Fortinet AI SecurityFortinet Security OperationsAI SecurityFortinet Network Detection and ResponseFortinet Zero Trust AccessFortinet Endpoint SecurityFortinet Fabric Management CenterFortinet Secure NetworkingSegmentationCyber ResilienceFortinet Next-Generation FirewallsFortinetNetwork SecuritySecurity OperationsCybersecurity Risk & StrategySecurity
Partner Contribution13 minute read

Partner POV | Supercharged Security: Security in the Time of Mythos

AI is revolutionizing cybersecurity by compressing the timeline between vulnerability discovery and exploitation. While attackers gain speed, defenders can leverage AI for rapid detection and response. Fortinet's integration of AI enhances security operations, emphasizing the need for continuous, automated processes to stay ahead in this evolving landscape.

In this article

Written and provided by: Fortinet

AI is compressing the timeline of cyber risk, with the gap between disclosure and exploitation collapsing. Vulnerabilities that once took weeks or months to discover and exploit can now be identified and weaponized in hours. 

Fortunately, this shift cuts both ways. The same models accelerating attackers are also enabling defenders to detect, analyze and mitigate risk at unprecedented speed. The advantage is no longer about who has better tools, but who can operate faster and more cohesively across the entire security lifecycle. Organizations that rely on slower, fragmented approaches will not be able to keep pace. Security today needs to operate as a continuous, integrated process, spanning development, detection and response.

Preemptive security models are now required to reduce exposure before vulnerabilities can be exploited. That means integrating AI into development, detection and response, shortening mitigation cycles, embedding security directly into systems and workflows, and designing for scale from the outset. Those that adapt will operate with greater visibility, control and resilience. Those who do not will struggle to keep pace in an environment now defined by automation and scale.

 The history of AI at Fortinet

AI in the security industry is nothing new. Fortinet has been utilizing AI techniques in FortiGuard Labs since 2015 to address the exponential growth of potentially malicious signals received that the threat researcher had to investigate. Using machine learning (ML) and artificial neural networks (ANN), the team trained the model to autonomously identify malicious files and track botnets with high accuracy. FortiGuard Labs receives trillions of signals per day, which can be automatically classified using AI, freeing up resources to focus on the more elusive samples.

Since 2015, some of these methods have been embedded into products offered to customers, including AI-powered sandboxing (FortiSandbox) to identify high-risk files in email and network traffic, endpoint detection and response (FortiEDR) to identify malicious files and traffic behavior and network detection and response (FortiNDR) to identify suspicious network activity.

Generative AI (GenAI) added the capacity for understanding and generation. Fortinet took advantage of this for generating threat actor reports in FortiRecon (our external attack surface monitoring platform), creating configurations based on verbal requests or whiteboard sketches in FortiOS (Fortinet's unified networking and security operating system), and hunting for threats across the network in FortiSOC (our unified security operations platform) to create CISO-level briefings.

This foundation is what allows Fortinet to operationalize AI today—not simply experiment with it.

Agentic AI, the ability for all of these systems to cooperate, share intelligence, infer from each other and then take action to achieve the stated goals is the next step in this progress, but we will save that for a future blog and focus on AI for security analysis.

 Traditional security tooling

Product security testing has remained relatively unchanged for years. There are multiple tools and techniques commonly implemented as part of a secure product development lifecycle:

Static application security testing (SAST) to analyze code and Software Composition Analysis (SCA) to identify vulnerable open-source code are part of the DevOps pipeline. Techniques such as dynamic application security testing (DAST) and fuzzing test against real, running systems. And then we have more resource-intensive, people-based methods such as penetration testing and manual code audits.

The reality is that if you care about security, you need all of these, and more importantly, you may need to use multiple of each to get good coverage. At Fortinet, we use three separate SAST tools and up to 10 different DAST tools, plus SCA, fuzzing, penetration testing and manual code audit.

We are at an inflection point, however, where these more traditional, static tools, with their known limits, are being overtaken by frontier AI models.

 Kings of the wild frontier (models)

One of the main benefits of AI is the democratization of technology so people outside of the usual development ecosystem can code whole applications in a short amount of time. New generations of frontier AI models can analyze software, generate code, and simulate workflows with minimal guidance and at unprecedented speeds.

From a security perspective, this works in two ways. The same capability that detects and patches a vulnerability can also weaponize it. For product security teams, this isn't just another technology shift. It's a reshaping of the threat landscape itself. As with traditional tools, Fortinet is working closely with AI vendors, including Anthropic and other frontier AI companies, to leverage the best parts of each model.

Recent weeks have seen increased attention around Anthropic's "Glasswing" project and its preview of Mythos, with early access extended to organizations responsible for building and maintaining critical software. Fortinet has access to the Claude Mythos Preview as part of this program. While details of implementation and findings are not disclosed, this reflects a broader shift: Frontier models are advancing rapidly in their ability to analyze, understand and test complex systems.

Staying ahead of threat actors is crucial, so this level of collaboration matters. The question is not what any one organization is doing with these models, but what their accelerating capabilities mean for defenders more broadly.

 The benefits of security at break-neck speed

New frontier AI models are like an all-purpose rock star security engineer—the most skilled pen-testers and code auditors rolled into one. Think Neo in the Matrix: They know Kung-Fu. They know your products better than any developer, as they hold a full understanding of the code in their "brain" at all times. This leads to some amazing and slightly nerve-racking abilities.

 Accelerated vulnerability discovery

Frontier AI models can scan codebases and identify vulnerabilities dramatically faster than traditional methods.

  • Audit and test tasks that once took weeks or months can now be completed in a matter of hours.
  • Models can assist in identifying zero-days and complex system weaknesses.

The reality, however, is that while these models seem to improve every few days, even the latest frontier AI models can make mistakes. False positives still occur, and identified vulnerabilities may already have other mitigations in place. As a result, these models should be treated as tools, not final solutions. The role of a security analyst does not go away, as they are still needed to guide the AI model and, most importantly, validate its findings. What they do is speed up analysis, making the security analyst much more productive.

This compression of discovery timelines directly reduces exposure windows, allowing organizations to move from reactive patching to proactive risk reduction.

 Enhanced threat detection and response

Frontier AI models are particularly adept at:

  • Correlating signals across massive telemetry datasets
  • Detecting anomalous behavior patterns in real time
  • Assisting SOC teams with triage and incident response

These models act like tireless analysts that never blink, never sleep and never miss a log line. Their ability to find the needle in the haystack is transforming SOC environments.

 Security automation at scale

Security engineering has historically been bottlenecked by human expertise. Frontier models help dissolve that bottleneck. They can:

  • Generate secure code patterns
  • Automate penetration testing workflows
  • Simulate attack paths across complex architectures

This lowers the barrier to implementing robust security practices across teams and allows organizations to apply high-quality security practices consistently across environments, rather than selectively where expertise is available.

 Augmented security expertise

Fortinet believes that frontier AI models will not be so transformative as to completely replace the need for skilled people. High-quality security professionals will be here for a long time to come. Rather, the models act as "force multipliers" for existing security professionals:

  • Junior engineers gain expert-level guidance.
  • Security teams can scale their impact.

Security teams can gain insight into where to start probing and developers where to focus refactoring effort based on feedback from the model.

One of the greatest unexpected benefits we have found with these new frontier AI models is how adept they are at threat modeling. Having full product and data-flow information in its head makes it simple to create a threat model in minutes. And it is more accurate because it is based on the current reality, not on how developers think things work.

 The drawbacks

While these models are proving highly successful in helping product security organizations with the velocity of improvements, there are drawbacks.

 Lower barrier for attackers

Here comes the uncomfortable symmetry: Attackers get access to the same tools, meaning frontier AI models can:

  • Provide previously unseen details of the inner workings of the product
  • Generate exploit code
  • Identify vulnerabilities in target systems
  • Automate multi-step attack chains

This reduces the skill required to execute sophisticated attacks. Tasks once reserved for elite hackers are becoming accessible to a wider pool of threat actors, increasing the number of capable attackers and accelerating attack velocity.

The rise of models capable of rapidly discovering and exploiting vulnerabilities in real-world systems raises alarms in high-risk sectors like banking and healthcare. However, defenders gain a structural advantage in environments where telemetry, control, and response are already integrated, allowing them to detect and contain activity at scale in ways attackers cannot easily evade.

 Dual-use vulnerability discovery

The same model that helps you fix bugs can help someone else find them first.

  • AI can differentiate or compare software versions and identify changes in a matter of seconds.
  • AI can easily reverse-engineer patches.
  • AI can compress vulnerability identification and exploit development timelines from months to hours.

As a result, your exposure window shrinks. If you don't patch fast, someone else will weaponize faster. The organizations that succeed will be those that treat mitigation as an automated process rather than a manual workflow.

 Fortinet AI-Enabled Product Security

Fortinet has been using AI to augment security analysis for years, including AI-guided fuzzing, penetration testing, and code analysis. Frontier models such as Anthropic's Mythos Preview represent a continuation of that trajectory, with greater capability for analyzing and testing software. This shift is significant, but it does not change the fundamentals. Fortinet maintains a mature vulnerability management and disclosure program designed to identify, mitigate, and remediate issues quickly and responsibly. Products are built secure by design, secure by default, and with a defense-in-depth approach to limit the impact of any AI-accelerated attacks.

Access to frontier models such as Mythos Preview comes with strict usage expectations. These models are used in controlled environments to support vulnerability discovery and remediation across Fortinet systems. They are not used for offensive research against external targets, and outputs are validated through established security review processes before any action is taken.

 How to survive in the age of AI

It was previously thought that AI was just a tool, and like any tool, it is only as good as the person using it. However, with recent increases in model performance, I have come to realize that this is not just a new tool; it has become an arms race. New frontier AI models don't just improve security. They are reshaping the economics of cyber conflict, a shift that will require a complete mindset change.

Access to frontier models does not eliminate the need for discipline. It increases the consequences of getting that discipline wrong. These new models make it trivial for threat actors to reverse-engineer patches, making timely remediation key. In a poetic way:

Defenders gain speed and scale.
Attackers gain visibility and automation.
The balance shifts constantly.

To survive this new terrain, organizations need to evolve—and evolve quickly.

 Shorten mitigation cycles dramatically

Given the speed at which we expect reverse-engineering attacks to occur, our primary defense mechanism will be to mitigate first and patch later. Mitigations start with the most secure deployment, which we are encouraging through our secure-by-default strategy, a CISA-driven pledge to which Fortinet has committed. Here are a few examples for Fortinet devices, but the concept is the same for other vendors:

  • Enforce password complexity policy.
  • Enable multi-factor authentication (MFA).
  • Restrict access to the admin interface using a local-in policy, or, better yet, remove administrative access to your FortiGate from internet-facing interfaces and instead manage it via an internal or out-of-band method.
  • Follow best-practice recommendations for configuration.
  • Understand your most exposed and critical attack surfaces and prioritize security for these devices.
  • Collect logs from all devices and perform continuous threat hunting across your entire infrastructure.
  • Keep your devices up to date and patched, giving top priority to any internet-facing devices.

However, actors using AI tools will be able to exploit vulnerabilities within hours of publication, so automation will be key, as every second matters to stay ahead of these actors. The days of a quarterly change window are now gone—velocity is critical.

Temporary mitigations are going to be vital. Fortinet has been promoting the concept of virtual patches to rapidly remediate issues with IPS-like signatures before the organization has the opportunity to patch, and in some cases, even before a fix is available. If virtual patches are not available, clearly defined workarounds from your vendor will be key to mitigation.

Organizations need to plan for this shift right at the architectural design stage. A common complaint against upgrading is that "I cannot take my business offline because it is tax season/Black Friday/Christmas, etc." That needs to change. Fortinet has solutions to make this simpler with zero-impact upgrade capability, such as our FortiGate Session Life Support Protocol (FGSP). This enables you to synchronize sessions, withdraw a device from a cluster, patch it, and reinsert it with zero packet loss or disruption of network traffic.

Tools like FortiSOAR (security orchestration and response) can be used to accelerate this patching process for all vendors' automation playbooks to: 

  • Identify vulnerable systems
  • Implement immediate workarounds, such as virtual patching
  • Identify patches
  • Open change window
  • Push patches

 Conclusion

As part of broader industry collaboration, insights from early access programs like Glasswing contribute to anonymized, aggregated learning. The objective is to raise the baseline of security across the ecosystem, not to create isolated advantages, thereby helping organizations adopt safer development and response practices.

Frontier AI models are advancing quickly and will continue to do so. Fortinet has been preparing for this shift by systematically identifying and remediating vulnerabilities within our own codebase. Over the past two years, 68% of disclosed vulnerabilities were found internally. That reflects a preemptive security model focused on reducing exposure before vulnerabilities can be discovered and weaponized externally. As AI lowers the barrier to vulnerability discovery, this approach becomes increasingly important.

The timeline of risk has changed. Detection, validation, and mitigation now need to operate as a continuous, integrated process. Vendors need to apply AI early in the lifecycle, shorten remediation cycles, and use defensive engineering techniques to limit the impact of inevitable vulnerabilities. Organizations that can do this will operate with greater visibility and control. Those that cannot will fall behind.

Security depends on consistent execution. Faster response models, supported by systems designed for scale, are now required. Fortinet is built to support that shift.

Read the original piece, click here.

Discover how to start defending at the speed of AI
Contact us

Technologies