As the U.S. promises a light-touch approach to AI regulation, businesses and other stakeholders must work out the rules of the road for themselves.
The post Critics warn America’s ‘move fast’ AI strategy could cost it the global market appeared first on CyberScoop.
AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes.
Key takeawaysYou’ve probably heard about Claude Opus 4.6, the latest artificial intelligence (AI) model from Anthropic — and the 500 high-severity vulnerabilities it discovered in well-tested open source codebases.
The revelation about the new model’s vulnerability discovery prowess made a particularly big splash with an unlikely audience: not only developers, security analysts, and vulnerability researchers, but also with Wall Street investors — particularly those who cover the software sector. The news about Opus 4.6 signaled to them that AI was officially on the brink of radically transforming software development and security testing.
Indeed, Opus 4.6 represents an acceleration of a long-standing trend. Every year, the security industry introduces new tools that uncover more vulnerabilities more quickly. Combined with prior advances in AI-driven vulnerability discovery, including Google Project Zero, the Anthropic team has taken a major step forward, and we’re excited about the vulnerability discovery capabilities of Opus 4.6.
Finding more vulnerabilities faster is a necessary first step toward reducing cyber risk and shrinking the attack surface. Following discovery, the next steps require correlating the vulnerabilities with business, topology, and threat context to prioritize the ones that really matter. Without those critical post-discovery steps, organizations may not end up more secure. But their security, remediation, and DevSecOps teams will end up more overwhelmed.
To put a finer point on it: without context and accuracy, more is not better; it just creates noise.
AI needs to understand riskTwo vulnerabilities with identical CVSS scores can represent wildly different levels of risk depending on where and how they exist in an environment. Indeed, a vulnerability’s real-world risk depends on factors that sit far outside a code repository. Security teams need to consider things like:
Risk-based prioritization and orchestrated remediation are non-negotiables in the vulnerability management lifecycle. Models like Opus 4.6 can surface issues with incredible efficacy. Security teams will then need additional agentic systems to execute several critical functions: correlating and reasoning over relevant data and signals, including business impact, threat, and topology context, to translate them into actual risk and exposure AND help orchestrate remediation. Without those essential functions, AI is likely to generate more work for already overextended security, IT, and DevSecOps teams.
The opportunity: AI-driven exposure managementWhere AI becomes truly transformative is not only in finding vulnerabilities faster, but in understanding how threat actors could exploit them in the context of other security weaknesses, such as misconfigurations or excessive permissions, and the business risk those exposures create when combined. This is the promise of AI-driven exposure management: proactive context that powers prioritization and preemptive, orchestrated remediation.
As the pace of vulnerability discovery shoots up, it’s never been more important to have an AI-powered proactive security platform that:
There is no doubt AI has a central role in the future of cybersecurity. But investors should be wary of narratives that equate more findings with better security.
The winners in this next phase of AI transformation will be companies that not only discover more issues with AI, but that leverage AI with their vast datasets, combined knowledge, and high-fidelity context to eliminate friction and close the gap from finding to action — delivering clarity over chaos, prioritization over panic, and measurable risk reduction, at machine speed and across enterprise-scale environments.
Doing so creates a flywheel where more data from more sources, such as native and third-party scanners, sensors, threat intelligence, and vulnerability research, provides more context. And more context, along with human and agentic feedback loops, drives more accurate prioritization and remediation to reduce risk.
AI is raising the bar on what’s possible in cybersecurity. The question now is how we turn that potential into outcomes. That’s where real value will be created.
Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.
The post Fallout from latest Ivanti zero-days spreads to nearly 100 victims appeared first on CyberScoop.