Bottom line: Agentic systems and large language models act contextually and unpredictably, making purely preventative approaches structurally insufficient.
While previous technology transitions created new security problems that were addressed with established methods, AI fundamentals differ: they undermine the predictability that traditional security programs presuppose.
Cybersecurity teams have worked for decades in environments with deterministic system behavior: applications executed processes consistently, infrastructure changed slowly enough to map dependencies. Even cloud transformation could be addressed with known security models. Artificial intelligence operates differently: agentic systems make decisions dynamically, large language models generate contextually different outputs, and AI systems increasingly interact with external tools and APIs in ways that developers cannot fully predict.
Classical security programs focused on hardening before deployment – identifying vulnerabilities early, reducing attack surface, restricting access. Cloud migration revealed the limits: security incidents do not occur in static architecture diagrams but at runtime, when permissions shift, APIs change behavior, or AI agents interact with systems no plan accounted for. Prevention measures remain central but are insufficient alone when risks continuously emerge during runtime.
Acceleration through AI-driven development intensifies the problem: a Harvard Business School study shows that developers using GitHub Copilot increased coding activity by 12.4 percent while time spent on project management fell by nearly 25 percent – at the expense of reviews and governance coordination. Simultaneously, attackers use AI to automate reconnaissance, exploit chaining, and vulnerability validation. Vulnerabilities long considered difficult to chain become operationalizable with AI-assisted automation.
CISOs must reassess their prioritization models: weaknesses previously exploitable only at high cost now fall under risk categories when attackers can approach them scalably with AI support. Security through obscurity is no longer a viable strategy.
Source: www.csoonline.com · Published June 18, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.