Cybersecurity has a speed problem
Cybersecurity has a speed problem
https://securitybrief.co.uk/story/cybersecurity-has-a-speed-problem
Publish Date: 2026-05-07 04:30:00
Source Domain: securitybrief.co.uk
When Anthropic unveiled Claude Mythos in April, the reaction across the cybersecurity industry was immediate. Boards demanded answers, tech leaders called urgent meetings, and a familiar narrative began to take hold: AI is changing the rules of cybersecurity.
But while this is partly true, it misses the real point. AI hasn’t changed the rules. It has simply sped up the game and exposed that the rules were already broken.
For years, cybersecurity operated on a relatively stable assumption. If attackers discovered a vulnerability, it would take time to exploit it, and defenders would have a window to respond. That window was never perfect, but it made the system workable.
That time is now gone. In 2018, the average time between discovering a vulnerability and exploiting it was measured in years. Today, it is measured in hours, so this isn’t a gradual shift, it’s a fundamental change in how cyber risk behaves.
What tools like Mythos show is not a leap in technical capability, but a breakthrough in execution. Vulnerabilities that have existed for decades can now be found and exploited almost instantly. The bottleneck is no longer discovery. It is deciding what to fix and doing it fast enough.
So, this is where the real challenge begins.
On the defensive side, organisations are increasingly overwhelmed. AI systems can surface huge volumes of vulnerabilities, but they are far less effective at identifying which ones are actually exploitable. Security teams are left with growing backlogs, trying to prioritise risk while the cost of delay continues to rise.
Attackers, meanwhile, face a much simpler problem. They do not need to fix anything. They only need one viable path. AI gives them the ability to test multiple options and select the most effective route at machine speed.
This imbalance sits at the heart of the issue.
It is also being reinforced by a deeper structural problem. Many organisations still manage cybersecurity as if time is on their…
