The 90-day patch cycle was never perfect. But it worked because the window between a vulnerability being disclosed and an attacker building a working exploit was sufficient time for most organizations to respond. Frontier AI models like Anthropic's Mythos have closed that window. Now we're talking hours. Possibly minutes.
That's not a headline. That's the operating reality two of Insight's CISOs are already building security programs around.
In this episode, Jeremy Nelson explains how frontier AI models don't just find vulnerabilities; they build the exploit in the same process. He walks through the risk tolerance slider bar, a framework for understanding why the old patch cycle used to make sense but no longer does. And he shares the five questions every security leader should be able to answer right now (the same ones your CEO and board are about to start asking).
Jason Rader picks up where Jeremy leaves off. He's been having CISO-to-CISO conversations with clients who want to know how Insight is handling this. Why? Not because everything is going smoothly, but because the honest account of what's working and what's not is more useful than a polished pitch. His answer to mid-market organizations facing the same threat surface as Fortune 500 companies — with fractions of the resources — is direct: Leave behind security operations that aren't core to what you do and get visibility over everything else.
Jeremy and Jason are operating with Insight as client zero, meaning Insight's own environment is where tools and programs are being proven before they're offered to anyone else.
Get Insight's Managed Exposure Defense because it's the same program built and battle-tested on Insight's own infrastructure — and it's available to organizations from one seat up: https://www.insight.com/en_US/what-we-do/expertise/managed-exposure-defense.html
Also worth your time: The CISO Mythos Readiness Checklist: https://www.insight.com/en_US/content-and-resources/guide/the-ciso-mythos-readiness-checklist.html 5 Questions Every CISO Will Be Asked About Mythos: https://www.insight.com/en_US/content-and-resources/blog/5-questions-every-ciso-will-be-asked-about-mythos-and-how-to-answer-them.html Don't Hit Later on That Update Notification: https://www.insight.com/en_US/content-and-resources/article/dont-hit-later-on-that-update-notification.html
Subscribe to Insight On for more conversations with the practitioners shaping enterprise technology strategy.
#FrontierAI #Cybersecurity #CISO
Chapters
• 00:00 — Welcome and episode overview
• 00:37 — Why the weaponization window has collapsed
• 03:54 — How frontier AI models discover and create exploits
• 08:18 — What to do when the threat feels overwhelming
• 10:23 — Why your CMDB is your biggest security liability
• 12:20 — Treating patch updates as security incidents
• 14:22 — How AI fits into vulnerability management and defense
• 16:48 — Inside Insight's managed exposure defense program
• 18:42 — Extending protection to clients of all sizes
• 20:14 — The risk tolerance slider — patching vs. business disruption
• 24:16 — Why patch maintenance is now a permanent priority
• 26:19 — Five questions every security leader must answer now
• 38:12 — Jason Rader on being client zero and managed security services
• 40:29 — What every business leader needs to know about Mythos
• 44:13 — How frontier models operate inside your network
• 47:04 — How Insight's security priorities have shifted
• 48:07 — Mid-market security and the managed SOC advantage
• 55:25 — Phishing risk when vulnerabilities go public
• 57:43 — Zero days, patch ecosystems, and the hacker economy
• 01:02:56 — The one thing every security leader must do tomorrow