AI has collapsed the cyber response window — resilience now starts before the attack

VentureBeat
Published
0
0
AI has collapsed the cyber response window — resilience now starts before the attack
Read the full story at VentureBeatOriginal

Presented by Rubrik


Enterprise cybersecurity is facing a fundamental speed problem. Frontier AI models are now enabling autonomous attacks that can move from initial access to full system breakout in as little as 27 seconds. That’s faster than any human-operated security workflow can detect, escalate, and respond.

As a result, security operations can no longer assume there is time for humans to respond between breach and damage.

The security posture that enterprises need for the AI era centers on cyber resilience: continuously identifying clean recovery states, mapping critical data and identity dependencies, and automating restoration so that operations can recover in hours not days.

"Everything that relied on process or human-in-the-loop intervention is no longer going to be able to execute at the speed of the attacks," says Dev Rishi, GM of AI at Rubrik. "If the attacks are happening in 27 seconds, it means I need my recovery to happen just as quickly."

Traditional detection and prevention are failing against AI-driven attacks

The rules-based logic that has defined enterprise security for decades, such as static access controls, known signature detection and deterministic behavioral policies, was engineered for deterministic software. AI agents behave differently. They're non-deterministic, capable of pursuing the same objective through many different paths, and increasingly capable of circumventing static guardrails by finding alternative routes when one is blocked.

The deeper problem is that conventional security logic checks identity, permissions, and access, and asks whether each individual access is permitted. But it can’t evaluate whether a sequence of permitted actions, taken across multiple applications, constitutes either a data leak, a destructive operation, or an attack.

"You need a system that can understand context," Rishi says. "You need to use AI to look at what an agent is doing and say, ‘it looks like what you're doing might be a risk of leaking sensitive data externally.’"

How AI agents are blurring the line between internal and external cyber threats

Enterprise security has historically maintained a meaningful distinction between external and internal threat vectors. External threats can be multidimensional, lightning fast, and come from a variety of vectors. On the other hand, internal threats were traditionally bounded by what a single human actor could accomplish before detection, constrained in speed, scope, and scale, but that distinction is falling apart as AI agents operate inside enterprise environments.

These agents have access to multiple systems simultaneously and move at speeds no human employee can match. When an agent makes a mistake, such as a hallucination, misread instruction, or an unintended data transfer, the resulting damage can look operationally identical to a malicious insider attack. And when an external attacker compromises an internal agent, they inherit its full access profile across every connected application.

"Whether or not the agent is an internal threat because of an inadvertent mistake or because it's been maliciously compromised, you need runtime guardrails that enforce your organizations policies consistently across agents," Rishi says. "The practical answer is an AI-native guardian layer that monitors agent behavior semantically, understands intent across actions, and can block or terminate a misbehaving agent at machine speed, then trigger recovery immediately."

Preparing for a world of inevitable compromise

Frontier AI models, including those capable of discovering and operationalizing zero-day vulnerabilities autonomously, are changing the economics of attacks.

As a result, interest in Mythos readiness is growing. Enterprises are increasingly operating under two assumptions: that attacks are inevitable, not exceptional, and that investment in resilience and rapid recovery must be treated as strategically as investment in prevention has been. The shift reframes recovery from a post-incident activity into a capability that is deliberately designed, tested, and continuously validated.

"The idea that you can recover quickly from an attack is going to become one of the most important facets of security," Rishi says. "It's the insurance policy that organizations now have to treat as a first-class citizen."

Why AI-powered cyber resilience depends on small models

True cyber resilience is a two-sided coin: it demands both real-time intelligent enforcement to intercept threats in motion, and automated recovery to restore operations immediately. While having backups is a baseline, organizations need workflows that can continuously monitor systems at machine speed, and instantly determine the most recent clean state under attack conditions.

Applying AI to the first half of that equation—real-time enforcement—creates a fundamental technical and economic challenge. Relying on massive frontier models to monitor every agent action introduces crippling latency overhead and exorbitant computing costs. A guardian AI system that slows down operations or costs as much as the systems it monitors is simply not viable for widespread adoption.

“It has to be a fast, small, and cheap AI model,” Rishi says. “No one wants to sign up for a secure solution that doubles their cost or latency.”

This is why small language models (SLMs) are critical for real-time enforcement. Rubrik’s approach, anchored by its acquisition of Predibase, is to build this frontline defense layer on small models optimized specifically for speed and efficiency. Unlike heavy frontier models, SLMs can semantically evaluate agent behavior at machine speed and at a fraction of the cost, acting as a real-time checkpoint.

That hyper-efficient enforcement layer is what enables a tighter, seamless connection to recovery. When the system observes an agent taking a destructive action—such as deleting a database, corrupting a critical file, or exfiltrating sensitive data—the small model detects it immediately, halts the damage, identifies the most recent clean snapshot from before the incident, and initiates recovery in a single, automated workflow.

The shift from incident response to architectural resilience

The broader implication of Mythos and similar frontier AI systems is a shift in how organizations think about security. As AI compresses the gap between attack and impact, resilience and recovery become architectural requirements rather than operational considerations.

Rubrik’s view is that security systems can no longer stop at detection. As AI agents gain greater autonomy, observability, identity context, and recovery must operate as a coordinated resilience layer. The goal is not simply to identify when something has gone wrong, but to shorten the gap between detection and restoration.

"The same thing that's introducing the threats, the frontier capabilities of models like Mythos, can also be used to help us combat the threat," Rishi says. "Positioning yourself for the AI era means closing the gap between detecting that something has gone wrong and restoring the systems that were affected, before the cost of that gap compounds."


Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact [email protected].

Related Markets

All Markets
View full chart →
View Full Chart
View full chart →
View Full Chart

Market data may be delayed. Not financial advice.

Reader Reactions
Reading the article

💡 AI analysis provides alternative perspectives on current events

Support Alto & Gab

Alto is funded entirely by readers like you. Your donation helps us continue delivering curated news from a right-wing Christian Nationalist perspective, powered by Gab AI.

Gab Shop

Support free speech with official merchandise

View All Products

Install Alto on Your Phone

Add Alto to your home screen for quick access to breaking news — no app store required.

iPhone & iPad

Using Safari Browser

1

Open alto.gab.com in Safari

alto.gab.com
2

Tap the Share button

at the bottom of Safari
3

Tap "More"

More
4

Scroll and tap "Add to Home Screen"

Add to Home Screen

Tap "Add" to confirm

Alto will appear on your home screen like any other app!

Android

Using Chrome Browser

1

Open alto.gab.com in Chrome

alto.gab.com
2

Tap the menu button

three dots in top right
3

Tap "Add to Home screen"

Add to Home screen

Tap "Add" to confirm

Alto will appear on your home screen like any other app!
gab

Speak Freely

Join millions on the original and only true free speech social network.

What Makes Gab Different

We're not just another social network. We're a platform built on principles that matter.

Freedom of Speech & Reach

All First Amendment protected speech is welcome. No algorithmic throttling or shadow banning.

Family-Friendly Platform

We maintain a clean environment. Explicit adult content is strictly prohibited.

Western Nations Only

Third-world IPs are blocked. No scammers, no spam farms. Built for Western civilization.

Funded By Users

Our users are our investors and customers. You're not the product being sold.

Battle Tested

A decade of standing strong. Banned from app stores, banks—and still here.

American Owned & Operated

We reject foreign censorship demands. Built by Americans, for free people.