Defending at the Speed of AI

In April 2026, Anthropic's Claude Mythos Preview autonomously discovered zero-day vulnerabilities and generated 181 working exploits in a controlled evaluation against a real browser environment, where the prior generation produced two. The median time between a vulnerability being published and a working exploit existing has fallen from eight months in 2018 to under one day in 2026.

World Wide Technology's twelve-point framework, Defending at the Speed of AI, equips cybersecurity leaders with an immediate, structured and sequenced operating playbook they can take to their boards, along with a 30 / 90 / 365-day roadmap to close the gap before frontier offensive capability reaches general availability.

The stakes

Two decades of cyber defense rested on three assumptions that no longer hold: Exploit development is slow, low-severity vulnerabilities rarely get weaponized, and human-paced detection and response can contain an attack. Artificial intelligence has broken all three. 

Median time-to-exploit fell from 8.2 months in 2018, to 23.2 days in 2025, to under one day in 2026. Vulnerability backlogs that organizations carried as compliance debt have become active attack roadmaps. The skill floor for offensive operations has collapsed to a single sentence prompt, removing the talent bottleneck that previously limited adversary volume. 

Without a structured response, security teams face paralysis at the exact moment their boards demand answers. The framework exists because frontier AI labs have given critical-infrastructure operators a finite, unknown head start. That head start is the strategic resource the program is designed to consume well.

The framework

The program organizes 12 recommendations into three themes that move from foundational hygiene to operating-model change. The sequence matters. Trying to shift mindset before the foundation is solid produces dashboards that may look modern, but a security posture that is not.

1 - Strengthen the foundation 

The first eight recommendations help reduce known exposure before AI-enabled attackers catch up. They are the operational work of running a security program that still functions when the disclosure-to-weaponization window is measured in minutes. None of them are new. All of them are now urgent.  

• Aggressively remediate known risk.
• Harden the perimeter.
• Segment to contain a successful perimeter breach
• Realign prioritization and compress SLAs
• Validate critical asset inventories and third parties
• Replace end-of-life technology
• Improve logging to empower AI for defense
• Improve cyber resilience

2 - Shift the mindset 

The next two recommendations describe a shift from vulnerability management to exploit prevention, and from human-only defense to AI-augmented defense. These are the architectural and operational changes that reduce dependence on response speed that AI-accelerated attacks now exploit.

• Shift from vulnerability management to exploit prevention. Pre-plan containment. Make detection optional, not load-bearing.
• Use AI for defense. Triage, hunt, review and contain at machine speed – with guardrails.

3 - Align the team 

The final two recommendations address the organizational and sector-level dimensions. Faster threats require clearer ownership within organizations and stronger collaboration between them. Technical controls without aligned accountability decay; aligned accountability without collective action hits a visibility ceiling.

• Align accountability and expectations, from security complaints to business conversations.
• Embrace collaboration. Defenders must share, or attackers will outpace them. 

The plan

Time to adapt is an advantage. The frontier offensive capability is currently in restricted release. The window to prepare is unknown, but it is non-zero. Use it.

The impact

This framework matters to three groups in your organization, for different reasons.

For the board

Remediation velocity is now a board-level metric with direct earnings and regulatory exposure implications. The framework provides a reportable structure: burn-down rates, exception counts and SLA compliance. These replace opaque "security maturity" language with operational accountability.

For the security team:

The program does not require rebuilding the security architecture from scratch. It requires executing known fundamentals faster, with clearer prioritization, and with AI-powered tooling layered on top. The first thirty days are about clearing the decks, not transforming the organization.

For the industry

The organizations that move first will establish a defensible posture before Mythos-class capabilities reach general availability and adversaries acquire them at commodity pricing. The organizations that wait will be measured in breach incidents rather than quarters. The competitive separation between prepared and unprepared organizations is about to widen significantly.

This framework answers a board question we know is coming: 

Do we have a plan? 

We do. The following 12 points provide a sequenced, executable response that raises the defensive floor before the next capability becomes available. This document is your starting line, not your finish line. Use these recommendations to buy the time you need to build a deeper, more adaptive security architecture — one capable of defending at the speed of AI.