Security: machine‑speed defense

Cybersecurity teams are being told to stop thinking in patch cycles and start thinking in seconds, as artificial intelligence cuts the time between finding a flaw and exploiting it. (govinfosecurity.com) Cisco President Jeetu Patel said in an April 20 interview that newer AI models are compressing vulnerability discovery and exploit timelines “to minutes,” pushing defenders toward real-time detection and enforcement instead of slower, human-led review. (govinfosecurity.com) Cisco’s India and South Asia security lead, Ninad Katkar, told Dataquest on April 20 that enterprises are reorganizing around identity, AI-native security, and “platformisation” — one stack tying networking, security, data, and operations together instead of separate tools. (dqindia.com) The basic problem is simple: software flaws are the unlocked doors of the internet, and AI is getting faster at rattling every handle. HackerOne said April 17 that AI systems now autonomously find and exploit flaws in open-source and production software at a pace remediation teams are not matching. (hackerone.com) That speed is showing up in public data. Rapid7 said exploited high- and critical-severity vulnerabilities rose 105% from 71 in 2024 to 146 in 2025, while the median time from publication to inclusion in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog fell from 8.5 days to 5.0 days. (itwire.com) That is why identity keeps moving to the center of security plans. Rapid7 said valid accounts with missing or weak multi-factor authentication accounted for 43.9% of its 2025 incident-response investigations, and CISA says zero-trust security should make per-request, least-privilege access decisions instead of trusting a user because they are already inside the network. (itwire.com) (cisa.gov) Cisco has been building that case into product language. At RSA Conference on March 23, the company said 85% of major enterprise customers were experimenting with AI agents but only 5% had put them into production, and it pitched agent identity, runtime guardrails, and machine-speed response as the controls needed to close that gap. (newsroom.cisco.com) The new pressure point is not just user accounts but tokens — the digital wristbands that let apps and agents keep acting after login. CISA warned in guidance published in late 2025 and updated resources in 2026 that stolen tokens and assertions can let attackers move through cloud and identity systems, and its eviction playbooks call for immediate revocation, password resets, and in some cases disabling compromised accounts. (cisa.gov 1) (cisa.gov 2) Logs matter more in that environment because they are the replay tape after a fast break-in. CISA says logging records events such as logins, file access, and attempted intrusions, and it has separately urged organizations to centralize and preserve logs so responders can reconstruct what happened after an exploit. (cisa.gov 1) (cisa.gov 2) The thread running through all of it is that defenders are being pushed toward automated containment: tighter identities, faster revocation, and telemetry that can trigger action before a human meeting starts. The older model — detect, open a ticket, schedule a change window — is colliding with attacks measured in minutes. (govinfosecurity.com) (dqindia.com)