Cybersecurity
AI Democratizes Security, and That's Why Zero Trust Stops Being Optional
The cybersecurity talent shortage is so chronic it has become a cliché in CISO conversations. (ISC)² estimates a global gap of roughly 4 million professionals, and the number grows every year, not shrinks. AI does not solve this problem the way most of the market sells it. It does not solve it by hiring more people. It solves it by changing what each person needs to know.
The Constraint the Industry Carried for Two Decades
For twenty years, the security industry operated under a simple structural constraint: defending infrastructure required hiring people who mastered each specific tool in use. Not the risk the tool mitigated, the tool itself. An organization running Akamai needed staff with Akamai skills. A company using Palo Alto needed Palo Alto specialists. SOC teams were built around the combination of installed vendors, not around the risk architecture they were meant to defend.
The result was predictable. Skills became more specialized, the labor market tightened, salaries went up. And most organizations, particularly those outside major tech hubs, fell behind. The 2024 DBIR shows that 68% of breaches involve the human element, in large part because undersized teams cannot keep up with the volume of signals they need to triage. Small and mid-size enterprises operated with an “IT guy” picking up security duties without the qualification to handle them. IBM’s annual Cost of a Data Breach Report puts the global average at USD 4.88 million in 2024. Much of that cost is concentrated in organizations that could never assemble a defensive team at the required level.
AI Decomposes the Constraint Into Two Layers
What AI does now is split what was historically a single bundle of skills into two independent layers.
Layer 1: risk judgment. Understanding which threats the business faces, which mitigations exist, what the organization’s risk appetite is, and how to translate all of that into investment priorities. This is senior judgment. It does not automate. And it is precisely where the CISO role becomes more critical, not less: a model capable of making both offensive and defensive decisions autonomously can, if let loose without judgment, shut down services “to protect data” and cost the operation more than the attack it was meant to mitigate. Risk appetite is a business call, and that stays human.
Layer 2: operational execution. Navigating dashboards, orchestrating tools, parsing logs, writing detection queries, building automation pipelines, maintaining configuration hygiene. This is procedural work, and it is exactly where AI performs well.
Historically, the two layers were fused. Organizations only hired people who mastered both, and the bottleneck described above was the outcome. The layers are now separable. A senior CISO with fifteen years of risk-judgment experience can build sophisticated detection, cross-system correlation dashboards, and response pipelines, using AI to handle the operational work without needing to write code across five languages or master every specific tool in the stack. I speak from practice: tools like Claude Code now let me build automation and dashboards that, five years ago, would have required three dedicated engineers.
This is not a projection. It is happening today, in small and mid-size organizations that, five years ago, simply had no path to that level of defensive sophistication.
The Paradox: The Attacker Has Been Democratized Too, With an Asterisk
Here is the point vendor messaging tends to avoid. If defense became more accessible to the small player, so did attack. And not because offensive AI has become more sophisticated (though it has). The key point is that the implicit advantage SMBs enjoyed, of being too insignificant to register on the radar of specialized attackers, is gone.
The asterisk matters, though. Frontier models such as Anthropic’s Mythos and OpenAI’s GPT-5.5-cyber are still in restricted preview, available to a small, carefully selected set of organizations. Anyone signing up for a standard account on those platforms and trying to weaponize them spends most of their time jailbreaking aligned models that refuse to operate against third-party targets. To run real offensive work at scale, without friction, requires an uncensored model, the kind you download from Hugging Face and run locally. And this is where the barrier few commentators mention comes in: running those models requires serious hardware. In Brazil today, an RTX 5090 with 32 GB (the baseline card for productive inference of a quantized 70-billion-parameter model) sells for somewhere between R$26,000 and R$30,000 at a legitimate retailer. To run larger models, or several models in parallel, the setup turns into a proper workstation: two of those cards, a HEDT platform with PCIe 5.0, a Threadripper-class or Xeon processor, 128 to 256 GB of RAM, a 1,600 W power supply, fast NVMe storage. The total clears R$100,000 without difficulty. This is not a garage-grade setup.
The practical outcome is that nation-state attackers and major criminal syndicates already had equivalent capabilities. What changes is the middle tier: the professional offensive operator who can now equip themselves with something close to what was previously available only to intelligence apparatuses. And that tier’s preferred vector is precisely the one that requires the least hardware investment: the software supply chain.
I speak from direct experience. I recently automated the booking of my own work trips. The manual process consumed two to three hours per trip, spread across several days because of time zones. A simple agent, running locally, now chats with me by message, accesses the corporate travel portal, retrieves the six-digit code from my inbox, picks flights, submits the approval request to my manager in Singapore, monitors the inbox for the approval, and closes the booking. It works very well. To make the QR Code integration work, I had to install six or seven npm packages. That is the point: no one had to exploit a firewall of mine. I brought potential vulnerability inside the environment myself. It is exactly the same gesture any developer performs dozens of times a week, integrating versioned libraries, automating deployments, connecting MCPs to corporate services. The direct entry point into the corporate network today does not need to cross any firewall.
The traditional perimeter has been dead for years thanks to cloud and remote work. What has changed now is that nothing crossing the boundary can be trusted, and trustworthiness can no longer be inferred from location. “Being inside” has stopped meaning anything.
Patch No Longer Scales. “Prioritize Critical” Is Obsolete
For two decades, the standard advice for security leadership was simple: prioritize critical vulnerabilities. CVE with CVSS 10 first, high after, medium when possible, low never. That heuristic worked while the volume was humanly tractable and while attackers respected the same hierarchy.
Both premises have collapsed.
Volume. The NIST backlog (the organization that officially catalogs reported vulnerabilities) currently sits at roughly 29,000 CVEs awaiting analysis and severity classification. The 2025 estimate is 59,000 new vulnerabilities cataloged in a single year, more than double the ~25,000 of 2023. The capacity of a human team to triage, prioritize, and patch has stopped keeping up. No defensive team on the planet scales 130% in a year.
The scale of the problem gained concrete data in May 2026. Project Glasswing, an Anthropic initiative with approximately 50 partners running Mythos Preview at production scale, identified more than 10,000 high- or critical-severity vulnerabilities in a single month. Among them, 6,202 in open-source projects alone, scanning over a thousand repositories. Validity rate: 90.6%. Mozilla found 271 vulnerabilities in Firefox, more than ten times what the manual process had previously produced. Cloudflare identified 2,000 bugs with minimal false positives.
What Anthropic wrote in the report is what a CISO needs to underline: “finding vulnerabilities is vastly more straightforward… patching remains constrained by human capacity.” The acceleration is on the discovery side, not the remediation side. The backlog that previously grew because CVE volume outpaced triage capacity now also grows because AI-assisted discovery exceeds remediation capacity by orders of magnitude. The window between “found” and “fixed” is widening, not narrowing.
Velocity. When a vulnerability becomes an exploit, this has changed too. CISA, in collaboration with the Zero Day Initiative, now reports that roughly 68% of exploits are published on the same day the vulnerability is disclosed. In 2018, that gap was measured in months. Today, it is measured in hours. Yesterday’s SonicWall CVE was already being chained with two other CVEs before any organization had a chance to apply the corresponding patch.
Chaining. Mythos, Anthropic’s frontier model focused on offensive security, demonstrated another important qualitative shift according to Anthropic’s own security engineering team: the model chains multiple medium-severity vulnerabilities to reach objectives that would be considered non-critical individually. Four or five CVEs with CVSS 5-6, articulated in sequence, produce a complete path to corporate-network persistence. The “prioritize critical” rule assumed medium vulnerabilities could wait. They cannot anymore.
The combination of these three shifts dismantles the severity-based vulnerability management model. It is not that it became “less effective.” It assumed conditions that no longer exist.
Zero Trust as a Structural Response, Not as a Product
I have been talking about Zero Trust since 2014, when the first deployments at Akamai showed how unprepared the market still was for the idea. For an organization back then, segmenting your own internal network was counterintuitive. The threat was seen as something coming from outside the building, from the other side of the edge firewall. Twelve years later, that view is untenable, but implementation maturity is still uneven.
Zero Trust is not a product. It is an operational model. And it changes significantly once AI democratizes the technical capacity to implement it, because real microsegmentation can now be operated without a team of three hundred people.
The right question stops being “how do I defend my perimeter?” and becomes: if someone compromises any service inside the network (any service), how far can that access propagate from there? The correct answer, and the only one that supports modern operation, is: nowhere.
And that answer needs to be automatic, because human response time has stopped being viable. CrowdStrike’s Global Threat Report has been measuring breakout time every year: the gap between initial compromise of a host and the attacker’s first lateral movement. The series from the last four reports is unambiguous:
| Report | Data from | Average | Fastest observed |
|---|---|---|---|
| GTR 2023 | 2022 | 84 min | n/a |
| GTR 2024 | 2023 | 62 min | 2 min 7 s |
| GTR 2025 | 2024 | 48 min | 51 s |
| GTR 2026 | 2025 | 29 min | 27 s |
In three years, average response time has fallen 65%. The record has dropped from two minutes to twenty-seven seconds. Twenty-seven seconds is not a window for a human analyst to evaluate, decide, and act. It is a window for previously configured automation. Microsegmentation that verifies, alerts, and denies by default stops being optional sophistication and becomes the only mechanism capable of responding at the right speed.
This is built with structural microsegmentation. Not network segmentation that has fallen victim to exception creep, the kind that started with three well-defined zones and now has one hundred and twenty open exceptions that no one audits. Real microsegmentation means each service can only communicate with exactly the systems it depends on, and nothing else. Every connection is verified. Every behavior outside the observed baseline raises a signal, and the default is deny.
Implementing this model has historically required investment that only large banks and telecom operators could justify. Today, with AI absorbing much of the technical work of configuration, correlation, and continuous refinement, the model is within reach of organizations that, five years ago, heard about Zero Trust as an aspirational concept.
What Security Leadership Needs to Do
The transition to this new operational model is not a twelve-month project with a finish line. It is continuous reconfiguration. A few immediate actions separate the organizations that adapt from the ones that absorb damage:
- Invert the default architecture question. Instead of “how do I protect this perimeter?”, design from “if this service is compromised, what is the blast radius?”. Every downstream decision changes.
- Treat third-party dependencies as direct entry points. Library inventory, SBOM, monitoring of compromised packages: as critical as edge patching. Applies to traditional development and to integration of local agents and MCPs.
- Abandon severity-only prioritization. Medium-severity CVEs chained in sequence produce the same outcome as an isolated critical CVE. The new metric is aggregate exposure, not individual severity.
- Use AI for operational scale, not as a substitute for judgment. Detection, correlation, first-tier response automation: yes. Risk appetite and prioritization decisions: no.
- Establish granular segmentation before modernizing identity. Strong identity on a flat network is still a flat network. Microsegmentation first, integrated identity second.
- For the board, translate Zero Trust as blast-radius reduction, not as a technical project. The metric that matters is how much time and how much damage an initial compromise can produce, now measured in seconds, not hours.
Final Thoughts
The board has shifted in two successive moves. First, AI democratized the technical capacity for defense. Organizations that historically could not build operational sophistication now have access to it. Second, and as a direct consequence, every organization is now a viable target, because the marginal cost of reconnaissance and initial exploitation has fallen in the same proportion.
For the tier that has suffered most from this asymmetry, law firms, mid-sized manufacturers, regional distributors, the entire fabric of the economy operating with an “IT guy” and no formal security structure, the reading is, for once, positive. For the first time in two decades, these organizations have a viable path out of easy-target status. They will not build a bank-grade SOC. They do not need to. What they need is to establish the right structural baseline (Zero Trust with real microsegmentation) and use AI to operate that baseline with the lean team they already have. That path did not exist five years ago.
The only way to compete in this landscape is structural. Zero Trust stops being an option for those with unlimited budgets and becomes the baseline that separates “can contain a breach when it happens” from “will spend a week in crisis mode when it happens.” The good news is that AI makes that baseline operationally viable, including for organizations that never had access to it. The bad news is that, for exactly the same reason, not doing it is no longer a defensible choice.