AI Has Disrupted Risk Management. That’s Why CISOs Transfer Budgets to BAS.

0 0 6 minutes read

AI Has Disrupted Risk Management. That’s Why CISOs Transfer Budgets to BAS.

For three decades, risk management operated in a buffer: the months between when a vulnerability was discovered and when someone could figure out how to exploit it. The solution was straightforward enough; determine the difficulty, plan to fix, confirm, and move on. The buffer is what makes that work.

Today, that database is gone.

The AI didn’t make your team slow. Change the other side of the equation, compressing detection-to-exploitation from months to hours. And the sad truth for defenders is that the process built for the breathing room cannot live without it.

AI Has Turned Risk Detection Into a Volume Game

In its May 2026 update, Anthropic reported that it and nearly 50 partners used A preview of the Claude Mythos detecting more than 10,000 high or critical vulnerabilities in system-critical software in one month.

The earlier figures were equally prominent.

Pointing to Firefox, the Mythos model has been digested and written 181 active dutiesversus just 2 for the previous frontier model. It has exposed vulnerabilities in every major OS and browser, including the An OpenBSD bug that had remained undetected for 27 years.

At the time of writing, more than 99% of his findings had not been published.

Figure 1. February 2026, FortiGate Campaign

AWS threat intelligence report from February 2026 shows the side: no zero days required, weak credentials, industrialized a custom MCP server that uses automatic attack tools. AWS has certified 600+ devices in 55+ countries; actor logs, according to independent researchers, listed 2,516 devices in 106 countries.

Either way, the rules have clearly changed. What once took extraordinary expertise now runs at the speed and scale of a machine.

Vulnerable Weapons Window Collapsed Again

Defenders used to have months between a CVE going public and its first confirmed exploit in the wild, a window known as time-to-exploit (TTE).

That window is now closed.

The Zero Day Clock puts the 2026 average at about 24 hours, down from ~53 days in 2024.

Figure 2. Mean time-to-exploit (TTE) by Zero Day Clock

The breach data agrees, too.

Verizon’s 2026 DBIR links 32% of first access strategies to vulnerability exploitation and expects that number to rise.because AI coding assistants are now building, porting the tool to a new language, and finding new bugs that attackers never found.

Figure 3. Productive AI-assisted strategies categorized as primary access methods by Verizon’s 2026 DBIR

Telling Crews to Pack Fast is Like Telling a Freighter to Brake on a Dime

The industry’s reflex response is to quickly amend. Regulators are codifying it: Many laws now target same-day repairs for certain risks. The boards are waiting for you. The management wants it.

But a fix is not a replacement. Papers are clear of retrospection, wait windows of change, need to wait for approval, and respect existing time and compliance obligations. Decreasing production to exceed exploitation ends up being a different cutoff.

And the data shows that everything is going in the wrong direction.

The Verizon 2026 DBIR tracked 13,000+ organizations:

Average repair time for known vulnerabilities: 43 daysup from 32 last year
Full text value: from 38% to 26%

If violations happen in hours and repairs happen in weeks, violations almost always happen in between.

And, with Verizon’s DBIR, even high performing organizations close only 30-40% of the known risk in the first week after acquisition: a rate that has not moved despite years of steady investment.

So, ordering teams to park faster doesn’t change the physics, and feels like ordering a cargo ship to brake on a dime.

The Bottle Moved. So Must Be The Strategy.

For two decades, risk management used a systematic set of assumptions:

Find mistakes,
Beat them hard,
Pick the worst first.

When several milestones were reached each quarter, the CVSS rating was applied. Unfortunately, it doesn’t get a chance to reveal thousands or thousands per day.

Going back to Verizon’s DBIR again, the median organization 16 known vulnerabilities had to be eliminated by 2025, up from 11 last yeara jump of almost 50%.

That was before AI-detected errors started flooding the catalog.

Severity scores, meanwhile, don’t tell you whether the bug is accessible to you, whether your controls are going to block it, or whether it’s tied to anything important. A difficulty list where everything is a “9” or “10” doesn’t really prioritize anything.

So the useful question ceases to be “what is at stake?” and it becomes “what exactly can be exploited about us right now: and can our defenses catch it if someone tries?”

This is exactly the question that Breach and Attack Simulation (BAS) is designed to answer.

Why BAS Is Becoming a Cornerstone Against AI-Powered Attacks

BAS takes real-world enemy tactics, post-campaign TTPs from the latest title, and runs them safely against your live interception and acquisition stack. It’s not a scanner. Not a theater map. A real-life exercise that shows what your tools will actually block, what they’ll detect, and what they’ll slide through.

In a world drowning in disclosure, that does three things that risk management alone cannot do. BAS:

It separates theory from reality. The shortcomings of your WAF, IPS, and EDR are already mitigating a very different problem than the one that goes straight in. BAS shows which is which, so teams stop treating every CVE as a five-alarm fire.
It verifies the controls you’ve already paid for. Most businesses operate anywhere from ten to seventy security tools with countless overlapping policies; The BAS measures whether it is firing as it is positioned and poses a residual threat lurking in the gaps.
It buys time to patch safely. Where you can prove that sensitive material is already covered by strict controls, the patch can go through normal change control instead of an emergency release. If it can’t be combined, you know how to reduce it first.

That payoff is starting to show in the budget: field reports increasingly point to CISOs maintaining BAS usage that isn’t a separate line item in the past year.

This is a change that Gartner now labels Adversarial Exposure Assurance: the effectiveness of integrated security (“Aare my controls working?”) in the business context (“What are the most important assets, and what is really attainable?”) prioritizing the reality of your organization instead of considering raw points.

Paired with automated penetration testing, which proves whether an attacker can be detected from their starting point to your organization’s crown jewels, BAS completes the picture.

The other side asks, “Wait, can they break us?” Another asks, “But will we catch it?”

Running together, BAS and autonomous pentesting replace guesswork with evidence.

BAS Should Run Independently At Machine Speed Also

There is a catch.

If the enemies work independently, the verification cycle that takes a person a week to complete does not work on arrival. Machine speed attacks require machine speed protectionand the thing ends quickly enough to resist the charge of independence is to defend independence.

A credible counterpoint to AI productivity in this is security. As Picus CTO Volkan Erturk warned, a model that was told to create an exploit could return a live sample of the malware, or reveal techniques the team had never used. You don’t want an untested binary bursting into production, or a defense built against an attack that doesn’t exist, or won’t happen.

You can watch it on demand here.

Picus’s fix is to put a model that controls integration, not creation.

Rather than asking AI to write payments, BAS of Picus’ agetic matches the new threat report against a selected, pre-tested library of ready-made test building blocks. The security team identifies the threat, and a the multi-agent system takes it from there: one agent identifies the threat and builds a research plan, others collect and verify intelligence from multiple sources, and the architect agent maps the adversarial TTP into attack chains ready for simulation.

The output is an accurate, ready-to-run simulation, put together in minutes.

This wraps the loop. A CISA warning or transferable subject becomes a scoped test, a stop score, a prioritized reduction, and an executive report, often in minutes, when people review different than driving, and slow down, every step.

This is what the Picus Platform is built for

Patching is still important, but where AI finds errors by the thousands and fixes them in hours, patching alone won’t be your whole strategy. If the offense is independent, the defense should work at least at the same speed, and that’s exactly what Picus is designed to do.

Threat-measured validation: verifying what your controls will stop, proving what’s usable, and spending time on maintenance and talent only when it will change the outcome. AI-powered, agent BAS is one of the core pillars of the Picus Platformit continuously checks if your defenses are blocking and detects what is important without waiting for someone to initiate a process or advance to the next cycle. And when a gap is revealed, the platform points to the seller’s specific reduction required, and doesn’t just create another ticket in the pile, then revalidates to make sure the gap is really closed.

The need to say, right away, that a new article puts the business at risk isn’t going away anytime soon. The Picus Platform provides security teams that respond before anyone asks.

Find out what the next article puts you at risk for, before it drops. Request a demo.

Note: This article was written by Sıla Özeren Hacıoğlu, Security Research Engineer at Picus Security.

Did you find this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read exclusive content we post.