You make some compelling points but you seem to be glossing over the radical increase in velocity that Mythos and similar models bring to the age old activity of discovering 0days and exploiting them.
What used to take days and weeks now takes a handful of minutes. Or less.
Defenders often struggled when they had adversaries who were using off the shelf tools and driving their campaigns manually.
Once the open weight models catch up to what today’s frontier models can do the field will be more tilted than ever.
Many orgs can barely notice that something’s wrong before the adversary has come, done their business, and exfil’d.
Velocity asymmetry is the gap the fundamentals argument waves past. Same controls, same playbooks, but defender OODA loops haven't compressed the way attacker tooling just did. Catching ransomware in week two is a different sport from catching an exploit chain that finishes in minute three.
Fundamentals don’t just win—they fail silently when authorization is missing.
What this highlights for CISOs is the real gap isn’t visibility or detection, it’s enforcement. EnforceAuth addresses this by embedding real-time authorization directly into workflows, so misconfigurations, over-privileged access, and AI-driven actions are stopped at decision time—not discovered after the fact.
Most “operational discipline” failures are really authorization failures at scale. And as AI accelerates everything, polite AI ≠ secure AI—without deterministic policy enforcement, you’re just automating risk faster.
The 4.5x figure backs you up directly: over-privileged AI systems hit incidents at 4.5 times the rate of least-privilege ones, and it's the strongest single predictor of AI incidents, beating sophistication and monitoring maturity (https://thesynthesisai.substack.com/p/the-access-equation). Detection tells you what already happened. Scope decides whether it could happen at all.
You make some compelling points but you seem to be glossing over the radical increase in velocity that Mythos and similar models bring to the age old activity of discovering 0days and exploiting them.
What used to take days and weeks now takes a handful of minutes. Or less.
Defenders often struggled when they had adversaries who were using off the shelf tools and driving their campaigns manually.
Once the open weight models catch up to what today’s frontier models can do the field will be more tilted than ever.
Many orgs can barely notice that something’s wrong before the adversary has come, done their business, and exfil’d.
Velocity asymmetry is the gap the fundamentals argument waves past. Same controls, same playbooks, but defender OODA loops haven't compressed the way attacker tooling just did. Catching ransomware in week two is a different sport from catching an exploit chain that finishes in minute three.
Fundamentals don’t just win—they fail silently when authorization is missing.
What this highlights for CISOs is the real gap isn’t visibility or detection, it’s enforcement. EnforceAuth addresses this by embedding real-time authorization directly into workflows, so misconfigurations, over-privileged access, and AI-driven actions are stopped at decision time—not discovered after the fact.
Most “operational discipline” failures are really authorization failures at scale. And as AI accelerates everything, polite AI ≠ secure AI—without deterministic policy enforcement, you’re just automating risk faster.
The 4.5x figure backs you up directly: over-privileged AI systems hit incidents at 4.5 times the rate of least-privilege ones, and it's the strongest single predictor of AI incidents, beating sophistication and monitoring maturity (https://thesynthesisai.substack.com/p/the-access-equation). Detection tells you what already happened. Scope decides whether it could happen at all.
100%
The speed and ability to be nimble is more important now more than ever, but the fundamentals stay the same.