How Automation Improves AI Security Assessments

We ran 1,060 autonomous attacks. Here's what the industry gets wrong. 100+ experts across 30+ countries recently published the most comprehensive AI safety assessment ever. Their assessment: AI can assist cyber operations -- but full autonomy is yet to be observed. We respectfully disagree, and we have the (security) receipts. If you don't read the full post (linked below), here's my TLDR: The International AI Safety Report 2026 is excellent. Genuinely worth reading. But its conclusions are calibrated to general-purpose AI. When you build purpose-built offensive systems, the picture looks very different. ⚡️ XBOW runs fully autonomous pentests against real production systems. Every day. → 1,060+ vulnerabilities on HackerOne → 48-step exploit chains → Broke a cryptographic implementation in 17 minutes The report says AI "cannot reliably execute long, multi-stage attack sequences." Our agents do exactly that. The difference isn't the model. It's the *architecture*: thousands of short-lived agents, each with a narrow objective, orchestrated by a persistent coordinator, validated by deterministic logic. If one agent hits a dead end on step 4, another starts fresh and finds a different path. The window between vulnerability and exploitation is shrinking to hours. Annual pentests leave you exposed for most of the year. 🙂 The good news: the same AI powering offense also powers defense. Continuous, autonomous security testing isn't theoretical. It's being built as we speak. Full post 👇

Anthropic 's Claude new code security capability didn’t introduce a better scanner — it introduced a new layer in AppSec. For years, we scaled detection: more tools, more alerts, more triage. But security never scaled at the same speed as software. What changed now is simple but structural — security reasoning moved into the developer workflow. AI doesn’t just find patterns, it explains risk, understands intent, and proposes secure alternatives. That shift compresses the distance between detection and remediation, which is where most AppSec friction has always lived. This doesn’t replace the AppSec stack, but it forces consolidation. Lightweight SAST, standalone review workflows, and parts of manual code assessment will increasingly become capabilities rather than products. The value moves upward — toward orchestration, governance, runtime validation, and decision quality. In other words, security is moving from tools to intelligence. From a CISO perspective, this is an operating model change, not a tooling trend. Teams that embed AI as a control layer will scale expertise without scaling headcount at the same rate. Teams that treat it as a developer feature will see incremental gains but miss the structural advantage. Within the next two years, most mature engineering organizations will run an AI reasoning layer inside their SDLC — formally or organically. The real risk is not adopting early. The real risk is adoption without design. AI-native code security doesn’t eliminate AppSec. It reveals which parts were process — and which parts were expertise. #AI #CyberSecurity #AppSec #DevSecOps #CISO #AIsecurity #Claude #SoftwareSecurity

In 2025, we tried every possible way to align automation with AI in our SOC. Here’s what turned out to be for us the game changer. Before scaling automation and AI in your SOC, design control. Automation and AI are no longer experimental. They are becoming operational components. As soon as systems execute actions and AI produces recommendations, the SOC is no longer just observing. It is shaping outcomes. That’s where most teams struggle. Not with models. Not with prompts. But with missing guardrails. The challenge is no longer building AI. It’s controlling it. That’s why we designed our six SOC AI guardrails: #1 Response modes: Define upfront when automation may act, when humans must decide, and where automation is never allowed. #2 Confidence scoring: Measure how safe it is to act on an interpretation, not how bad an incident might be. #3 Context as a dependency: Automation and AI are only reliable when asset, identity and behavioral context are non-negotiable inputs. #4 Deterministic response actions: Every decision must map to predictable, pre-approved actions, with no improvisation at runtime. #5 Boundaries for AI agents: AI components are treated like privileged systems, with strict scopes, permissions and execution limits. #6 Auditability by design: Every automated or AI-supported action must be explainable, traceable and reproducible. Only after implementing these six guardrails do automation and AI become truly usable in our SOC. Not as theory. As operational design. If you’re building an automated or AI-enabled SOC, this control layer is non-negotiable. Without guardrails, AI scales uncertainty. With them, it scales trust. Full breakdown in the article below 👇 PS: If this approach resonates, let me know. Next posts will break down how each guardrail looks in practice.

AI breaches are no longer hypothetical, and most teams aren’t ready. IBM’s 2025 Cost of a Data Breach report puts numbers behind what many of us are seeing on the ground. Here’s what we learned reviewing it end-to-end: • 13% of organizations reported breaches of AI models or apps, and 97% of those lacked basic AI access controls. • Shadow AI hurts. 1 in 5 breaches involved unsanctioned AI, adding about $670,000 to breach costs and exposing more PII and IP. • Attackers use AI too. 16% of breaches involved AI tools, often for phishing or deepfake impersonation. • The U.S. hit a record $10.22M average breach cost while the global average fell to $4.44M. • Using AI and automation across security saved ~$1.9M and cut breach lifecycles by 80 days. • Post-breach investment is slipping. Only 49% plan to increase security after a breach. Why this matters for Midwest and Main Street: ungoverned AI is creating easy, high-value targets in firms that already run lean. The fix isn’t a moonshot. It’s fundamentals applied to new tooling. Small businesses can implement this by: ✅Turning on least-privilege for AI systems and secrets (RBAC to models, data, prompts). ✅Discovering and approving AI usage to kill shadow AI, then auditing it monthly. ✅Training teams to spot AI-boosted phishing and deepfakes with real examples. ✅Putting AI to work in SecOps – detection, triage, playbooks – to speed response. ✅Measuring time-to-detect and time-to-contain weekly. What gets measured gets fixed. The results speak for themselves: governance plus automation lowers risk and cost. What’s the one AI control you’ll implement this quarter?

I’ve been following the research on how AI is reshaping gap analysis in compliance. Many CISOs and compliance leaders already know. Manual gap analysis is slow, costly, and often a major blocker for businesses trying to stay ahead of audits and regulations. As a virtual CISO, I saw this first hand. GRC work was always mission critical but also one of the biggest drains on time and budget. Every client I support struggles with the same thing. We all need clear and fast answers about where we stand against standards and regulations. Early evidence shows how much of a difference AI is making. Providers using AI in their compliance and vCISO practices are reporting a 68% workload reduction in tasks like assessments and reporting. That’s time CISOs can now put back into strategy, risk reduction, and security execution. Key stats: Manual processes take weeks, while AI can complete tasks in hours. - AI achieves up to 95% accuracy, compared to 60–70% with manual reviews. - Companies using AI report a 40% reduction in compliance incidents. That’s why we built Audit CADDIE at BLodgic. We want to take what was once a painful, drawn-out process and make it something that saves teams time, effort, and cost, while giving leaders more confidence in their compliance posture. The GRC field is moving quickly and it’s encouraging to see more voices showing how AI can make compliance smarter, faster, and more accessible. https://lnkd.in/ewqjC5ti

Some notes about AI Agents risks from an intimate fireside w/ the CISO of Anthropic, Jason Clinton, hosted by Team8, Noa Hen and a group of top CISOs. Plenty of strong convo's with CISOs in the room about the future of agents. Here are the big takeaways that stood out for me. Verticals in cyber that can win big: 1️⃣ SOAR & SOC Automation: Jason shared how they've built a fully automated Tier-1 SOC in weeks, freeing analysts to focus on higher-value engineering work. Likely Tier 2 down the road and higher tiers augmented w/ HILP. Very cool to see, aligns with the research we've shared recently! 2️⃣ App Sec & Supply Chain Security: It's likely we'll see more AI-driven vulnerability discovery is gaining major attention (DARPA is huge here). AppSec will see automated delta analysis checks against new deployments using MITRE to flag risks before launch, so we can expect an impact on CI/CD code review, where AI in the code pipeline will detect vulnerabilities before release. 3️⃣ IT & Compliance Automation: 90% of IT ticketing and security reviews are now automated, reducing repetitive workload. Some lessons for CISOs: ▪️ Big one is that adversary use of AI is escalating. Nation-state actors are already using AI offensively (e.g., leveraging Claude Code for malicious purposes). ▪️ The threat landscape is evolving faster than most defences are prepared for, especially now that AI has lowered the barrier to entry for attackers ▪️ Biggest risks with AI agents likely? Alignment & misbehaviour risks: Models can act in ways that diverge from company values (interesting if cyber solves this?) Opportunities for startups: 1️⃣ Agent Identity & risk: AI agents will accumulate excessive permissions over time (privilege creep). Like humans, AI agents will accumulate unnecessary access. We’ll need strict just-in-time identity controls. 2️⃣ Observability / Runtime SOC opps: Agents generate ~3x more logs than humans, requiring new approaches to SOC automation/behavioral analysis. One interesting idea i learned is around Agent-to-agent communication risks. There is a likelihood that cyber co's will need to solve issues around “Neuralese” where agents develop non-human-readable ways of communicating (Imagine AI models falsify logs or embed hidden messages in outputs, making oversight hard). 3️⃣ Detecting engineering needs to evolve. Whether SOC handles it, we'll see, but traditional SIEM/old detection pipelines will break under this volume. New detection techniques will be required (like token/word anomaly analysis or AI<>AI analysis. 4️⃣ Securing agent workflows: As enterprises deploy more agents (autonomous “employees”) with Slack/email accounts or agents attending meetings, securing multi-node agents will be critical. Interesting times indeed!! *** Thanks to Noa and the Team8 community for hosting, including Amir Zilberstein, Nick Aharoni, Ilan Oz, Kalman Heims. Looking forward to future collabs on research.

Not long ago, attackers needed a team, weeks of planning, and a lot of trial and error to breach a system. Today, a well-tuned AI model can orchestrate an attack end-to-end without a human hand to guide it. The fact that AI can advance on its own and operate much faster than a human makes protecting sensitive information and systems a more difficult problem. Difficult doesn’t mean impossible. At Equifax, we’ve already seen AI make a difference: • Automated and AI-driven detection slashing our mean-time-to-detect to under 60 seconds. • Automated anomaly hunting, lighting up blind spots for us in real time before they become breaches. • Red teams using LLMs to safely simulate adversaries and close gaps faster. Threat actors aren’t waiting to upskill on AI and neither should security teams. Here are 3 actions I recommend: • Build AI literacy across all security roles, not just data scientists. • Treat AI-powered adversaries as your baseline threat model, not a future risk. • Lean into partnerships. The AI security community is your force multiplier. As AI continues its rapid advancement, it's inevitable that both technology and attackers will evolve. Our focus must be on ensuring security teams outpace these evolving threats. 🛡️ #AI #Cybersecurity #Innovation #LLM #SecurityCommunity

𝐇𝐨𝐰 𝐀𝐈 𝐓𝐫𝐚𝐧𝐬𝐟𝐨𝐫𝐦𝐞𝐝 𝐌𝐲 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐞𝐚𝐦'𝐬 𝐂𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 The numbers tell the story: my team processes 600,000 security incidents yearly through automation. This work would require 200+ analysts using traditional methods. We do it with 6. This isn't about replacing security professionals—it's enabling them to scale impossibly. Our analysts evolved from alert responders to strategic defenders. They focus on threat hunting, engineering, and architecture instead of repetitive triage. We've implemented behavioral-based detection through CrowdStrike, SOAR platforms running 200+ playbooks, and AI-driven tools like DarkTrace and Abnormal. CrowdStrike just announced Charlotte Agentic SOAR—intelligent agents that "reason, decide, and act in real time." Omdia's research suggests autonomous SOC evolution may become standard within 1-2 years. But automation doesn't replace expertise—it's a force multiplier. I've restructured my team so junior staff spend 25% on operations and 75% on engineering and threat hunting. My long-term strategy: position security as an enabler of AI, not a blocker. As AI becomes ubiquitous, securing AI connections becomes a core responsibility. How are you leveraging AI in security operations? #ArtificialIntelligence #FutureOfWork