The life of a cybersecurity executive has been transformed by a new class of artificial intelligence systems capable of sifting through vast amounts of software and surfacing weaknesses at speeds no human team can match. Sharda Tickoo, country manager for India and SAARC at TrendAI (formerly Trend Micro), has spent the past two weeks in constant communication with clients, partners, and stakeholders, addressing alarm, providing context, and charting a path forward. She notes that AI has now crossed a threshold where it can discover vulnerabilities at a level comparable to top human researchers, but at a speed and scale humans cannot match. This capability can be used for both defense and weaponization.
The Catalyst: Mythos AI Model
The catalyst for this collective anxiety is Mythos, a frontier AI model developed by Anthropic that has demonstrated a remarkable ability to surface zero-day vulnerabilities across major operating systems and web browsers. Its emergence has triggered crisis talks among regulators worldwide and accelerated a long-overdue reckoning within the industry. Diwakar Dayal, MD and area VP for India and SAARC at SentinelOne, has experienced every major technology wave of the past three decades, including the birth of the internet, the cloud era, and the mobile revolution. He is unequivocal that this wave is different, unfolding at an unprecedented pace. He emphasizes that responding to AI-driven attacks requires AI-driven defense, as traditional methods are no longer sufficient.
Shrinking Gap Between Discovery and Exploitation
For Dayal, the starkest illustration of this shift is the shrinking gap between vulnerability discovery and exploitation. Fifteen years ago, the gap was approximately two years, then it became months, and now it is hours. He argues that patching everything is no longer feasible, as that game is already lost. This compression has rendered traditional security practices inadequate at a structural level. The industry's backbone, the patch cycle, is struggling to keep pace. Tickoo notes that the backlog of unpatched vulnerabilities was already enormous before Mythos arrived. Enterprises are still struggling to patch n-minus-ten vulnerabilities, which are security flaws present in software versions ten releases behind the current version. Mythos has not created new vulnerabilities but has revealed what was already there, compressing the timeline of exploitation.
AI-Native Defense: The New Imperative
The industry's response is coalescing around a single principle: security must become AI-native, not merely AI-assisted. Tickoo emphasizes the distinction, noting that traditional tools were built for human-led detection, a model that no longer holds when AI can uncover thousands of vulnerabilities across systems. At TrendAI, this means integrating Claude models directly into its platform to drive what she calls agentic autonomous security operations, systems that learn continuously, prioritize intelligently, and act without waiting for human instruction. The company's Zero Day Initiative program, a researcher-driven effort to surface vulnerabilities, is also being made more automatic and agentic. Dayal echoes this at SentinelOne, where the endpoint security platform operates in real time, detecting and containing threats at machine speed regardless of whether a patch exists. He states that traditional methods make this impossible.
Virtual Patching as a Critical Stopgap
For the time being, practices like virtual patching, which places a protective wrapper around a known vulnerability to block exploitation without requiring a restart or downtime, have become a critical stopgap. Tickoo explains that while virtual patching has always existed, it is now becoming non-negotiable. Patching everything requires downtime, so virtual patching acts as a compensating control. Technically, the vulnerability remains inside the asset, but any attempt to exploit it is blocked. Satykam Acharya, co-founder and director of offensive practices at Infopercept, argues that the real challenge is not simply discovery but prioritization. Most breaches are not caused by complex zero-days but by misconfigurations, weak identity controls, or exposed credentials. In many cases, attackers are no longer hacking in but simply logging in. His firm focuses on helping clients determine which vulnerabilities are actually exploitable, which create real business risk, and what to fix first.
Industry Leaders Weigh In
Philippa Cogswell, managing partner for JAPAC at Palo Alto Networks Unit 42, describes the present moment as a definitive inflection point. Palo Alto's own tests with Mythos showed that the AI system completed a year's worth of penetration testing in under three weeks. Defending against an attacker who can do in minutes what a team does in weeks requires a completely different approach. This is driving a move toward platformization, where security data is consolidated so AI can detect, prioritize, and respond to threats in real time. Balaji Rao, Area VP for India and SAARC at Commvault, says detection and prevention remain essential but are no longer enough when attack chains can move at machine speed. Commvault, which specializes in data protection and cyber recovery, has adopted a ResOps approach, where recovery systems are continuously validated rather than periodically reviewed. Sunil Gupta, co-founder and CEO of QNu Labs, takes an unsparing view, calling Mythos not a warning but a verdict on the past decade of cybersecurity complacency. He advocates for quantum-safe architectures as the only route beyond what he calls a continuous, expensive, losing cycle of patching.
Job Opportunities Galore
Despite the turbulence, there is striking optimism: this is an extraordinary moment to build a career in cybersecurity. Dayal states that if anyone is looking for a career, the future is in cyber, as the industry can absorb many more people. However, the bar has risen sharply. The next generation of professionals will need fluency not just in networks and systems but in AI infrastructure, model security, prompt injection attacks, and the architecture of agentic systems. Basic knowledge is no longer sufficient; deeper understanding of complexity is required. Tickoo agrees that the field will become more specialized, with significant reskilling needed from a cybersecurity standpoint.
