Main image of article Cyber Pros Must Develop Resilience Strategies in an AI-Powered World

Even as spending on artificial intelligence is poised to surpass $2 trillion, the last several months have seen increased scrutiny of these models' security and of what these developments mean for the cybersecurity industry as companies plan further investments.

Starting in April, the White House began leaning on AI companies to limit the release of large language models (LLMs) designed to find vulnerabilities in software and applications, citing national security concerns. The Trump administration successfully pressured OpenAI and Anthropic into temporarily restricting access to new cybersecurity platforms.

Then, in June, the Wall Street Journal reported that a Chinese AI company claimed its cybersecurity platform could perform as well as Anthropic's Mythos model in certain scenarios. These Chinese AI platforms are also open to the general public without current restrictions, allowing anyone to download them – both defenders and attackers.

As these various regulatory and access scenarios played out, the Five Eyes intelligence alliance, which includes the U.S., U.K., Canada, Australia and New Zealand, weighed in by issuing an unusual public announcement on June 22 concerning what it called frontier AI models and warning how they are "fundamentally transforming both offensive and defensive cyber capabilities."

While light on specific courses of action, the Five Eyes alliance statement urged government agencies and private businesses to emphasize cyber resilience, as these advanced AI cybersecurity models could lower the barrier for threat actors while also accelerating attacks by shrinking the window between vulnerability discovery and exploitation.

For CISOs, cybersecurity leaders and their teams, the Five Eyes statement laid out several high-level strategies to consider as part of an organization's defense. These include:

  • Ensuring secure-by-design and secure-by-default must become standard practice rather than an aspiration.
  • Noting that resilience cannot depend on a single solution or technology. Defense in depth remains essential.
  • Understanding that as AI systems evolve, new and previously unknown vulnerabilities will emerge, including zero-day vulnerabilities.

“Cyber resilience is not an IT issue – it is central to operational continuity and market trust. Leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners, and investors. Those who delay will face growing and avoidable risk,” according to the Five Eyes statement.

While concerns about AI have grown over the last several years, these Five Eyes and other public statements from government agencies also show how much risk organizations face when it comes to cybersecurity, especially as the number of vulnerabilities has increased and systems have become more complex, said Nathaniel Jones, vice president for security and AI strategy and Field CISO at Darktrace.

“Even before the recent acceleration in AI capabilities, organizations were struggling with the gap between vulnerability disclosure, exploitation, prioritization and remediation,” Jones said. “What AI increasingly changes is the speed and scale at which portions of that process can occur, particularly reconnaissance, targeting, exploit adaptation, and operational iteration.”

SUBHEAD: Adapting Cybersecurity to an AI World

While the Trump administration now appears ready to allow Anthropic to make Fable – the public version of its Mythos model – more available to organizations and security researchers, the potential capabilities of these AI cybersecurity platforms have caught governments off guard.

It's also led cyber experts, such as Five Eyes, to urge organizations to consider and respond to these risks, said Kevin E. Greene, chief cybersecurity technologist for the public sector at BeyondTrust.

“The downstream effects will be felt across our digital ecosystem, particularly in the software that our critical infrastructure depends on. What was once economically infeasible can now be done at scale, at speed, and at far lower cost, changing the economics of cyber operations and creating new opportunities for threat actors to weaponize vulnerabilities and CVEs in their operations,” Greene noted. “This is the inflection point where AI shifts from being viewed primarily as an innovation engine to being recognized as a strategic capability domain with profound national security implications.”

Jones also noted that in the last few months, AI has become increasingly wrapped up in geopolitical tensions and economic competitiveness between nations, such as the U.S. and China, and the competition over which nation will claim dominance in the field.

“There is also a growing geopolitical dimension to this conversation. The [Trump] administration’s focus on maintaining competitiveness with China reflects a broader reality that frontier AI development is now deeply intertwined with economic security, technological leadership, and national security considerations,” Jones added. “That creates tension between innovation, competitiveness, and safety oversight that likely will not be resolved cleanly in the near term.”

As AI becomes more embedded in all aspects of a business or organization, cybersecurity professionals need a working understanding of AI and AI agent risk. That includes how models are trained, where data exposure can happen, how outputs can be manipulated, agentic blast radius, and how AI integrates into business workflows, said Diana Kelley, CISO of Noma Security.

“Organizations don’t need a handful of AI security experts; they need enterprise security teams that can ask the right questions and deploy the right controls to ensure that when AI shows up, it can be adopted quickly without introducing unnecessary risk,” Kelley said.

SUBHEAD: Developing Cyber Resilience for the AI Era

Five Eyes, which includes the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, the U.K. National Cyber Security Centre, the Canadian Centre for Cyber Security, Australia's Signals Directorate and Cyber Security Centre, and New Zealand's National Cyber Security Centre, lays out five practical steps that organizations and their cybersecurity teams can follow to reduce the risk from AI.

These include:

  • Reduce the attack surface: Limit unnecessary system access and external connectivity. Challenge whether systems need to be exposed at all and isolate those that do not.
  • Accelerate patching processes: AI is shortening the time between vulnerability discovery and exploitation. Delays in patching increase risk, especially for operational systems with long update cycles. Prioritize security updates accordingly to manage risks.
  • Address legacy systems: Unsupported systems are easy targets. They are not just technical debt; they are strategic liabilities.
  • Review and strengthen identity and access controls: Limit who can access critical systems. Enforce strong authentication and regularly review permissions.
  • Prepare for incidents before they happen: Test response plans, train and prepare teams, and assume breaches will occur. Focus on fast containment and recovery.

As AI expands, creating cyber resilience requires cybersecurity teams to focus inward. Instead of focusing exclusively on keeping threats out, they must meticulously govern what happens inside their systems, said Chandra Gnanasambandam, CTO at SailPoint.

Gnanasambandam believes that organizations need cybersecurity specialists who can focus on five core areas when building cyber resilience for AI. These include:

  • AI and Machine Learning: Specialists who don't just understand the mechanics of LLMs and autonomous agents, but who approach AI explicitly through the combined lens of identity, security and data. Organizations need experts who can anticipate how an AI model behaves, how it authenticates to corporate systems, what intent-based guardrails must restrict its actions, and how it safely interacts with their most sensitive information at machine speed.
  • Identity Governance and Administration (IGA): Professionals who can architect and manage systems for discovering, classifying, and managing all identities — human and non-human – and their privileges.
  • Zero Trust Architecture: Individuals who can design and implement "just-in-time" access models, ensuring that privileges are granted only when needed and for the minimum duration required.
  • Security Operations (SecOps) and automation: Experts who can integrate identity context directly into the Security Operations Center, enabling automated, machine-speed responses to threats.
  • Cryptography and data security: Specialists who can build systems that enforce cryptographic verification for every interaction between users, agents and data.

“This expertise is often cultivated internally by upskilling existing security and IT teams to adopt this new, identity-focused paradigm. It can also be found by partnering with security vendors who are building the architectural foundation for real-time governance and agentic security,” Gnanasambandam added.