How to Respond to Frontier AI Models: A Deloitte Cyber Leader Weighs In
Security teams have always raced against the clock. For most of cybersecurity’s history, that clock moved slowly enough to manage.
Attackers needed time to find vulnerabilities and build exploits. The window between discovery and exploitation was measured in days or weeks — often long enough for a patch to clear a change board.
That window has collapsed.
Frontier AI models can now discover vulnerabilities, chain them together, and generate exploits in seconds. That includes vulnerabilities in legacy systems that haven't seen a patch in decades. The speed of exploitation has hit record levels.
We sat down with Andrew Rafla, principal at Deloitte & Touche LLP and a Zero Trust leader within its Cyber Risk practice, to understand what this shift means for enterprise security programs and what separates the teams responding well from those that aren't.
Why offensive AI models are a major shift
Most cybersecurity threats have evolved at a pace teams can track. A new attack technique emerges, and the security community analyzes it. Vendors release signatures, and defenders respond.
Offensive AI frontier models break that cycle.
These systems find unknown vulnerabilities at scale and can chain them into working exploits. That includes aging infrastructure nobody has patched in decades.
The most sophisticated models have been tightly restricted because of those offensive capabilities. But restrictions won’t hold forever and open-source copycats already exist.
Deloitte clients are already asking how to get their hands on these models to scan their own environments before adversaries do. Andrew thinks that instinct is right. The window between “this capability exists” and “it’s being used against you” is shorter than any prior threat cycle in enterprise security history.
The broader risk is that even defensive AI vulnerability tools could eventually be weaponized. The time to implement compensating controls for the expanded attack surface is now.
The vulnerability management paradigm has to change
For decades, vulnerability management followed a predictable sequence. Security teams scanned their environments, triaged the results, prioritized findings, tested fixes, cleared the change board, and patched vulnerable systems. The cycle repeated every quarter, sometimes every month.
That process was always slow, but now it’s untenable.
As Andrew explained, “Historical, fairly manual processes for vulnerability management — everything from identification to remediation — just won’t work in the new model, with the speed at which vulnerabilities are able to be detected and associated exploits created.”
The paradigm shift security leaders need to make is to merge vulnerability and exploit management as rapid response and containment operation. It can no longer be primarily a detection and documentation exercise.
Andrew shared three concrete changes in how Continuous Threat Exposure Management (CTEM) programs should be structured:
- Prioritization should be ruthless and automated. You can’t patch everything fast enough. Teams that weather this moment will be the ones that can quickly identify which vulnerabilities in their environment are most exposed, most critical, and most likely to be exploited — and focus resources there. Manual prioritization processes built for quarterly patch cycles won’t survive contact with AI-driven exploit generation.
- Remediation timelines need to compress dramatically. That means rethinking change management processes and streamlining approvals for security-critical patches. Some teams are creating centralized project management office (PMO) functions to accelerate this coordination.
- Compensating controls need to become a first-class part of the vulnerability response. There will always be vulnerabilities you can’t patch, including legacy systems, critical applications that can’t have downtime, and software packages decades old with no vendor support. For those, your strategy has to shift from remediation to containment.
Compensating controls: the most effective defense you’re probably underusing
When Andrew talked about what Deloitte is recommending to clients right now, compensating controls topped the list, specifically microsegmentation.
“Organizations with segmentation capabilities, where policies can be created and deployed rapidly for assets known to be vulnerable, should be better able to reduce the blast radius of lateral movement risk,” Andrew said.
Microsegmentation has been a Zero Trust cornerstone for years. The threat environment created by frontier AI models gives it new urgency and a more specific application.
When a vulnerable legacy system has no patch, the question shifts. Fixing the vulnerability is no longer the priority; reducing exploit exposure through compensating controls becomes paramount.
Microsegmentation makes that second question answerable. These controls can turn a potentially catastrophic breach into a contained incident by:
- Ringfencing vulnerable and critical assets
- Creating tag-based policies that flag known vulnerable systems and restrict their network communication
- Limit what those assets can reach and reduce the use of risky network ports and protocols
Speed is the key operational requirement. If it takes weeks to build and push a segmentation policy to a newly identified vulnerable asset, you’ve missed the window.
Teams that can navigate this effectively should be able to move from identifying a vulnerable asset to ringfencing it in minutes.
Visibility is table stakes, and most teams don’t have enough of it
The second capability Andrew flagged as critical is real-time east-west visibility. Most teams are far behind where they need to be.
“Most organizations still have legacy flat networks with very limited ability to identify and inspect east-west traffic,” Andrew said. “They’re still looking at perimeter firewalls as the choke point where they can see what's going in and out of their network.”
In the AI threat era, that blind spot is dangerous.
An offensive AI model exploits vulnerabilities, moves through a network, chains attacks together, and turns compromised assets into launchpads for the next strike.
Traditional security was built around north-south visibility, which is traffic that enters and exits the perimeter. But threat actors who successfully execute a breach accelerate their attacks by moving laterally until they reach the organization’s crown jewels. The east-west traffic where they hop between workloads and systems is where the real damage happens.
Security teams need visibility of east-west traffic in real time, to spot anomalous or potentially malicious patterns, and act fast.
Andrew recommended moving beyond EDR-centric models, which focus on individual hosts. An added benefit of microsegmentation solutions is their ability to enhance visibility of network traffic across the enterprise environment, including east-west traffic and within cloud environments. They also act as a critical control point that can isolate entire regions, data centers, or application clusters when suspicious patterns emerge.
Speed matters. Triaging asset by asset to contain a spreading threat under AI-assisted attack conditions is not a viable strategy; this is where scalable microsegmentation solutions are able to shine
How to defend against AI models you don’t fully understand yet
Offensive cyber frontier models haven’t fully exhibited their capabilities. Most teams don’t have direct access to test against their own environments.
So what’s a practical path forward?
Here’s Andrew’s advice:
- Take stock first. Get the right people at the table, including cybersecurity, risk, compliance, and operations teams. Don’t wait for perfect information to start taking action.
- Engage your technology vendors. The software bill of materials (SBOM) question is now urgent. Do you know what components are running in your environment? Do your Software-as-a-Service (SaaS) vendors? Third-party risk management in the AI era means asking vendors hard questions about their own vulnerability exposure and what they’re doing about it.
- Look hard at your control environment. Are you fully using the security tools you already have? Many organizations have compensating controls, such as segmentation or policy-based isolation, that sit underdeployed. Use what you have, quickly and deliberately, before buying something new.
- Native integrations matter. Do the technologies in your ecosystem provide native integration? Shifting from a defensive to proactive security posture where controls can be orchestrated in real-time through a fully integrated ecosystem helps reduce risk and streamline operations. Integrated technology and security controls that play nice together is key to identifying and responding to AI-driven threats.
- Think about the agentic future. Leading teams are building frameworks where AI agents discover, prioritize, and remediate vulnerabilities in a coordinated workflow. That’s the operating model that matches the speed of the threat while sustaining human-in-the-loop checks and balances.
Waiting to react to frontier AI models is a risky strategy
Offensive AI frontier models represent a step change in cyber threats.
The vulnerability management approach most teams have relied on for two decades was already under strain. Expanding attack surfaces, cloud complexity, and legacy debt had pushed it to the limit. But AI-assisted exploit generation makes it virtually obsolete.
Teams that navigate this well will take the new AI threat seriously, act without waiting for perfect clarity, build compensating controls around their most exposed assets, and turn vulnerability management into a rapid response operation.
This is the new operating environment. Security leaders who treat offensive AI as a temporary disruption may find themselves exposed to attacks and to the regulatory, risk, and board accountability that follows when those attacks succeed.
The window to act ahead of adversary exploitation is open now. It will not stay open.
For a deeper look at what frontier AI means for the security model as a whole, read Illumio CEO and founder Andrew Rubin’s take.

.webp)



