AI has collapsed the cyber response window – resilience now begins before an attack



Submitted by Rubrik


Enterprise cybersecurity faces a major speed challenge. Frontier AI models now enable autonomous attacks that can progress from initial penetration to full system breach. Up to 27 seconds. This is faster than any human-driven security workflow can detect, escalate and respond to.

Consequently, security operations cannot assume that there is time for people to react between a breach and damage.

The security posture enterprises need for the AI ​​era is based on cyber resilience: continuously identifying clean recovery situations, mapping critical data and identity dependencies, and automating recovery so that operations can be restored in hours, not days.

"Anything based on process or human-in-the-loop intervention will no longer be able to execute at the speed of attacks." says Dev Rishi, CEO of AI at Rubrik. "If the attacks happen within 27 seconds, that means my healing should happen at the same rate."

Traditional detection and prevention fail against AI-driven attacks

The rules-based logic that has defined enterprise security for decades, such as static access controls, known signature detection, and deterministic behavior policies, have been developed for deterministic software. AI agents behave differently. They are non-deterministic, capable of achieving the same goal through many different paths, and can bypass static barriers by finding alternative paths when one is closed.

A deeper problem is that traditional security logic checks identity, permissions, and access and asks if each individual access is allowed. However, it cannot assess whether a sequence of permitted actions performed across multiple applications constitutes either a data leak, a destructive operation, or an attack.

"You need a system that can understand context," Rishi says. "You need to use artificial intelligence to look at what the agent is doing and say “what you’re doing may be at risk of leaking sensitive information abroad.”"

How AI agents are blurring the line between internal and external cyber threats

Enterprise security has historically maintained a meaningful distinction between external and internal threat vectors. External threats can be multidimensional, lightning-fast, and stem from a variety of vectors. Insider threats, on the other hand, have traditionally been limited to what a single human actor could do before detection, limited in speed, scope and scale, but this distinction is collapsing as AI agents operate in enterprise environments.

These agents have access to multiple systems simultaneously and move at a speed that no other worker can match. When an agent makes a mistake, such as a hallucination, misread instruction, or unexpected data transmission, the resulting damage can appear operationally identical to a malicious insider attack. When an external attacker compromises an internal agent, it inherits its full access profile on every connected application.

"Whether an agent is an internal threat due to a random error or not, you need runtime guards that apply your organization’s policies consistently across agents." Rishi says. "A practical answer is a local guardian layer in artificial intelligence that semantically tracks agent behavior, understands intent between actions, and can block or terminate a misbehaving agent at machine speed, then trigger immediate recovery."

It prepares for a world of inevitable compromises

Frontier AI models, including those capable of autonomously detecting and exploiting zero-day vulnerabilities, are changing the economics of attacks.

As a result, interest in Mythos preparation is increasing. Enterprises are increasingly operating under two assumptions: that attacks are inevitable, not exceptional, and that investment in resilience and rapid recovery must be approached strategically as an investment in prevention. The shift makes post-incident recovery a deliberately designed, tested, and continuously validated capability.

"The idea that you can quickly recover from an attack will become one of the most important aspects of security," Rishi says. "It is the insurance policy that organizations must now treat as a first-class citizen."

Why AI-powered cyber resilience depends on small models

True cyber resilience is a double-edged coin: it requires both intelligent real-time execution to stop threats in motion and automated recovery to immediately restore operations. While having backups is key, organizations need workflows that can continuously monitor systems at machine speed and instantly identify the latest clean state in the event of an attack.

Applying AI to the first half of that equation – applying it in real time – poses a fundamental technical and economic challenge. Relying on massive frontier models to monitor each agent’s activity introduces prohibitive latency costs and prohibitive computational costs. A custodial AI system that slows operations or costs as much as the systems it monitors is simply not suitable for widespread deployment.

“It should be a fast, small and cheap AI model,” Rishi said. “No one wants to sign up for a reliable solution that doubles their costs or latency.”

This is why small language models (SLM) are so important for real-time application. Rubrik’s approach, driven by its acquisition of Predibase, is to build this front-end defense layer on small models specifically optimized for speed and efficiency. Unlike heavy boundary models, SLMs can act as real-time checkpoints, semantically evaluating an agent’s behavior at machine speed and at a fraction of the cost.

This hyper-efficient execution layer enables a tighter, more seamless connection to recovery. When the system observes that an agent has taken a destructive action, such as deleting a database, corrupting a critical file, or extracting sensitive data, the tiny model immediately detects it, stops the damage, identifies the most recent clean image before the incident, and initiates recovery in a single, automated workflow.

Transition from event response to architectural sustainability

The broader impact of Mythos and similar border AI systems is a shift in how organizations think about security. As AI bridges the gap between attack and impact, resilience and recovery become architectural requirements rather than operational considerations.

According to Rubrik, security systems can no longer stand still while being detected. As AI agents gain more autonomy, observability, identity context, and recovery must act as a coordinated resilience layer. The goal is not simply to identify when something has gone wrong, but to shorten the gap between detection and recovery.

"The same thing that presents threats, the boundary capabilities of models like Mythos can also be used to help combat the threat." Rishi says. "Positioning yourself for the era of artificial intelligence means closing the gap between detecting when something has gone wrong and restoring affected systems before the cost of those gaps compounds."


Sponsored articles are content produced by a company that paid for the post or has a business relationship with VentureBeat and is always clearly marked. Contact for more information sales@venturebeat.com.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *