.org 2) Microsoft said on April 2 that threat actors are already embedding artificial intelligence across reconnaissance, phishing, malware development, and post-compromise operations. In Microsoft’s data, click-through rates for artificial-intelligence-assisted phishing reached 54%, compared with about 12% for more traditional campaigns. (microsoft.com) Governments are also trying to separate hype from real capability. Infosecurity Magazine reported on April 14 that the United Kingdom’s AI Security Institute urged organizations to double down on basic cyber controls after testing Anthropic’s Mythos Preview, even as the model drew attention for finding large numbers of old software flaws. (infosecurity-magazine.com) That guidance fits the institute’s longer view of model testing. In an October 24, 2024 paper, the institute said third-party evaluations can verify company claims and expose risks, but the science is still too early for those tests to serve as a full safety certification system. (aisi.gov.uk) The financial case for earlier detection is already established. IBM’s 2025 Cost of a Data Breach report put the global average breach cost at $4.44 million, and the World Economic Forum said organizations using artificial intelligence and automation extensively cut breach lifecycles by 80 days and reduced average costs by $1.9 million. (ibm.com) (weforum.org) The thread running through these reports is simple: if attackers can move in eight minutes, security programs built around post-incident cleanup are arriving after the damage. Analysts and officials are now telling companies to watch live systems, tighten third-party exposure, and treat preparation as part of resilience itself. (sysdig.com) (weforum.org)